Luis Peromarta
2024-Nov-12 08:48 UTC
[Samba] Very strange: Samba is unable to access one of its own files
It looks good to me, but also looks like winbind has not been started by samba-ad-dc ? What?s the output of: samba-tool ntacl sysvolcheck ? I regularly do: if ! samba-tool ntacl sysvolcheck; then samba-tool ntacl sysvolreset; fi What?s the content of smb.conf ? On Nov 11, 2024 at 23:40 +0100, John R. Graham via samba <samba at lists.samba.org>, wrote:> Got these log messages on Samba startup just now on my AD/DC (including > the preamble to show the version I'm running): > > Nov 11 17:05:18 ceres samba[31981]: [2024/11/11 17:05:18.209145, 0] > ../../source4/samba/server.c:633(binary_smbd_main) > Nov 11 17:05:18 ceres samba[31981]:?? samba version 4.19.7 started. > Nov 11 17:05:18 ceres samba[31981]:?? Copyright Andrew Tridgell and the > Samba Team 1992-2023 > Nov 11 17:05:18 ceres smbd[31996]: [2024/11/11 17:05:18.534058, 0] > ../../source3/smbd/server.c:1746(main) > Nov 11 17:05:18 ceres smbd[31996]:?? smbd version 4.19.7 started. > Nov 11 17:05:18 ceres smbd[31996]:?? Copyright Andrew Tridgell and the > Samba Team 1992-2023 > Nov 11 17:05:18 ceres winbindd[32025]: [2024/11/11 17:05:18.623651,? 0] > ../../source3/winbindd/winbindd.c:1441(main) > Nov 11 17:05:18 ceres winbindd[32025]:?? winbindd version 4.19.7 started. > Nov 11 17:05:18 ceres winbindd[32025]:?? Copyright Andrew Tridgell and > the Samba Team 1992-2023 > Nov 11 17:05:30 ceres smbd[32069]:?? chdir_current_service: > vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current > token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 > 3000020 3000010 3000011 3000013 3000006 3000014 > Nov 11 17:05:40 ceres smbd[32069]: [2024/11/11 17:05:40.355505, 0] > ../../source3/smbd/smb2_service.c:117(chdir_current_service) > Nov 11 17:05:40 ceres smbd[32069]:?? chdir_current_service: > vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current > token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 > 3000020 3000010 3000011 3000013 3000006 3000014 > > Looking at the directory in question, there's an odd-looking (at least > to me) group ID associated with that directory: > > ceres /var/lib/samba/sysvol # ls -la /var/lib/samba/sysvol > total 36 > drwxrwx---+ 3 root 3000000? 3 Apr 18? 2023 . > drwxr-xr-x? 7 root root??? 11 Nov 11 17:05 .. > drwxrwx---+ 4 root 3000000? 4 Apr 18? 2023 samdom.example.com > > (Note: domain name anonymized above.) > > Should I be concerned? > > - John > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2024-Nov-12 09:52 UTC
[Samba] Very strange: Samba is unable to access one of its own files
On Tue, 12 Nov 2024 09:48:00 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote:> It looks good to me, but also looks like winbind has not been started > by samba-ad-dc ?Morning Luis, Not had your coffee yet ? ;-) What about: Nov 11 17:05:18 ceres winbindd[32025]:?? winbindd version 4.19.7 started. It looks like nss isn't set up on the DC, so '3000000' isn't being mapped to 'BUILTIN\administrators' It would be interesting to know who ID '3000021' is, because that is the user being denied access to sysvol. Rowland