Web lists-archives.com

Re: [Samba] chown: changing ownership of 'test': Invalid argument




Hi Rowland,

Please see my replies inline.

On Wed, 10 Apr 2019 at 09:58, Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
wrote:

> On Wed, 10 Apr 2019 09:04:06 +0200
> Ian Coetzee via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hi All,
> >
> > I have a very weird issue on one of my servers. I think I might just
> > be missing something quite obviously... I will post the config files
> > at the bottom
> >
> > I have a brand new Debian server running as an LXC container
> > I am running said server as a domain member using the latest packages
> > in Louis' 4.9 branch
> >
> > The join seems to be good, nsswitch is working
> >
> > > root@ho-vpn-ctx-ac01:~# wbinfo -i ianc
> > > ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash
> > > root@ho-vpn-ctx-ac01:~# getent passwd ianc
> > > ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash
> > >
> >
> >  Yet when I try to change the ownership of a file to a domain user, it
> > fails with "Invalid argument"
> >
> > > root@ho-vpn-ctx-ac01:~# chown -v ianc test
> > > chown: changing ownership of 'test': Invalid argument
> > > failed to change ownership of 'test' from root to ianc
>
> This is very strange, the 'getent' command above shows that the OS
> knows who 'ianc' is, so why can file ownership not be changed ?
>

My thoughts exactly


> > > root@ho-vpn-ctx-ac01:~# chown -v jeadmin test
> > > changed ownership of 'test' from root to jeadmin
> > > root@ho-vpn-ctx-ac01:~# getent passwd jeadmin
> > > jeadmin:x:1000:27::/home/jeadmin:/bin/bash
> > >
> >
> > It works however when changing to a local user. So it looks like the
> > issue might be in samba. This is the first time I have had this
> > problem after quite a few other servers (a mix between CentOS, Debian
> > and Ubuntu) has already been joined to the domain using the exact
> > same smb.conf.
> >
> > On a side note, I am also unable to log into the server using domain
> > credentials, which I am currently attributing to the same cause.
>
> Possibly, but it could just be down to you not having this line
> in /etc/pam.d/common-session
>

> session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
>

I normally add this line through pam-auth-update and a custom file under
/usr/share/pam-configs/

root@ho-vpn-ctx-ac01:~# cat /usr/share/pam-configs/mkhomedir
> Name: Create home directory on login
> Default: no
> Priority: 0
> Session-Type: Additional
> Session-Interactive-Only: yes
> Session:
>     optional            pam_mkhomedir.so skel=/etc/skel/ umask=0022



> Without that line, the users homedir will not get created and the login
> will fail.
>

This has bitten me more than once already :)


>
> >
> > root@ho-vpn-ctx-ac01:~# cat /etc/samba/smb.conf
> > [global]
> >    workgroup = JEOFFICE
> >    realm = JEOFFICE.JACKLIN.CO.ZA
> >    security = ADS
> >    template shell = /bin/bash
> >    winbind use default domain = true
> >    log file = /var/log/samba/%m.log
> >    log level = 1
> >    idmap config * : backend = tdb
> >    idmap config * : range = 70001-80000
> >    idmap config JEOFFICE : backend = rid
> >    idmap config JEOFFICE : range = 3200000-3300000
> >
>
> If you notice, I have shorted your smb.conf, it is effectively the same
> as what you have now, I have just removed the default lines.
>

Thanks. I will update my smb.conf template accordingly.


>
> There are numerous lines I would add, but they do not really have
> anything to do with your problem.
>
> A last thought, do you have any users in AD that also occur
> in /etc/passwd ?
>

The only user I have is the jeadmin user which is the domain admin as well
as a local admin user.

Should I try renaming the local user?


>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba