Bernd Lentes
2023-Dec-12 20:07 UTC
[Samba] syslog full with "CIFS: __readahead_batch() returned"
Hi, I'm running a SLES 15 SP5 box with kernel 5.14.21-150500.55.36-default and cifs-utils 6.15-150400.3.9.1. Each evening I transfer some image files from virtual machines via borg backup to a CIFS Server. During this time I have a lot of "CIFS: __readahead_batch() returned" in my syslog. Is that severe ? I searched in the net but didn't find anything valuable. Thanks. Bernd Bernd Lentes -- Bernd Lentes System Administrator MCD Helmholtzzentrum M?nchen +49 89 3187 1241 bernd.lentes at helmholtz-munich.de https://www.helmholtz-munich.de/en/mcd Helmholtz Zentrum M?nchen ? Deutsches Forschungszentrum f?r Gesundheit und Umwelt (GmbH) Ingolst?dter Landstra?e 1, D-85764 Neuherberg, https://www.helmholtz-munich.de Gesch?ftsf?hrung: Prof. Dr. med. Dr. h.c. Matthias H. Tsch?p, Prof. Dr. Dr. h.c. mult. Martin Hrab? de Angelis (komm.) | Aufsichtsratsvorsitzende: MinDir?in Prof. Dr. Veronika von Messling Registergericht: Amtsgericht M?nchen HRB 6466 | USt-IdNr. DE 129521671
Hi all, I have (mostly) struggled my may through the documentation found at: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records. But as I am on gentoo, the DHCP daemon is run by the unprivileged user dhcp, which did complicate the issue way more than I imagined. The documentation rightfully points out to adjust the permissions of the keytab, that is used as a replacement of a plaintext password within the access of the dhcp user. But here is the first nit: it is just as important to adjust the permissions of the ticket cache. If one tries the script after failing with the restricted dhcp user account as root user (which does succeed, if enough care had been taken!), then the ticket cache has the permissions root:root - and the resulting error message, when next trying is with the restricted user again, is not really helpful (as most Kerberos error messages seem to be, at least in the eye of an inexperienced user as I am one). Btw, at least on Gentoo these caches are named as /tmp/krb5cc_xxx, where xxx is the UID of the owner, i.e. on my system a cache for the dhcp user would be named krb5cc_300. I don't know, whether the effort is justified to do something like this in the script. But the documentation should incorporate a warning to check the permissions of that file, too. Especially as the cache is not discussed in the text. It just appears within the script. But even when having done all that stuff right, the script didn't run... -------------------------------------------------------------------------------------------------------- horus # runuser -u dhcp -- /usr/local/bin/dhcp-dyndns.sh delete 192.168.0.5 11:22:33:44:55:66 smb_krb5_init_context_common: Krb5 context initialization failed (Not a directory) smb_krb5_context_init_basic failed (Not a directory) smb_krb5_init_context_common: Krb5 context initialization failed (Not a directory) smb_krb5_context_init_basic failed (Not a directory) gensec_gssapi_start: smb_krb5_init_context failed (Not a directory) gensec_spnego_create_negTokenInit_step: Failed to setup SPNEGO negTokenInit request Failed to start GENSEC client mechanism (null): NT_STATUS_INVALID_PARAMETER Failed to bind to uuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxfor ncacn_ip_tcp:192.168.0.2[49153,sign,target_hostname=horus,abstract_syntax=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/0x00000005,localaddress=192.168.0.2] NT_STATUS_INVALID_PARAMETER ERROR: Connecting to DNS RPC server horus failed with (3221225485, 'An invalid parameter was passed to a service or function.') smb_krb5_init_context_common: Krb5 context initialization failed (Not a directory) smb_krb5_context_init_basic failed (Not a directory) smb_krb5_init_context_common: Krb5 context initialization failed (Not a directory) smb_krb5_context_init_basic failed (Not a directory) gensec_gssapi_start: smb_krb5_init_context failed (Not a directory) gensec_spnego_create_negTokenInit_step: Failed to setup SPNEGO negTokenInit request Failed to start GENSEC client mechanism (null): NT_STATUS_INVALID_PARAMETER Failed to bind to uuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxfor ncacn_ip_tcp:192.168.0.2[49153,sign,target_hostname=horus,abstract_syntax=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxfor /0x00000005,localaddress=192.168.0.2] NT_STATUS_INVALID_PARAMETER ERROR: Connecting to DNS RPC server horus failed with (3221225485, 'An invalid parameter was passed to a service or function.') -------------------------------------------------------------------------------------------------------- After having found out, that 'normal' users could do the update, I finally modified /etc/passwd from -------------------------------------------------------------------------------------------------------- dhcp:x:300:300:user for dhcp daemon:/dev/null:/sbin/nologin -------------------------------------------------------------------------------------------------------- to -------------------------------------------------------------------------------------------------------- dhcp:x:300:300:user for dhcp daemon:/var/lib/dhcp:/sbin/nologin -------------------------------------------------------------------------------------------------------- where the dhcp user has rwx rights. The script no runs as -------------------------------------------------------------------------------------------------------- horus /etc # runuser -u dhcp -- /usr/local/bin/dhcp-dyndns.sh delete 192.168.41.65 50:3e:aa:01:6e:10 Record deleted successfully Record deleted successfully -------------------------------------------------------------------------------------------------------- So I would strongly suggest to add this hint to the documentation, too, as it may be pretty helpful for those trying get this running with a non-root dhcp user. Best regards Peter PS: Many thanks go out to Rowland for exploring this option - and giving us both that script and the notes on how to use it.