John R. Graham
2024-Nov-11 22:34 UTC
[Samba] Very strange: Samba is unable to access one of its own files
Got these log messages on Samba startup just now on my AD/DC (including the preamble to show the version I'm running): Nov 11 17:05:18 ceres samba[31981]: [2024/11/11 17:05:18.209145, 0] ../../source4/samba/server.c:633(binary_smbd_main) Nov 11 17:05:18 ceres samba[31981]:?? samba version 4.19.7 started. Nov 11 17:05:18 ceres samba[31981]:?? Copyright Andrew Tridgell and the Samba Team 1992-2023 Nov 11 17:05:18 ceres smbd[31996]: [2024/11/11 17:05:18.534058, 0] ../../source3/smbd/server.c:1746(main) Nov 11 17:05:18 ceres smbd[31996]:?? smbd version 4.19.7 started. Nov 11 17:05:18 ceres smbd[31996]:?? Copyright Andrew Tridgell and the Samba Team 1992-2023 Nov 11 17:05:18 ceres winbindd[32025]: [2024/11/11 17:05:18.623651,? 0] ../../source3/winbindd/winbindd.c:1441(main) Nov 11 17:05:18 ceres winbindd[32025]:?? winbindd version 4.19.7 started. Nov 11 17:05:18 ceres winbindd[32025]:?? Copyright Andrew Tridgell and the Samba Team 1992-2023 Nov 11 17:05:30 ceres smbd[32069]:?? chdir_current_service: vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 3000020 3000010 3000011 3000013 3000006 3000014 Nov 11 17:05:40 ceres smbd[32069]: [2024/11/11 17:05:40.355505, 0] ../../source3/smbd/smb2_service.c:117(chdir_current_service) Nov 11 17:05:40 ceres smbd[32069]:?? chdir_current_service: vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 3000020 3000010 3000011 3000013 3000006 3000014 Looking at the directory in question, there's an odd-looking (at least to me) group ID associated with that directory: ceres /var/lib/samba/sysvol # ls -la /var/lib/samba/sysvol total 36 drwxrwx---+ 3 root 3000000? 3 Apr 18? 2023 . drwxr-xr-x? 7 root root??? 11 Nov 11 17:05 .. drwxrwx---+ 4 root 3000000? 4 Apr 18? 2023 samdom.example.com (Note: domain name anonymized above.) Should I be concerned? - John
Luis Peromarta
2024-Nov-12 08:48 UTC
[Samba] Very strange: Samba is unable to access one of its own files
It looks good to me, but also looks like winbind has not been started by samba-ad-dc ? What?s the output of: samba-tool ntacl sysvolcheck ? I regularly do: if ! samba-tool ntacl sysvolcheck; then samba-tool ntacl sysvolreset; fi What?s the content of smb.conf ? On Nov 11, 2024 at 23:40 +0100, John R. Graham via samba <samba at lists.samba.org>, wrote:> Got these log messages on Samba startup just now on my AD/DC (including > the preamble to show the version I'm running): > > Nov 11 17:05:18 ceres samba[31981]: [2024/11/11 17:05:18.209145, 0] > ../../source4/samba/server.c:633(binary_smbd_main) > Nov 11 17:05:18 ceres samba[31981]:?? samba version 4.19.7 started. > Nov 11 17:05:18 ceres samba[31981]:?? Copyright Andrew Tridgell and the > Samba Team 1992-2023 > Nov 11 17:05:18 ceres smbd[31996]: [2024/11/11 17:05:18.534058, 0] > ../../source3/smbd/server.c:1746(main) > Nov 11 17:05:18 ceres smbd[31996]:?? smbd version 4.19.7 started. > Nov 11 17:05:18 ceres smbd[31996]:?? Copyright Andrew Tridgell and the > Samba Team 1992-2023 > Nov 11 17:05:18 ceres winbindd[32025]: [2024/11/11 17:05:18.623651,? 0] > ../../source3/winbindd/winbindd.c:1441(main) > Nov 11 17:05:18 ceres winbindd[32025]:?? winbindd version 4.19.7 started. > Nov 11 17:05:18 ceres winbindd[32025]:?? Copyright Andrew Tridgell and > the Samba Team 1992-2023 > Nov 11 17:05:30 ceres smbd[32069]:?? chdir_current_service: > vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current > token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 > 3000020 3000010 3000011 3000013 3000006 3000014 > Nov 11 17:05:40 ceres smbd[32069]: [2024/11/11 17:05:40.355505, 0] > ../../source3/smbd/smb2_service.c:117(chdir_current_service) > Nov 11 17:05:40 ceres smbd[32069]:?? chdir_current_service: > vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current > token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 > 3000020 3000010 3000011 3000013 3000006 3000014 > > Looking at the directory in question, there's an odd-looking (at least > to me) group ID associated with that directory: > > ceres /var/lib/samba/sysvol # ls -la /var/lib/samba/sysvol > total 36 > drwxrwx---+ 3 root 3000000? 3 Apr 18? 2023 . > drwxr-xr-x? 7 root root??? 11 Nov 11 17:05 .. > drwxrwx---+ 4 root 3000000? 4 Apr 18? 2023 samdom.example.com > > (Note: domain name anonymized above.) > > Should I be concerned? > > - John > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba