Web lists-archives.com

Re: [Samba] Debugging Samba is a total PITA and this needs to improve




The smb.conf hasn't changed since the last three or four times I've
posted here asking for help:

https://up.tao.at/u/samba/villach-file.txt

Top level error I'm seeing is that since today *some* Windows users are
denied SMB access to this one member server ("Network password is
invalid"), but not all users. Worked fine before today.

wbinfo -p/-P work, wbinfo -a shows the same problem of some users
working, some not: Those that do work, report success with plaintext
auth, and NT_STATUS_WRONG_PASSWORD for challenge/response auth (wtf?).
Those that don't work at all, fail plaintext auth and report
NT_STATUS_INTERNAL_DB_CORRUPTION for challenge/response. Not sure if
that means anything, given that challenge/response seems to always fail
with nonsensical error messages. All the other working member servers
also report NT_STATUS_WRONG_PASSWORD for c/r auth.

15 MB/s error logs were not an exaggeration, BTW, that's what I saw when
I cranked up the logging level to 10, since the default log level didn't
bother even reporting the logon failures at all (which should be
sensible defaults, but oh well). Since I don't know what component of
Samba is responsible here, I don't know for which I should increase
logging and for which I shouldn't.

Now that I'm digging, there also seem to be some generic WERR_BADFILE
DRS replication errors that our automated monitoring somehow didn't
catch; and one DC apparently no longer has the DNS entries it should
have, and samba_dnsupdates alternates between "FORMERR" and "GSS-TSIG
unsuccessful" which apparently is only supposed to appear with the BIND9
DNS backend, which we aren't using. These are probably related, but
again I have no idea where these come from or how to debug them.


So how was your morning?

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas@xxxxxx | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba