Web lists-archives.com

[Samba] Samba fileserver member corrupt smb.ldb after joining 4.8.4 Samba DC




Hello,

I'm trying to join a samba-fileserver to a 4.8.4 Domain Controller. Both
are installed from the Debian Unstable Sources.
I've setup some scripts that allows me to provision the latest
samba-version for testing purposes on two VMs. The following configs where
working absolutly fine when provisioning a Samba-DC version 4.7.3 and I was
able to do profile roaming, but since the DC is version 4.8.4 the following
error occours:

After provisioning the samba-dc as described in the Samba-Wiki I installed
the samba-fileserver on a seperate VM and tried to join it to the DC using
"net ads join <REALM>". That works absolutly fine and wbinfo --ping-dc is
able to reach the DC. The SID -> UID Mapping using nsswitch also works
without any problems.

[global]
security = ADS
workgroup = schule
realm = subdomain.domain.de
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config schule : backend = rid
idmap config schule : range = 100000-200000
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
username map = /etc/samba/user.map

Now I set up a Share for Windows Profile Roaming:
[Profiles]
comment = User profiles
path = /srv/profiles
read only = no
store dos attributes = Yes
guest ok = no
browseable = Yes
create mask = 0600
directory mask = 0700
csc policy = disable
valid users = @"Realm\Domain Users"
oplocks = no

But when trying to access this share Windows gives a permission denied,
altough the permissions are the same as in the working version 4.7.4.

I found out that samba-tool ntacl get /srv/profiles gives the following
error:
pdb backend samba_dsdb:tdb:///var/lib/samba/private/sam.ldb did not
correctly init (error was NT_STATUS_UNSUCCESSFUL)
PANIC (pid 1076): pdb_get_methods: failed to get pdb methods for backend
samba_dsdb:tdb:///var/lib/samba/private/sam.ldb

BACKTRACE: 37 stack frames:
 #0 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x1f)
[0x7f60a977e42f]
 #1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
[0x7f60a578b650]
 #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
[0x7f60a977e50f]
 #3 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(+0x3eddb)
[0x7f60a583addb]
 #4 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(+0x4122d)
[0x7f60a583d22d]
 #5 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(+0x38277)
[0x7f60a5834277]
 #6 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(uid_to_sid+0x89)
[0x7f60a5836519]
 #7 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x18a7ba)
[0x7f60a4cc57ba]
 #8
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(posix_get_nt_acl+0x245)
[0x7f60a4cc7025]
 #9 /usr/lib/python2.7/dist-packages/samba/samba3/smbd.x86_64-linux-gnu.so(+0x3ac5)
[0x7f60a4e9cac5]
 #10 /usr/bin/python2.7(PyEval_EvalFrameEx+0x6066) [0x555a1ee43a86]
 #11 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
 #12 /usr/bin/python2.7(PyEval_EvalFrameEx+0x58fe) [0x555a1ee4331e]
 #13 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
 #14 /usr/bin/python2.7(+0x105d58) [0x555a1ee59d58]
 #15 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
 #16 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
 #17 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
 #18 /usr/bin/python2.7(+0x105b99) [0x555a1ee59b99]
 #19 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
 #20 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
 #21 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
 #22 /usr/bin/python2.7(+0x105b99) [0x555a1ee59b99]
 #23 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
 #24 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
 #25 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
 #26 /usr/bin/python2.7(+0x105b99) [0x555a1ee59b99]
 #27 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
 #28 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
 #29 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
 #30 /usr/bin/python2.7(PyEval_EvalCode+0x16) [0x555a1ee3b376]
 #31 /usr/bin/python2.7(+0x11b54f) [0x555a1ee6f54f]
 #32 /usr/bin/python2.7(PyRun_FileExFlags+0x84) [0x555a1ee69ec4]
 #33 /usr/bin/python2.7(PyRun_SimpleFileExFlags+0x177) [0x555a1ee69487]
 #34 /usr/bin/python2.7(Py_Main+0x56b) [0x555a1ee0d1cb]
 #35 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)
[0x7f60a9f88b17]
 #36 /usr/bin/python2.7(_start+0x2a) [0x555a1ee0cb8a]
Can not dump core: corepath not set up

And samba-tool ntacl sysvolcheck gives:
ERROR(runtime): uncaught exception - samdb_domain_sid failed
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 265,
in run
    domain_sid = security.dom_sid(samdb.domain_sid)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 583, in
get_domain_sid
    return dsdb._samdb_get_domain_sid(self)

Both commands works perfectly on a DC and Fileserver combination which are
provisioned with Samba 4.7.3.

I also tried to join an older samba 4.6.7 on my notebook, but thereÄs the
same error as above.

Does anybody have an idea why this happens and how to solve this issue?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba