Web lists-archives.com

[Samba] first share access fails




HI!

I'm trying to solve a problem with Samba shares failing during first
access, but subsequent second share access always succeeds immediately
with SMB3 being reported by smbstatus.

I'm aware of this MS KB article:

https://support.microsoft.com/en-us/help/4471218/mapped-network-drive-may-fail-to-reconnect-in-windows-10-version-1809

But the failure above has also been reported by Win7 users.

It's a domain member server joined with an AD domain (W2K12R2).
I did not setup the machine. So I don't even know how the join was
exactly done. I was told it was a domain member in an old domain before.

The Samba server runs on CentOS 6.10, but with separate Samba packages
samba4-4.2.10-15.el6.x86_64 etc.

NSS lookups are done via sssd-1.13, POSIX attributes are read from AD
entries, no ID mapping. This simply works also for shell login. winbindd
is also running and seems to be used by smbd, but not for NSS lookups.

During the first fail there seems to be an error with the PAC group info
(see log excerpts appended below). When the second try succeeds I can
see the group SIDs retrieved in the Samba logs.

What really strikes me is this message (obfuscated user's SID):

SID S-1-5-21-123456789-1234567890-3679153413-2567406 ->
getpwuid(4294967295) failed

I don't know why the user's SID is to be mapped to the POSIX-UID of
nobody (4294967295). As said all getent passwd/group etc. stuff just works.

Any hint is highly appreciated.

Ciao, Michael.

--------------------------------- snip ---------------------------------
[2018/12/18 13:37:51.447591,  5]
../source3/lib/username.c:181(Get_Pwnam_alloc)
  Finding user AD42\user1
[2018/12/18 13:37:51.447615,  5]
../source3/lib/username.c:120(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is ad42\user1
[2018/12/18 13:37:51.448348,  5]
../source3/lib/username.c:128(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as given is AD42\user1
[2018/12/18 13:37:51.449017,  5]
../source3/lib/username.c:141(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as uppercase is AD42\user1
[2018/12/18 13:37:51.450059,  5]
../source3/lib/username.c:153(Get_Pwnam_internals)
  Checking combinations of 0 uppercase letters in ad42\user1
[2018/12/18 13:37:51.450101,  5]
../source3/lib/username.c:159(Get_Pwnam_internals)
  Get_Pwnam_internals didn't find user [AD42\user1]!
[2018/12/18 13:37:51.450125,  5]
../source3/lib/username.c:181(Get_Pwnam_alloc)
  Finding user user1
[2018/12/18 13:37:51.450169,  5]
../source3/lib/username.c:120(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is user1
[2018/12/18 13:37:51.450212,  5]
../source3/lib/username.c:159(Get_Pwnam_internals)
  Get_Pwnam_internals did find user [user1]!
[2018/12/18 13:37:51.455755,  1]
../source3/auth/token_util.c:430(add_local_groups)
  SID S-1-5-21-123456789-1234567890-3679153413-2567406 ->
getpwuid(4294967295) failed
[2018/12/18 13:37:51.455825,  3]
../source3/auth/token_util.c:316(create_local_nt_token_from_info3)
  Failed to finalize nt token
[2018/12/18 13:37:51.455865,  1]
../source3/auth/auth_generic.c:127(auth3_generate_session_info_pac)
  Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba