Web lists-archives.com

Re: [Samba] sometimes users fails to login




Hello,

Still fighting on this issue, now sometimes I get the following (may be) relevant errors:

[2019/03/18 14:46:03.329505, 10, pid=582, effective(0, 0), real(0, 0), class=idmap] ../source3/winbindd/idmap.c:509(idmap_find_domain)
  idmap_find_domain called for domain 'BITINTRA'
[2019/03/18 14:46:03.329577, 10, pid=582, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:695(idmap_ad_sids_to_unixids)   idmap_ad_sids_to_unixids: Filter: [(&(|(sAMAccountType=805306368)(sAMAccountType=805306369)(sAMAccountType=805306370)(sAMAccountType=268435456)(sAMAccountType=536870912))(|(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00g\82\A5:9\E3\81C\CF\11\87X5\1D\00\00)))] [2019/03/18 14:46:03.329989, 10, pid=582, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:259(idmap_ad_get_tldap_ctx)   idmap_ad_get_tldap_ctx: Could not get dcinfo for bitintra: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND [2019/03/18 14:46:03.330025, 10, pid=582, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:370(idmap_ad_context_create)   idmap_ad_context_create: idmap_ad_get_tldap_ctx failed: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND [2019/03/18 14:46:03.330051, 10, pid=582, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:426(idmap_ad_get_context)   idmap_ad_get_context: idmap_ad_context_create failed: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND [2019/03/18 14:46:03.330076, 10, pid=582, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_srv.c:181(_wbint_Sids2UnixIDs)
  sids_to_unixids returned NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND

[2019/03/18 14:46:03.339279, 10, pid=582, effective(0, 0), real(0, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
  ldb: ldb_asprintf/set_errstring: Indexed and full searches both failed!

  [2019/03/18 14:46:03.732041, 10, pid=497, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:326(gencache_set_data_blob)   Adding cache entry with key=[IDMAP/SID2XID/S-1-5-21-983925351-1132585785-1485246927-7477] and timeout=[Mon Mar 18 14:48:03 2019 CET] (120 seconds ahead) [2019/03/18 14:46:03.732098,  5, pid=497, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)   Could not convert sid S-1-5-21-983925351-1132585785-1485246927-7477: NT_STATUS_NONE_MAPPED

  [2019/03/18 14:46:03.725756, 10, pid=582, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:695(idmap_ad_sids_to_unixids)   idmap_ad_sids_to_unixids: Filter: [(&(|(sAMAccountType=805306368)(sAMAccountType=805306369)(sAMAccountType=805306370)(sAMAccountType=268435456)(sAMAccountType=536870912))(|(objectSid=\01\0
5\00\00\00\00\00\05\15\00\00\00g\82\A5:9\E3\81C\CF\11\87X5\1D\00\00)))]
[2019/03/18 14:46:03.731539, 10, pid=582, effective(0, 0), real(0, 0)] ../source3/lib/tldap_util.c:397(tldap_pull_uint64)
  Could not find attribute uidNumber
[2019/03/18 14:46:03.731574, 10, pid=582, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:774(idmap_ad_sids_to_unixids)   idmap_ad_sids_to_unixids: No xid in CN=Maik Zutz,OU=Benutzer,OU=BMT,OU=Kunden,DC=BITIntra,DC=de

[2019/03/18 14:46:09.007228,  3, pid=1362, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)   get_user_from_kerberos_info: Username BITINTRA\U002489 is invalid on this system


Hereafter my smb.conf:

[global]
#winbind enum groups = yes
#winbind enum users = yes
client ldap sasl wrapping = plain
dedicated keytab file = /etc/krb5.keytab
disable spoolss = yes
host msdfs = no
idmap config * : backend = tdb
idmap config * : range = 30000-40000
idmap config * : schema_mode = rfc2307
idmap config 21C : range = 12000001-13000000
idmap config 21C : schema_mode = rfc2307
idmap config 21C: backend = ad
idmap config ADMINMUC : backend = ad
idmap config ADMINMUC : range = 3000001-4000000
idmap config ADMINMUC : schema_mode = rfc2307
idmap config BITINTRA : backend = ad
idmap config BITINTRA : range = 1000000-3000000
idmap config BITINTRA : schema_mode = rfc2307
idmap config BITMARCK : backend = ad
idmap config BITMARCK : range = 4000001-5000000
idmap config BITMARCK : schema_mode = rfc2307
idmap config BMB : backend = ad
idmap config BMB : range = 5000001-6000000
idmap config BMB : schema_mode = rfc2307
idmap config BMS : backend = ad
idmap config BMS : range = 6000001-7000000
idmap config BMS : schema_mode = rfc2307
idmap config BMS-BITDAV-NG : backend = ad
idmap config BMS-BITDAV-NG : range = 11000001-12000000
idmap config BMS-BITDAV-NG : schema_mode = rfc2307
idmap config BMS-BITROUTE-NG : backend = ad
idmap config BMS-BITROUTE-NG : range = 16000001-17000000
idmap config BMS-BITROUTE-NG : schema_mode = rfc2307
idmap config BMSW : backend = ad
idmap config BMSW : range = 7000001-8000000
idmap config BMSW : schema_mode = rfc2307
idmap config BMVP : backend = ad
idmap config BMVP : range = 8000001-9000000
idmap config BMVP : schema_mode = rfc2307
idmap config BUILTIN : backend = ad
idmap config BUILTIN : range = 10000001-11000000
idmap config BUILTIN : schema_mode = rfc2307
idmap config GSKV : backend = ad
idmap config GSKV : range = 13000001-14000000
idmap config GSKV : schema_mode = rfc2307
idmap config MAUINTRA : backend = ad
idmap config MAUINTRA : range = 14000001-15000000
idmap config MAUINTRA : schema_mode = rfc2307
idmap config SRZINTRA : backend = ad
idmap config SRZINTRA : range = 15000001-16000000
idmap config SRZINTRA : schema_mode = rfc2307
kerberos method = secrets and keytab
load printers = no
local master = no
log file = /opt/samba/log/%m.log
log level = 10
map acl inherit = Yes
map to guest = bad user
os level = 3
preferred master = no
realm = bitintra.de
security = ads
server string = Data %h
store dos attributes = Yes
vfs objects = zfsacl
winbind expand groups = 4
winbind normalize names = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind use default domain = no
workgroup = BITINTRA

So it seems it can't map the SID to UID cause it can't find the attribute uidNumber, but I don't see how it can be an intermittent issue, cause uidNumber is provided by the Windows DC. It's not even clear to me why sids_to_unixids sometimes returns NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND.
Any explanation would be appreciated.

Thanks
Andrea






Il 3/12/2019 12:57 PM, Rowland Penny via samba ha scritto:
On Tue, 12 Mar 2019 12:47:48 +0100
Andrea Cucciarre' <acucciarre@xxxxxxxxxxxx> wrote:

Sorry my bad, thanks for spotting it.
Should that explains also the failure to grab the mutex?

Possibly, but you need to fix the smb.conf and then test again.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba