Web lists-archives.com

Re: [Samba] chown: changing ownership of 'test': Invalid argument




Hai Ian, 

Can you run my setup debugger..  

https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh 
Anonimize where needed and post output. 

Because when i run this, it works fine. 
chown -v username test-own.txt
changed ownership of 'test-own.txt' from root to username 
And yes, this user only exist in AD. 

Check if attr and acl are installed also. 

And if the smb.conf below is complete then your missing: 
    # For ACL support on member servers with shares
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes


The difference between you and me, in smb.conf as far i can tell now. 

Me backend AD. You RID.
Me 
    kerberos method = secrets and keytab
    dedicated keytab file = /etc/krb5.keytab
    winbind refresh tickets = yes

You ( only secrets ) 

I've just tested these versions because today my vpn needed the upgrades of samba also. 
I've tested and upgraded from 4.8.9 upto 4.8.11, 4.9.6 and 4.10.2 

It still might be a bug, but i need more info. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens Ian 
> Coetzee via samba
> Verzonden: woensdag 10 april 2019 9:04
> Aan: Samba List
> Onderwerp: [Samba] chown: changing ownership of 'test': 
> Invalid argument
> 
> Hi All,
> 
> I have a very weird issue on one of my servers. I think I 
> might just be
> missing something quite obviously... I will post the config 
> files at the
> bottom
> 
> I have a brand new Debian server running as an LXC container
> 
> > root@ho-vpn-ctx-ac01:~# lsb_release -a
> > No LSB modules are available.
> > Distributor ID:    Debian
> > Description:    Debian GNU/Linux 9.8 (stretch)
> > Release:    9.8
> > Codename:    stretch
> > root@ho-vpn-ctx-ac01:~# uname -a
> > Linux ho-vpn-ctx-ac01 4.15.18-12-pve #1 SMP PVE 4.15.18-35 
> (Wed, 13 Mar
> > 2019 08:24:42 +0100) x86_64 GNU/Linux
> > root@ho-vpn-ctx-ac01:~#
> >
> 
> I am running said server as a domain member using the latest 
> packages in
> Louis' 4.9 branch
> 
> > root@ho-vpn-ctx-ac01:~# net -V
> > Version 4.9.6-Debian
> > root@ho-vpn-ctx-ac01:~# net ads testjoin
> > Join is OK
> >
> 
> The join seems to be good, nsswitch is working
> 
> > root@ho-vpn-ctx-ac01:~# wbinfo -i ianc
> > ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash
> > root@ho-vpn-ctx-ac01:~# getent passwd ianc
> > ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash
> >
> 
>  Yet when I try to change the ownership of a file to a domain user, it
> fails with "Invalid argument"
> 
> > root@ho-vpn-ctx-ac01:~# chown -v ianc test
> > chown: changing ownership of 'test': Invalid argument
> > failed to change ownership of 'test' from root to ianc
> > root@ho-vpn-ctx-ac01:~# chown -v jeadmin test
> > changed ownership of 'test' from root to jeadmin
> > root@ho-vpn-ctx-ac01:~# getent passwd jeadmin
> > jeadmin:x:1000:27::/home/jeadmin:/bin/bash
> >
> 
> It works however when changing to a local user. So it looks 
> like the issue
> might be in samba. This is the first time I have had this 
> problem after
> quite a few other servers (a mix between CentOS, Debian and 
> Ubuntu) has
> already been joined to the domain using the exact same smb.conf.
> 
> On a side note, I am also unable to log into the server using domain
> credentials, which I am currently attributing to the same cause.
> 
> Can you guys maybe point me in the right direction where I 
> might start to
> troubleshoot further?
> 
> Kind regards
> Ian
> 
> Configs:
> 
> root@ho-vpn-ctx-ac01:~# cat /etc/samba/smb.conf
> [global]
>    workgroup = JEOFFICE
>    realm = JEOFFICE.JACKLIN.CO.ZA
>    security = ADS
>    template homedir = /home/%D/%U
>    template shell = /bin/bash
>    kerberos method = secrets only
>    winbind use default domain = true
> #   winbind offline logon = true
>    winbind enum groups = true
> 
>    netbios name = ho-vpn-ctx-ac01
> 
>    log file = /var/log/samba/%m.log
>    log level = 1
> 
>    # Default ID mapping configuration for local BUILTIN accounts
>    # and groups on a domain member. The default (*) domain:
>    # - must not overlap with any domain ID mapping configuration!
>    # - must use an read-write-enabled back end, such as tdb.
>    idmap config * : backend = tdb
>    idmap config * : range = 70001-80000
>    idmap config JEOFFICE : backend = rid
>    idmap config JEOFFICE : range = 3200000-3300000
> 
>    winbind nss info = template
> root@ho-vpn-ctx-ac01:~# cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages 
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
> gshadow:        files
> 
> hosts:          files dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba