Web lists-archives.com

Re: [Samba] chown: changing ownership of 'test': Invalid argument

On Wed, 10 Apr 2019 09:04:06 +0200
Ian Coetzee via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi All,
> I have a very weird issue on one of my servers. I think I might just
> be missing something quite obviously... I will post the config files
> at the bottom
> I have a brand new Debian server running as an LXC container
> I am running said server as a domain member using the latest packages
> in Louis' 4.9 branch
> The join seems to be good, nsswitch is working
> > root@ho-vpn-ctx-ac01:~# wbinfo -i ianc
> > ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash
> > root@ho-vpn-ctx-ac01:~# getent passwd ianc
> > ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash
> >  
>  Yet when I try to change the ownership of a file to a domain user, it
> fails with "Invalid argument"
> > root@ho-vpn-ctx-ac01:~# chown -v ianc test
> > chown: changing ownership of 'test': Invalid argument
> > failed to change ownership of 'test' from root to ianc

This is very strange, the 'getent' command above shows that the OS
knows who 'ianc' is, so why can file ownership not be changed ?

> > root@ho-vpn-ctx-ac01:~# chown -v jeadmin test
> > changed ownership of 'test' from root to jeadmin
> > root@ho-vpn-ctx-ac01:~# getent passwd jeadmin
> > jeadmin:x:1000:27::/home/jeadmin:/bin/bash
> >  
> It works however when changing to a local user. So it looks like the
> issue might be in samba. This is the first time I have had this
> problem after quite a few other servers (a mix between CentOS, Debian
> and Ubuntu) has already been joined to the domain using the exact
> same smb.conf.
> On a side note, I am also unable to log into the server using domain
> credentials, which I am currently attributing to the same cause.

Possibly, but it could just be down to you not having this line
in /etc/pam.d/common-session

session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022

Without that line, the users homedir will not get created and the login
will fail.

> root@ho-vpn-ctx-ac01:~# cat /etc/samba/smb.conf
> [global]
>    workgroup = JEOFFICE
>    security = ADS
>    template shell = /bin/bash
>    winbind use default domain = true
>    log file = /var/log/samba/%m.log
>    log level = 1 
>    idmap config * : backend = tdb
>    idmap config * : range = 70001-80000
>    idmap config JEOFFICE : backend = rid
>    idmap config JEOFFICE : range = 3200000-3300000

If you notice, I have shorted your smb.conf, it is effectively the same
as what you have now, I have just removed the default lines.

There are numerous lines I would add, but they do not really have
anything to do with your problem.

A last thought, do you have any users in AD that also occur
in /etc/passwd ?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba