Problems in SAMBA 3.3 to 4.0 migration

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Problems in SAMBA 3.3 to 4.0 migration

soonerdave
I am migrating an old but functional Samba 3.3.4 smbpasswd-based PDC to a new Samba 4.0-based VM. I planned to build the 4.0 as a BDC and then simply dcpromo it to my PDC, and then retire the old server. But I've come across two problems for which I'm needing some guidance.

I've built the 4.0 box, extracted the original domain SID, and joined the machine to the domain. I can log into shares hosted on the DC, and all appears well. I then attempted to simply net rpc vampire the PDC's groups and users, but doing so results in a Segmentation Fault immediately after net attempts to get the domain database ("Fetching (to passdb) DOMAIN database").

In looking at the SAMBA server logs on the PDC, there's a clear credential failure from the BDC machine on the vampire attempt. Two log entries with "BAD SIG... expected SMB signature of (empty)" appear, indicating an empty payload was sent as part of the SMB signature during the credential check. That implies to me some sort of problem in the session setup or machine key/account - yet net rpc testjoin says the join of the BDC is OK. I've already removed and rejoined the machine to the domain with the same result ,so at this point, I don't know what's going wrong with the machine credential check from the BDC to the PDC.

The second issue is in generating a list of users and groups off the PDC. Right now, wbinfo simply won't work. wbinfo -p can't even ping winbindd even when I can see that it is, in fact, running. An strace run against wbinfo seems to indicate wbinfo can't communicate with the winbindd pipe, and I have no clue why. So it would seem to me that even if I fix the credential exchange issue above, I've got another issue on the PDC with group and user enumeration.

Although I've found several issues roughly similar to this, none of the fixes I've seen so far apply. I thought perhaps the "BAD SIG" messages in the log in the failed credential check might ring a bell for someone, but the wbinfo failure really has thrown me for a loop. There's no reason I can see why it won't work. Any suggestions appreciated.

Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

Rowland Penny-5
On 11/02/15 17:42, soonerdave wrote:

> I am migrating an old but functional Samba 3.3.4 smbpasswd-based PDC to a new
> Samba 4.0-based VM. I planned to build the 4.0 as a BDC and then simply
> dcpromo it to my PDC, and then retire the old server. But I've come across
> two problems for which I'm needing some guidance.
>
> I've built the 4.0 box, extracted the original domain SID, and joined the
> machine to the domain. I can log into shares hosted on the DC, and all
> appears well. I then attempted to simply net rpc vampire the PDC's groups
> and users, but doing so results in a Segmentation Fault immediately after
> net attempts to get the domain database ("Fetching (to passdb) DOMAIN
> database").
>
> In looking at the SAMBA server logs on the PDC, there's a clear credential
> failure from the BDC machine on the vampire attempt. Two log entries with
> "BAD SIG... expected SMB signature of (empty)" appear, indicating an empty
> payload was sent as part of the SMB signature during the credential check.
> That implies to me some sort of problem in the session setup or machine
> key/account - yet net rpc testjoin says the join of the BDC is OK. I've
> already removed and rejoined the machine to the domain with the same result
> ,so at this point, I don't know what's going wrong with the machine
> credential check from the BDC to the PDC.
>
> The second issue is in generating a list of users and groups off the PDC.
> Right now, wbinfo simply won't work. wbinfo -p can't even ping winbindd even
> when I can see that it is, in fact, running. An strace run against wbinfo
> seems to indicate wbinfo can't communicate with the winbindd pipe, and I
> have no clue why. So it would seem to me that even if I fix the credential
> exchange issue above, I've got another issue on the PDC with group and user
> enumeration.
>
> Although I've found several issues roughly similar to this, none of the
> fixes I've seen so far apply. I thought perhaps the "BAD SIG" messages in
> the log in the failed credential check might ring a bell for someone, but
> the wbinfo failure really has thrown me for a loop. There's no reason I can
> see why it won't work. Any suggestions appreciated.
>
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Problems-in-SAMBA-3-3-to-4-0-migration-tp4680653.html
> Sent from the Samba - General mailing list archive at Nabble.com.

It might help if you post your smb.conf, what OS you are using and the
reason to use samba 4.0 when 4.2 is about to come out.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
Hi, Rowland, and thanks for the reply.

The PDC OS is Slackware 13. The BDC OS is Slackware 14.

The choice to use Samba 4.0 was merely due to its inclusion on the Slackware 14 distro. I'll worry about upgrading that once I have the migration complete.

I will post the two machine's respective smb.conf's later today.
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
As promised, I'm posting the smb.conf files for the two servers in question.

One minor correction I should offer is that the new SAMBA server will be version 4.1, not 4.0.

Following is SMB.CONF for the current PDC, which is Samba 3.3.4 on Slackware 13.
I've omitted all share definitions to allow focus more on the configuration side. Actual
server/domain names have been omitted.
-----------------------------------------------------
#======================= Global Settings =====================================
[global]
   browsable = yes

# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
   workgroup = *OMITTED*

# netbios name = Name of Samba machine as set on eth1
   netbios name = *OMITTED*

# server string is the equivalent of the NT Description field
   server string = PDC
   host msdfs = no

   preferred master = yes
# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page

   interfaces = eth0 127.0.0.1
   hosts allow = 10.10.10.0/24 127.0.0.1
   bind interfaces only = yes

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = no

# you may wish to override the location of the printcap file
#;   printcap name = /dev/null  

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
#;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
;   printing = bsd

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 100
#winbind configuration
   idmap uid = 10000-20000
   idmap gid = 10000-20000

   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = yes
# Set loggingn level
   log level = 0

# Security mode. Most people will want user level security. See
# security_level.txt for details.  NOTE:  To get the behaviour of
# Samba-1.9.18, you'll need to use "security = share".
   security = user
# Use password server option only with security = server
;   password server = <NT-Server-Name>

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = yes
  smb passwd file = /etc/samba/private/smbpasswd
  server signing = auto
  client signing = auto

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /usr/local/samba/lib/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = yes

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
   os level = 99

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
   preferred master = yes

# Use only if you have an NT server on your network that has been
# configured at install time to be a primary domain controller.
;   domain controller = <NT-Domain-Controller-SMBName>

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
#;   logon script = %m.bat
# run a specific logon batch file per username

;   logon script = scripts\logon.bat %U

# no anonymous browsing of shares
   guest ok = no

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U
    logon path =
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
   wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no
;

   time server = no

  logon drive = m:

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   path = /nas/home/%S
   browseable = no
   writable = yes
   read only = no
   create mode = 2775
   directory mode = 2775

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
   comment = Network Logon Service
   path = /usr/local/samba/lib/netlogon
   writeable = yes
   public = no
   browsable = no  
   guest ok = no


------------------------------------

Following is the smb.conf of the NEW Samba 4.1 I am attempting to set up as a BDC,
with the intent of dcpromo to PDC and retiring the old server. Again, server names/shares
are omitted.
-------------------------------------
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
   workgroup = **OMITTED**

# server string is the equivalent of the NT Description field
   server string = BDC
   client schannel = no

   netbios name = **OMITTED**
   
   client use spnego = yes
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = classic backup domain controller

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   interfaces = 10.10.10.0/24 127.0.0.1/255.0.0.0
   hosts allow = 10.10.10.0/24 127.0.0.1
   bind interfaces only = yes

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 500

   domain master  = no
# Specifies the Kerberos or Active Directory realm the host is part of
;   realm = MY_REALM

# winbind config
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  winbind use default domain = yes

# Set logging level
  log level = 10

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
   passdb backend = smbpasswd

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no

# Security
  security = user  

  encrypt passwords = yes
  smb passwd file = /etc/samba/private/smbpasswd
  server signing = auto
  client signing = auto

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   path = /usr/local

# Un-comment the following and create the netlogon directory for Domain Logons
 [netlogon]
   comment = Network Logon Service
   path = /usr/local/samba/lib/netlogon
   guest ok = no
   writable = no
   share modes = no


------
Here is the result of my effort to run net rpc vampire:

root@xxxxxxxx:/etc/samba# net rpc vampire -S omitted_host -W omitted_domain
Enter root password:
DC is not running Active Directory
Fetching (to passdb) DOMAIN database
Segmentation fault

-----
Here's the tail of the samba.hostname log from the PDC for that vampire attempt:

[2015/02/11 20:39:37,  0] libsmb/smb_signing.c:srv_check_incoming_message(754)
  srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of
[2015/02/11 20:39:37,  0] libsmb/smb_signing.c:srv_check_incoming_message(758)
  srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of
[2015/02/11 20:39:52,  0] libsmb/smb_signing.c:srv_check_incoming_message(754)
  srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of
[2015/02/11 20:39:52,  0] libsmb/smb_signing.c:srv_check_incoming_message(758)
  srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of

--
Here is the attempt to perform a basic wbinfo -p from the PDC:
Ping to winbindd failed
could not ping winbindd!

Here is the strace output of the same wbinfo -p command
-----
execve("/usr/bin/wbinfo", ["wbinfo", "-p"], [/* 33 vars */]) = 0
brk(0)                                  = 0xb7fb7000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=146816, ...}) = 0
mmap2(NULL, 146816, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eb8000
close(3)                                = 0
open("/lib/libcrypt.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \7\0\0004\0\0\0,"..., 512) = 512
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7eb7000
fstat64(3, {st_mode=S_IFREG|0755, st_size=42595, ...}) = 0
mmap2(NULL, 201052, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e85000
mmap2(0xb7e8e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb7e8e000
mmap2(0xb7e90000, 155996, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e90000
close(3)                                = 0
open("/lib/libcap.so.2", O_RDONLY)      = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\16\0\0004\0\0\0\374"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=14820, ...}) = 0
mmap2(NULL, 17552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e80000
mmap2(0xb7e84000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb7e84000
close(3)                                = 0
open("/lib/libresolv.so.2", O_RDONLY)   = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@&\0\0004\0\0\0\330"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=86867, ...}) = 0
mmap2(NULL, 88132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e6a000
mmap2(0xb7e7c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0xb7e7c000
mmap2(0xb7e7e000, 6212, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e7e000
close(3)                                = 0
open("/lib/libnsl.so.1", O_RDONLY)      = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p1\0\0004\0\0\0\254"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=105131, ...}) = 0
mmap2(NULL, 100328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e51000
mmap2(0xb7e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xb7e66000
mmap2(0xb7e68000, 6120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e68000
close(3)                                = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \n\0\0004\0\0\0\\"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=13419, ...}) = 0
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e4d000
mmap2(0xb7e4f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7e4f000
close(3)                                = 0
open("/usr/lib/libldap-2.3.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\216\0\0004\0\0\0\250"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=223120, ...}) = 0
mmap2(NULL, 220968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e17000
mmap2(0xb7e4c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x35) = 0xb7e4c000
close(3)                                = 0
open("/usr/lib/liblber-2.3.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0#\0\0004\0\0\0@"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=46080, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e16000
mmap2(NULL, 48824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e0a000
mmap2(0xb7e15000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0xb7e15000
close(3)                                = 0
open("/usr/lib/libpopt.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\20\0\0004\0\0\0D"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=25604, ...}) = 0
mmap2(NULL, 28432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e03000
mmap2(0xb7e09000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7e09000
close(3)                                = 0
open("/usr/lib/libtalloc.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\22\0\0004\0\0\0\324"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=30100, ...}) = 0
mmap2(NULL, 29152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dfb000
mmap2(0xb7e01000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7e01000
close(3)                                = 0
open("/usr/lib/libtdb.so.1", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\26\0\0004\0\0\0\250"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=46736, ...}) = 0
mmap2(NULL, 49704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dee000
mmap2(0xb7df9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0xb7df9000
close(3)                                = 0
open("/usr/lib/libwbclient.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\25\0\0004\0\0\0\214"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=26188, ...}) = 0
mmap2(NULL, 29248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7de6000
mmap2(0xb7dec000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7dec000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0h\1\0004\0\0\0\214"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1658350, ...}) = 0
mmap2(NULL, 1439312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c86000
mmap2(0xb7de0000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15a) = 0xb7de0000
mmap2(0xb7de3000, 9808, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7de3000
close(3)                                = 0
open("/lib/libattr.so.1", O_RDONLY)     = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\r\0\0004\0\0\0,"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=14396, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7c85000
mmap2(NULL, 17076, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c80000
mmap2(0xb7c84000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb7c84000
close(3)                                = 0
open("/usr/local/lib/libsasl2.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\00001\0\0004\0\0\0T"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=303680, ...}) = 0
mmap2(NULL, 92200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c69000
mmap2(0xb7c7f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb7c7f000
close(3)                                = 0
open("/usr/lib/libssl.so.0", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\273\0\0004\0\0\0D"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0555, st_size=283948, ...}) = 0
mmap2(NULL, 286136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c23000
mmap2(0xb7c65000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x41) = 0xb7c65000
close(3)                                = 0
open("/usr/lib/libcrypto.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300p\3\0004\0\0\0\4"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0555, st_size=1350420, ...}) = 0
mmap2(NULL, 1356632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ad7000
mmap2(0xb7c0a000, 90112, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x132) = 0xb7c0a000
mmap2(0xb7c20000, 9048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7c20000
mprotect(0xbfaaf000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) = 0
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ad6000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ad5000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ad56c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7de0000, 8192, PROT_READ)   = 0
mprotect(0xb7dec000, 4096, PROT_READ)   = 0
mprotect(0xb7df9000, 4096, PROT_READ)   = 0
mprotect(0xb7e01000, 4096, PROT_READ)   = 0
mprotect(0xb7e4f000, 4096, PROT_READ)   = 0
mprotect(0xb7e66000, 4096, PROT_READ)   = 0
mprotect(0xb7e7c000, 4096, PROT_READ)   = 0
mprotect(0xb7e8e000, 4096, PROT_READ)   = 0
mprotect(0xb7faf000, 8192, PROT_READ)   = 0
mprotect(0xb7efa000, 4096, PROT_READ)   = 0
munmap(0xb7eb8000, 146816)              = 0
brk(0)                                  = 0xb7fb7000
brk(0xb7fd8000)                         = 0xb7fd8000
open("/usr/local/samba/lib/upcase.dat", O_RDONLY|O_LARGEFILE) = 3
mmap2(NULL, 131072, PROT_READ, MAP_SHARED, 3, 0) = 0xb7ebc000
close(3)                                = 0
open("/usr/local/samba/lib/lowcase.dat", O_RDONLY|O_LARGEFILE) = 3
mmap2(NULL, 131072, PROT_READ, MAP_SHARED, 3, 0) = 0xb7ab5000
close(3)                                = 0
uname({sys="Linux", node="liberty", ...}) = 0
stat64("/usr/local/samba/lib/smb.conf", {st_mode=S_IFREG|0644, st_size=11660, ...}) = 0
open("/usr/local/samba/lib/smb.conf", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=11660, ...}) = 0
read(3, "# This is the main Samba configur"..., 11660) = 11660
close(3)                                = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ebb000
read(3, "# Locale name alias data base.\n# "..., 4096) = 2570
read(3, ""..., 4096)                    = 0
close(3)                                = 0
munmap(0xb7ebb000, 4096)                = 0
open("/usr/lib/locale/en_US/LC_IDENTIFICATION", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=378, ...}) = 0
mmap2(NULL, 378, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ebb000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_MEASUREMENT", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=28, ...}) = 0
mmap2(NULL, 28, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eba000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_TELEPHONE", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
mmap2(NULL, 64, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eb9000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_ADDRESS", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=160, ...}) = 0
mmap2(NULL, 160, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eb8000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_NAME", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=82, ...}) = 0
mmap2(NULL, 82, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab4000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_PAPER", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=39, ...}) = 0
mmap2(NULL, 39, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab3000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_MESSAGES", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=57, ...}) = 0
mmap2(NULL, 57, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab2000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_MONETARY", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=291, ...}) = 0
mmap2(NULL, 291, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab1000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_TIME", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2459, ...}) = 0
mmap2(NULL, 2459, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab0000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_NUMERIC", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=59, ...}) = 0
mmap2(NULL, 59, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7aaf000
close(3)                                = 0
open("/usr/lib/locale/en_US/LC_CTYPE", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=221732, ...}) = 0
mmap2(NULL, 221732, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7a78000
close(3)                                = 0
open("/usr/lib/gconv/gconv-modules.cache", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/gconv/gconv-modules", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=56028, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7a77000
read(3, "# GNU libc iconv configuration.\n#"..., 4096) = 4096
read(3, "B1.002//\nalias\tJS//\t\t\tJUS_I.B1.00"..., 4096) = 4096
read(3, "59-3\t1\nmodule\tINTERNAL\t\tISO-8859-"..., 4096) = 4096
read(3, "859-14//\nalias\tISO-IR-199//\t\tISO-"..., 4096) = 4096
read(3, "CDIC-DK-NO-A//\tEBCDIC-DK-NO-A\t1\n\n"..., 4096) = 4096
read(3, "\t\tIBM281//\t\tIBM281\t\t1\n\n#\tfrom\t\t\tt"..., 4096) = 4096
read(3, "\tIBM863\t\t1\n\n#\tfrom\t\t\tto\t\t\tmodule\t"..., 4096) = 4096
read(3, "//\t\tIBM937//\nalias\tCSIBM937//\t\tIB"..., 4096) = 4096
read(3, "JAPANESE//\tEUC-JP//\nalias\tOSF0003"..., 4096) = 4096
read(3, "MACINTOSH//\t\tMACINTOSH\t1\n\n#\tfrom\t"..., 4096) = 4096
read(3, "367-BOX//\nalias\tISO_10367BOX//\t\tI"..., 4096) = 4096
read(3, "EUC-JISX0213//\t\tINTERNAL\t\tEUC-JIS"..., 4096) = 4096
read(3, "/\t\tIBM1130//\nalias\tCSIBM1130//\t\tI"..., 4096) = 4096
read(3, "\t1\n\n#\tfrom\t\t\tto\t\t\tmodule\t\tcost\nal"..., 4096) = 2780
read(3, ""..., 4096)                    = 0
close(3)                                = 0
munmap(0xb7a77000, 4096)                = 0
open("/usr/lib/gconv/IBM850.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\3\0\0004\0\0\0D"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=11131, ...}) = 0
mmap2(NULL, 12316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7a74000
mmap2(0xb7a76000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7a76000
close(3)                                = 0
mprotect(0xb7a76000, 4096, PROT_READ)   = 0
open("/usr/lib/gconv/UTF-16.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \4\0\0004\0\0\0P"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=11174, ...}) = 0
mmap2(NULL, 12328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7a70000
mmap2(0xb7a72000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7a72000
close(3)                                = 0
mprotect(0xb7a72000, 4096, PROT_READ)   = 0
brk(0xb7ffc000)                         = 0xb7ffc000
brk(0xb8024000)                         = 0xb8024000
brk(0xb8045000)                         = 0xb8045000
open("/usr/local/samba/lib/valid.dat", O_RDONLY|O_LARGEFILE) = 3
mmap2(NULL, 65536, PROT_READ, MAP_SHARED, 3, 0) = 0xb7a60000
close(3)                                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=7687, groups=00000000}, [12]) = 0
time(NULL)                              = 1423709100
sendto(3, "\24\0\0\0\22\0\1\3\254\23\334T\0\0\0\0\0\0\0\0"..., 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\354\0\0\0\20\0\2\0\254\23\334T\7\36\0\0\0\0\4\3\1\0\0\0I\0\1\0\0\0\0\0\7"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 480
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\254\23\334T\7\36\0\0\0\0\0\0\1\0\0\0I\0\1\0\0\0\0\0\7"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
sendto(3, "\24\0\0\0\26\0\1\3\255\23\334T\0\0\0\0\0\0\0\0"..., 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\255\23\334T\7\36\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\255\23\334T\7\36\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\255\23\334T\7\36\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=7687, groups=00000000}, [12]) = 0
time(NULL)                              = 1423709100
sendto(3, "\24\0\0\0\26\0\1\3\254\23\334T\0\0\0\0\0\0\0\0"..., 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\254\23\334T\7\36\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\254\23\334T\7\36\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\254\23\334T\7\36\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0
getpid()                                = 7687
lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
connect(3, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"...}, 110) = 0
select(4, [3], NULL, NULL, {0, 0})      = 0 (Timeout)
write(3, "0\10\0\0\0\0\0\0\0\0\0\0\7\36\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096
select(4, [3], NULL, NULL, {5, 0})      = 1 (in [3], left {4, 999997})
read(3, "\250\r\0\0\2\0\0\0\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 3496) = 3496
close(3)                                = 0
stat64("/usr/local/samba/lib/en_US.msg", {st_mode=S_IFREG|0644, st_size=10533, ...}) = 0
stat64("/usr/local/samba/var/locks", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/local/samba/var/locks/lang_en_US.tdb", O_RDWR|O_CREAT|O_LARGEFILE, 0644) = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}, 0xbfaac374) = 0
read(3, "TDB file\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0m"..., 168) = 168
fstat64(3, {st_mode=S_IFREG|0644, st_size=12288, ...}) = 0
mmap2(NULL, 12288, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0xb7a5d000
fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1}, 0xbfaac374) = 0
fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=240, len=1}, 0xbfaac314) = 0
fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=240, len=1}, 0xbfaac384) = 0
fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=460, len=1}, 0xbfaac424) = 0
fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=460, len=1}, 0xbfaac464) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7a5c000
write(1, "Ping to winbindd failed\n"..., 24) = 24
fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=284, len=1}, 0xbfaac424) = 0
fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=284, len=1}, 0xbfaac464) = 0
write(2, "could not ping winbindd!\n"..., 25) = 25
exit_group(1)                           = ?
---

Many thanks in advance for any assistance that might be offered as I unravel things.

Again, the PDC has been working for some time, and I just didn't expect any issues in doing this migration...yet here we are. And what concerns me is that failed wbinfo leads me to believe something has been wrong for a time,but for whatever reason I've not encountered it. And that's not very encouraging :(


Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

Rowland Penny-5
On 12/02/15 02:43, soonerdave wrote:

> As promised, I'm posting the smb.conf files for the two servers in question.
>
> One minor correction I should offer is that the new SAMBA server will be
> version 4.1, not 4.0.
>
> Following is SMB.CONF for the current PDC, which is Samba 3.3.4 on Slackware
> 13.
> I've omitted all share definitions to allow focus more on the configuration
> side. Actual
> server/domain names have been omitted.
> -----------------------------------------------------
> #======================= Global Settings
> =====================================
> [global]
>     browsable = yes
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
>     workgroup = *OMITTED*
>
> # netbios name = Name of Samba machine as set on eth1
>     netbios name = *OMITTED*
>
> # server string is the equivalent of the NT Description field
>     server string = PDC
>     host msdfs = no
>
>     preferred master = yes
> # This option is important for security. It allows you to restrict
>
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
>
>     interfaces = eth0 127.0.0.1
>     hosts allow = 10.10.10.0/24 127.0.0.1
>     bind interfaces only = yes
>
> # If you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
>     load printers = no
>
> # you may wish to override the location of the printcap file
> #;   printcap name = /dev/null
>
> # on SystemV system setting printcap name to lpstat should allow
> # you to automatically obtain a printer list from the SystemV spool
> # system
> #;   printcap name = lpstat
>
> # It should not be necessary to specify the print system type unless
> # it is non-standard. Currently supported print systems include:
> # bsd, sysv, plp, lprng, aix, hpux, qnx
> ;   printing = bsd
>
> # Uncomment this if you want a guest account, you must add this to
> /etc/passwd
> # otherwise the user "nobody" is used
> ;  guest account = pcguest
>
> # this tells Samba to use a separate log file for each machine
> # that connects
>     log file = /var/log/samba.%m
>
> # Put a capping on the size of the log files (in Kb).
>     max log size = 100
> #winbind configuration
>     idmap uid = 10000-20000
>     idmap gid = 10000-20000
>
>     winbind enum users = yes
>     winbind enum groups = yes
>     winbind use default domain = yes
> # Set loggingn level
>     log level = 0
>
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.  NOTE:  To get the behaviour of
> # Samba-1.9.18, you'll need to use "security = share".
>     security = user
> # Use password server option only with security = server
> ;   password server = <NT-Server-Name>
>
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
> # Do not enable this option unless you have read those documents
>    encrypt passwords = yes
>    smb passwd file = /etc/samba/private/smbpasswd
>    server signing = auto
>    client signing = auto
>
> # Using the following line enables you to customise your configuration
> # on a per machine basis. The %m gets replaced with the netbios name
> # of the machine that is connecting
> ;   include = /usr/local/samba/lib/smb.conf.%m
>
> # Most people will find that this option gives better performance.
> # See speed.txt and the manual pages for details
>     socket options = TCP_NODELAY
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you must list them
> # here. See the man page for details.
>
> # Browser Control Options:
> # set local master to no if you don't want Samba to become a master
> # browser on your network. Otherwise the normal election rules apply
>     local master = yes
>
> # OS Level determines the precedence of this server in master browser
> # elections. The default value should be reasonable
>     os level = 99
>
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
>     domain master = yes
>
> # Preferred Master causes Samba to force a local browser election on startup
> # and gives it a slightly higher chance of winning the election
>     preferred master = yes
>
> # Use only if you have an NT server on your network that has been
> # configured at install time to be a primary domain controller.
> ;   domain controller = <NT-Domain-Controller-SMBName>
>
> # Enable this if you want Samba to be a domain logon server for
> # Windows95 workstations.
>     domain logons = yes
>
> # if you enable domain logons then you may want a per-machine or
> # per user logon script
> # run a specific logon batch file per workstation (machine)
> #;   logon script = %m.bat
> # run a specific logon batch file per username
>
> ;   logon script = scripts\logon.bat %U
>
> # no anonymous browsing of shares
>     guest ok = no
>
> # Where to store roving profiles (only for Win95 and WinNT)
> #        %L substitutes for this servers netbios name, %U is username
> #        You must uncomment the [Profiles] share below
> ;   logon path = \\%L\Profiles\%U
>      logon path =
> # Windows Internet Name Serving Support Section:
> # WINS Support - Tells the NMBD component of Samba to enable it's WINS
> Server
>     wins support = yes
> # WINS Server - Tells the NMBD components of Samba to be a WINS Client
> # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
> ;   wins server = w.x.y.z
>
> # WINS Proxy - Tells Samba to answer name resolution queries on
> # behalf of a non WINS capable client, for this to work there must be
> # at least one WINS Server on the network. The default is NO.
>     wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
> # this has been changed in version 1.9.18 to no.
>     dns proxy = no
> ;
>
>     time server = no
>
>    logon drive = m:
>
> #============================ Share Definitions
> ==============================
> [homes]
>     comment = Home Directories
>     path = /nas/home/%S
>     browseable = no
>     writable = yes
>     read only = no
>     create mode = 2775
>     directory mode = 2775
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
>     comment = Network Logon Service
>     path = /usr/local/samba/lib/netlogon
>     writeable = yes
>     public = no
>     browsable = no
>     guest ok = no
>
>
> ------------------------------------
>
> Following is the smb.conf of the NEW Samba 4.1 I am attempting to set up as
> a BDC,
> with the intent of dcpromo to PDC and retiring the old server. Again, server
> names/shares
> are omitted.
> -------------------------------------
> #======================= Global Settings
> =====================================
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
>     workgroup = **OMITTED**
>
> # server string is the equivalent of the NT Description field
>     server string = BDC
>     client schannel = no
>
>     netbios name = **OMITTED**
>    
>     client use spnego = yes
> # Server role. Defines in which mode Samba will operate. Possible
> # values are "standalone server", "member server", "classic primary
> # domain controller", "classic backup domain controller", "active
> # directory domain controller".
> #
> # Most people will want "standalone sever" or "member server".
> # Running as "active directory domain controller" will require first
> # running "samba-tool domain provision" to wipe databases and create a
> # new domain.
>     server role = classic backup domain controller
>
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
>     interfaces = 10.10.10.0/24 127.0.0.1/255.0.0.0
>     hosts allow = 10.10.10.0/24 127.0.0.1
>     bind interfaces only = yes
>
> # Uncomment this if you want a guest account, you must add this to
> /etc/passwd
> # otherwise the user "nobody" is used
> ;  guest account = pcguest
>
> # this tells Samba to use a separate log file for each machine
> # that connects
>     log file = /var/log/samba.%m
>
> # Put a capping on the size of the log files (in Kb).
>     max log size = 500
>
>     domain master  = no
> # Specifies the Kerberos or Active Directory realm the host is part of
> ;   realm = MY_REALM
>
> # winbind config
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    winbind enum users = yes
>    winbind enum groups = yes
>    winbind use default domain = yes
>
> # Set logging level
>    log level = 10
>
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
>     passdb backend = smbpasswd
>
> # Using the following line enables you to customise your configuration
> # on a per machine basis. The %m gets replaced with the netbios name
> # of the machine that is connecting.
> # Note: Consider carefully the location in the configuration file of
> #       this line.  The included file is read at that point.
> ;   include = /usr/local/samba/lib/smb.conf.%m
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you must list them
> # here. See the man page for details.
> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
>
> # Where to store roving profiles (only for Win95 and WinNT)
> #        %L substitutes for this servers netbios name, %U is username
> #        You must uncomment the [Profiles] share below
> ;   logon path = \\%L\Profiles\%U
>
> # Windows Internet Name Serving Support Section:
> # WINS Support - Tells the NMBD component of Samba to enable it's WINS
> Server
>     wins support = no
>
> # WINS Server - Tells the NMBD components of Samba to be a WINS Client
> # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
> ;   wins server = w.x.y.z
>
> # WINS Proxy - Tells Samba to answer name resolution queries on
> # behalf of a non WINS capable client, for this to work there must be
> # at least one WINS Server on the network. The default is NO.
>     wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups. The default is NO.
>     dns proxy = no
>
> # Security
>    security = user
>
>    encrypt passwords = yes
>    smb passwd file = /etc/samba/private/smbpasswd
>    server signing = auto
>    client signing = auto
>
> # These scripts are used on a domain controller or stand-alone
> # machine to add or delete corresponding unix accounts
> ;  add user script = /usr/sbin/useradd %u
> ;  add group script = /usr/sbin/groupadd %g
> ;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
> /dev/null -s /bin/false %u
> ;  delete user script = /usr/sbin/userdel %u
> ;  delete user from group script = /usr/sbin/deluser %u %g
> ;  delete group script = /usr/sbin/groupdel %g
>
>
> #============================ Share Definitions
> ==============================
> [homes]
>     comment = Home Directories
>     browseable = no
>     writable = yes
>     path = /usr/local
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
>   [netlogon]
>     comment = Network Logon Service
>     path = /usr/local/samba/lib/netlogon
>     guest ok = no
>     writable = no
>     share modes = no
>
>
> ------
> Here is the result of my effort to run net rpc vampire:
>
> root@xxxxxxxx:/etc/samba# net rpc vampire -S omitted_host -W omitted_domain
> Enter root password:
> DC is not running Active Directory
> Fetching (to passdb) DOMAIN database
> Segmentation fault
>
> -----
> Here's the tail of the samba.hostname log from the PDC for that vampire
> attempt:
>
> [2015/02/11 20:39:37,  0]
> libsmb/smb_signing.c:srv_check_incoming_message(754)
>    srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of
> [2015/02/11 20:39:37,  0]
> libsmb/smb_signing.c:srv_check_incoming_message(758)
>    srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of
> [2015/02/11 20:39:52,  0]
> libsmb/smb_signing.c:srv_check_incoming_message(754)
>    srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of
> [2015/02/11 20:39:52,  0]
> libsmb/smb_signing.c:srv_check_incoming_message(758)
>    srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of
>
> --
> Here is the attempt to perform a basic wbinfo -p from the PDC:
> Ping to winbindd failed
> could not ping winbindd!
>
> Here is the strace output of the same wbinfo -p command
> -----
> execve("/usr/bin/wbinfo", ["wbinfo", "-p"], [/* 33 vars */]) = 0
> brk(0)                                  = 0xb7fb7000
> access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=146816, ...}) = 0
> mmap2(NULL, 146816, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eb8000
> close(3)                                = 0
> open("/lib/libcrypt.so.1", O_RDONLY)    = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
> \7\0\0004\0\0\0,"..., 512) = 512
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7eb7000
> fstat64(3, {st_mode=S_IFREG|0755, st_size=42595, ...}) = 0
> mmap2(NULL, 201052, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e85000
> mmap2(0xb7e8e000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb7e8e000
> mmap2(0xb7e90000, 155996, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e90000
> close(3)                                = 0
> open("/lib/libcap.so.2", O_RDONLY)      = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\16\0\0004\0\0\0\374"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=14820, ...}) = 0
> mmap2(NULL, 17552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e80000
> mmap2(0xb7e84000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb7e84000
> close(3)                                = 0
> open("/lib/libresolv.so.2", O_RDONLY)   = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@&\0\0004\0\0\0\330"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=86867, ...}) = 0
> mmap2(NULL, 88132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e6a000
> mmap2(0xb7e7c000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0xb7e7c000
> mmap2(0xb7e7e000, 6212, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e7e000
> close(3)                                = 0
> open("/lib/libnsl.so.1", O_RDONLY)      = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p1\0\0004\0\0\0\254"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=105131, ...}) = 0
> mmap2(NULL, 100328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e51000
> mmap2(0xb7e66000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0xb7e66000
> mmap2(0xb7e68000, 6120, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e68000
> close(3)                                = 0
> open("/lib/libdl.so.2", O_RDONLY)       = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
> \n\0\0004\0\0\0\\"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=13419, ...}) = 0
> mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e4d000
> mmap2(0xb7e4f000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7e4f000
> close(3)                                = 0
> open("/usr/lib/libldap-2.3.so.0", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\216\0\0004\0\0\0\250"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0644, st_size=223120, ...}) = 0
> mmap2(NULL, 220968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e17000
> mmap2(0xb7e4c000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x35) = 0xb7e4c000
> close(3)                                = 0
> open("/usr/lib/liblber-2.3.so.0", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0#\0\0004\0\0\0@"..., 512)
> = 512
> fstat64(3, {st_mode=S_IFREG|0644, st_size=46080, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7e16000
> mmap2(NULL, 48824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e0a000
> mmap2(0xb7e15000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0xb7e15000
> close(3)                                = 0
> open("/usr/lib/libpopt.so.0", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\20\0\0004\0\0\0D"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=25604, ...}) = 0
> mmap2(NULL, 28432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7e03000
> mmap2(0xb7e09000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7e09000
> close(3)                                = 0
> open("/usr/lib/libtalloc.so.1", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\22\0\0004\0\0\0\324"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=30100, ...}) = 0
> mmap2(NULL, 29152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7dfb000
> mmap2(0xb7e01000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7e01000
> close(3)                                = 0
> open("/usr/lib/libtdb.so.1", O_RDONLY)  = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\26\0\0004\0\0\0\250"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=46736, ...}) = 0
> mmap2(NULL, 49704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7dee000
> mmap2(0xb7df9000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0xb7df9000
> close(3)                                = 0
> open("/usr/lib/libwbclient.so.0", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\25\0\0004\0\0\0\214"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=26188, ...}) = 0
> mmap2(NULL, 29248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7de6000
> mmap2(0xb7dec000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7dec000
> close(3)                                = 0
> open("/lib/libc.so.6", O_RDONLY)        = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0h\1\0004\0\0\0\214"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1658350, ...}) = 0
> mmap2(NULL, 1439312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7c86000
> mmap2(0xb7de0000, 12288, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15a) = 0xb7de0000
> mmap2(0xb7de3000, 9808, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7de3000
> close(3)                                = 0
> open("/lib/libattr.so.1", O_RDONLY)     = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\r\0\0004\0\0\0,"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=14396, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7c85000
> mmap2(NULL, 17076, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7c80000
> mmap2(0xb7c84000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb7c84000
> close(3)                                = 0
> open("/usr/local/lib/libsasl2.so.2", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\00001\0\0004\0\0\0T"..., 512)
> = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=303680, ...}) = 0
> mmap2(NULL, 92200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7c69000
> mmap2(0xb7c7f000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb7c7f000
> close(3)                                = 0
> open("/usr/lib/libssl.so.0", O_RDONLY)  = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\273\0\0004\0\0\0D"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0555, st_size=283948, ...}) = 0
> mmap2(NULL, 286136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7c23000
> mmap2(0xb7c65000, 16384, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x41) = 0xb7c65000
> close(3)                                = 0
> open("/usr/lib/libcrypto.so.0", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300p\3\0004\0\0\0\4"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0555, st_size=1350420, ...}) = 0
> mmap2(NULL, 1356632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7ad7000
> mmap2(0xb7c0a000, 90112, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x132) = 0xb7c0a000
> mmap2(0xb7c20000, 9048, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7c20000
> mprotect(0xbfaaf000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) =
> 0
> close(3)                                = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7ad6000
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7ad5000
> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ad56c0, limit:1048575,
> seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
> seg_not_present:0, useable:1}) = 0
> mprotect(0xb7de0000, 8192, PROT_READ)   = 0
> mprotect(0xb7dec000, 4096, PROT_READ)   = 0
> mprotect(0xb7df9000, 4096, PROT_READ)   = 0
> mprotect(0xb7e01000, 4096, PROT_READ)   = 0
> mprotect(0xb7e4f000, 4096, PROT_READ)   = 0
> mprotect(0xb7e66000, 4096, PROT_READ)   = 0
> mprotect(0xb7e7c000, 4096, PROT_READ)   = 0
> mprotect(0xb7e8e000, 4096, PROT_READ)   = 0
> mprotect(0xb7faf000, 8192, PROT_READ)   = 0
> mprotect(0xb7efa000, 4096, PROT_READ)   = 0
> munmap(0xb7eb8000, 146816)              = 0
> brk(0)                                  = 0xb7fb7000
> brk(0xb7fd8000)                         = 0xb7fd8000
> open("/usr/local/samba/lib/upcase.dat", O_RDONLY|O_LARGEFILE) = 3
> mmap2(NULL, 131072, PROT_READ, MAP_SHARED, 3, 0) = 0xb7ebc000
> close(3)                                = 0
> open("/usr/local/samba/lib/lowcase.dat", O_RDONLY|O_LARGEFILE) = 3
> mmap2(NULL, 131072, PROT_READ, MAP_SHARED, 3, 0) = 0xb7ab5000
> close(3)                                = 0
> uname({sys="Linux", node="liberty", ...}) = 0
> stat64("/usr/local/samba/lib/smb.conf", {st_mode=S_IFREG|0644,
> st_size=11660, ...}) = 0
> open("/usr/local/samba/lib/smb.conf", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=11660, ...}) = 0
> read(3, "# This is the main Samba configur"..., 11660) = 11660
> close(3)                                = 0
> open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No
> such file or directory)
> open("/usr/share/locale/locale.alias", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7ebb000
> read(3, "# Locale name alias data base.\n# "..., 4096) = 2570
> read(3, ""..., 4096)                    = 0
> close(3)                                = 0
> munmap(0xb7ebb000, 4096)                = 0
> open("/usr/lib/locale/en_US/LC_IDENTIFICATION", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=378, ...}) = 0
> mmap2(NULL, 378, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ebb000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_MEASUREMENT", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=28, ...}) = 0
> mmap2(NULL, 28, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eba000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_TELEPHONE", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
> mmap2(NULL, 64, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eb9000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_ADDRESS", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=160, ...}) = 0
> mmap2(NULL, 160, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7eb8000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_NAME", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=82, ...}) = 0
> mmap2(NULL, 82, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab4000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_PAPER", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=39, ...}) = 0
> mmap2(NULL, 39, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab3000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_MESSAGES", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=57, ...}) = 0
> mmap2(NULL, 57, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab2000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_MONETARY", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=291, ...}) = 0
> mmap2(NULL, 291, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab1000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_TIME", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=2459, ...}) = 0
> mmap2(NULL, 2459, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ab0000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_NUMERIC", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=59, ...}) = 0
> mmap2(NULL, 59, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7aaf000
> close(3)                                = 0
> open("/usr/lib/locale/en_US/LC_CTYPE", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=221732, ...}) = 0
> mmap2(NULL, 221732, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7a78000
> close(3)                                = 0
> open("/usr/lib/gconv/gconv-modules.cache", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> open("/usr/lib/gconv/gconv-modules", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=56028, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7a77000
> read(3, "# GNU libc iconv configuration.\n#"..., 4096) = 4096
> read(3, "B1.002//\nalias\tJS//\t\t\tJUS_I.B1.00"..., 4096) = 4096
> read(3, "59-3\t1\nmodule\tINTERNAL\t\tISO-8859-"..., 4096) = 4096
> read(3, "859-14//\nalias\tISO-IR-199//\t\tISO-"..., 4096) = 4096
> read(3, "CDIC-DK-NO-A//\tEBCDIC-DK-NO-A\t1\n\n"..., 4096) = 4096
> read(3, "\t\tIBM281//\t\tIBM281\t\t1\n\n#\tfrom\t\t\tt"..., 4096) = 4096
> read(3, "\tIBM863\t\t1\n\n#\tfrom\t\t\tto\t\t\tmodule\t"..., 4096) = 4096
> read(3, "//\t\tIBM937//\nalias\tCSIBM937//\t\tIB"..., 4096) = 4096
> read(3, "JAPANESE//\tEUC-JP//\nalias\tOSF0003"..., 4096) = 4096
> read(3, "MACINTOSH//\t\tMACINTOSH\t1\n\n#\tfrom\t"..., 4096) = 4096
> read(3, "367-BOX//\nalias\tISO_10367BOX//\t\tI"..., 4096) = 4096
> read(3, "EUC-JISX0213//\t\tINTERNAL\t\tEUC-JIS"..., 4096) = 4096
> read(3, "/\t\tIBM1130//\nalias\tCSIBM1130//\t\tI"..., 4096) = 4096
> read(3, "\t1\n\n#\tfrom\t\t\tto\t\t\tmodule\t\tcost\nal"..., 4096) = 2780
> read(3, ""..., 4096)                    = 0
> close(3)                                = 0
> munmap(0xb7a77000, 4096)                = 0
> open("/usr/lib/gconv/IBM850.so", O_RDONLY) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\3\0\0004\0\0\0D"..., 512)
> = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=11131, ...}) = 0
> mmap2(NULL, 12316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7a74000
> mmap2(0xb7a76000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7a76000
> close(3)                                = 0
> mprotect(0xb7a76000, 4096, PROT_READ)   = 0
> open("/usr/lib/gconv/UTF-16.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
> \4\0\0004\0\0\0P"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=11174, ...}) = 0
> mmap2(NULL, 12328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7a70000
> mmap2(0xb7a72000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7a72000
> close(3)                                = 0
> mprotect(0xb7a72000, 4096, PROT_READ)   = 0
> brk(0xb7ffc000)                         = 0xb7ffc000
> brk(0xb8024000)                         = 0xb8024000
> brk(0xb8045000)                         = 0xb8045000
> open("/usr/local/samba/lib/valid.dat", O_RDONLY|O_LARGEFILE) = 3
> mmap2(NULL, 65536, PROT_READ, MAP_SHARED, 3, 0) = 0xb7a60000
> close(3)                                = 0
> socket(PF_NETLINK, SOCK_RAW, 0)         = 3
> bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
> getsockname(3, {sa_family=AF_NETLINK, pid=7687, groups=00000000}, [12]) = 0
> time(NULL)                              = 1423709100
> sendto(3, "\24\0\0\0\22\0\1\3\254\23\334T\0\0\0\0\0\0\0\0"..., 20, 0,
> {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"\354\0\0\0\20\0\2\0\254\23\334T\7\36\0\0\0\0\4\3\1\0\0\0I\0\1\0\0\0\0\0\7"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 480
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"\24\0\0\0\3\0\2\0\254\23\334T\7\36\0\0\0\0\0\0\1\0\0\0I\0\1\0\0\0\0\0\7"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
> sendto(3, "\24\0\0\0\26\0\1\3\255\23\334T\0\0\0\0\0\0\0\0"..., 20, 0,
> {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"0\0\0\0\24\0\2\0\255\23\334T\7\36\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"@\0\0\0\24\0\2\0\255\23\334T\7\36\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0\0"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"\24\0\0\0\3\0\2\0\255\23\334T\7\36\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0\0"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
> close(3)                                = 0
> socket(PF_NETLINK, SOCK_RAW, 0)         = 3
> bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
> getsockname(3, {sa_family=AF_NETLINK, pid=7687, groups=00000000}, [12]) = 0
> time(NULL)                              = 1423709100
> sendto(3, "\24\0\0\0\26\0\1\3\254\23\334T\0\0\0\0\0\0\0\0"..., 20, 0,
> {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"0\0\0\0\24\0\2\0\254\23\334T\7\36\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"@\0\0\0\24\0\2\0\254\23\334T\7\36\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0\0"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
> msg_iov(1)=[{"\24\0\0\0\3\0\2\0\254\23\334T\7\36\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0\0"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
> close(3)                                = 0
> getpid()                                = 7687
> lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
> socket(PF_FILE, SOCK_STREAM, 0)         = 3
> fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
> fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
> fcntl64(3, F_GETFD)                     = 0
> fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
> connect(3, {sa_family=AF_FILE, path="/tmp/.winbindd/pipe"...}, 110) = 0
> select(4, [3], NULL, NULL, {0, 0})      = 0 (Timeout)
> write(3,
> "0\10\0\0\0\0\0\0\0\0\0\0\7\36\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 2096) = 2096
> select(4, [3], NULL, NULL, {5, 0})      = 1 (in [3], left {4, 999997})
> read(3,
> "\250\r\0\0\2\0\0\0\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 3496) = 3496
> close(3)                                = 0
> stat64("/usr/local/samba/lib/en_US.msg", {st_mode=S_IFREG|0644,
> st_size=10533, ...}) = 0
> stat64("/usr/local/samba/var/locks", {st_mode=S_IFDIR|0755, st_size=4096,
> ...}) = 0
> open("/usr/local/samba/var/locks/lang_en_US.tdb",
> O_RDWR|O_CREAT|O_LARGEFILE, 0644) = 3
> fcntl64(3, F_GETFD)                     = 0
> fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
> fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1},
> 0xbfaac374) = 0
> read(3, "TDB file\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0m"..., 168)
> = 168
> fstat64(3, {st_mode=S_IFREG|0644, st_size=12288, ...}) = 0
> mmap2(NULL, 12288, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0xb7a5d000
> fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1},
> 0xbfaac374) = 0
> fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=240, len=1},
> 0xbfaac314) = 0
> fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=240, len=1},
> 0xbfaac384) = 0
> fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=460, len=1},
> 0xbfaac424) = 0
> fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=460, len=1},
> 0xbfaac464) = 0
> fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0xb7a5c000
> write(1, "Ping to winbindd failed\n"..., 24) = 24
> fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=284, len=1},
> 0xbfaac424) = 0
> fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=284, len=1},
> 0xbfaac464) = 0
> write(2, "could not ping winbindd!\n"..., 25) = 25
> exit_group(1)                           = ?
> ---
>
> Many thanks in advance for any assistance that might be offered as I unravel
> things.
>
> Again, the PDC has been working for some time, and I just didn't expect any
> issues in doing this migration...yet here we are. And what concerns me is
> that failed wbinfo leads me to believe something has been wrong for a
> time,but for whatever reason I've not encountered it. And that's not very
> encouraging :(
>
>
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Problems-in-SAMBA-3-3-to-4-0-migration-tp4680653p4680684.html
> Sent from the Samba - General mailing list archive at Nabble.com.

Nothing really jumps out from your smb.conf files.
I take it for granted that winbind is running on the new BDC, you could
try turning these lines off:

    server role = classic backup domain controller
    interfaces = 10.10.10.0/24 127.0.0.1/255.0.0.0
    hosts allow = 10.10.10.0/24 127.0.0.1
    bind interfaces only = yes

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
I'll certainly give that a try this evening, Rowland. Thank you for the suggestion and review.

What concerns me about the wbinfo issue on the existing PDC is that there's really no rationale for it *not* to work. Almost makes me wonder if there's some red herring at hand, a mismatched library (granted the failure would likely be different). Part of me is thinking about upgrading the existing 3.3.4 in place to a later 3.x -series version that might clean up such a problem, *then* try the migration.

Just don't want to disable the existing, working domain in the process - which would more or less defeat the purpose of the exercise in the first place :)


Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

Rowland Penny-5
On 12/02/15 18:42, soonerdave wrote:

> I'll certainly give that a try this evening, Rowland. Thank you for the
> suggestion and review.
>
> What concerns me about the wbinfo issue on the existing PDC is that there's
> really no rationale for it *not* to work. Almost makes me wonder if there's
> some red herring at hand, a mismatched library (granted the failure would
> likely be different). Part of me is thinking about upgrading the existing
> 3.3.4 in place to a later 3.x -series version that might clean up such a
> problem, *then* try the migration.
>
> Just don't want to disable the existing, working domain in the process -
> which would more or less defeat the purpose of the exercise in the first
> place :)
>
>
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Problems-in-SAMBA-3-3-to-4-0-migration-tp4680653p4680722.html
> Sent from the Samba - General mailing list archive at Nabble.com.

If you can upgrade to a later version, then this would be a wise move.
It would also be wise to try anything else on a test machine, the last
thing you need is a broken domain.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
No broken domains!! That's for sure.

Actually, I am leaning toward abandoning the "migration" effort as much as just replacing the server (as noted in the upgrade section of the Samba Guides) by manually copying the relevant files to the new SAMBA server. I'm beginning to realize that if whatever is broken is actually broken on the server I plan to retire, then time spent fixing it is in some measure wasted other than in gaining the knowledge of what went wrong.

I will still spend some time on the migration tonight, but wholesale, manual replacement isn't far off the horizon. :)
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
One thing I discovered that may or may not be an element of some of these problems...

I was inspecting the contents of my secrets.tdb file, and was observing the values stored in the AUTH_USER and AUTH_PASSWORD entries. The AUTH_PASSWORD stored is not correct for that AUTH_USER on that machine, which obviously is a potential problem. However, my reading indicates that these values generally relate to the value stored for LDAP updates, and there is no LDAP component in my situation. So, while it's wrong, I'm not sure it's relevant. Are there other situations where this user/pw combination is used?


Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
In reply to this post by soonerdave
* sigh * this is becoming an exercise in frustration.

* Performing a direct migration of my Samba 3.3.4 box by copying .tdb and related files to the new machine looks like a non-starter, as the group_mappings file went from an ldb to a .tdb format, and it appears the only conversion occurs during an in-place version upgrade.

* The next step, it appears, looks to be some sort of upgrade to the *existing* 3.3.4 box to a later Samba incarnation. That *might* solve what I think now is a dependency issue that's subsequently caused wbinfo to stop working entirely. It *might* also solve whatever SMB signing issue is preventing net rpc vampire from working on the BDC.

* Given the age of the setup, are there recommended "increments" for upgrading a 3.3.4 setup? Or should I be able to go to at least 3.6 (the last 3.x series release) directly in place without much risk?

-David


 
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
Update

I did update my Samba 3.3.4 PDC to 3.6.24 after MUCH grief, overcoming (at least) two library incompatibilities PLUS recalling the dusty old memories that if you start with Slackware, you use Slack's samba installer, not the source from Samba itself.

I've fixed two library problems with libtalloc and libwbclient that prevented smbd from starting (with a Signal 6 - hard crash). It now starts...but my original problem between wbinfo and winbindd persists. I think there's a similar library problem going on here that's causing wbinfo to break off the pipe back to winbindd when it requests...anything. Ironically, wbinfo from my new BDC works just fine. But I still can't vampire. This library issue may be at hand with my "Segmentation Fault" when trying to do the vampire. Not sure, but if anyone has any suggestions in that regard, I'd sure appreciate the boost.  I've read additional non-Slackware posts indicating a problem between wbinfo and libwbclient versions, so I'm suspecting I've introduced that issue here, but now I'm just too tired to sort through it any more for now.

Been working on this all day, and my brain is toast, and I realize my situation may be so specific there's no way anyone could really offer much insight, but if for no other reason I thought I'd update this thread and at least try to document what I've done.

Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

Rowland Penny-5
On 15/02/15 04:41, soonerdave wrote:

> Update
>
> I did update my Samba 3.3.4 PDC to 3.6.24 after MUCH grief, overcoming (at
> least) two library incompatibilities PLUS recalling the dusty old memories
> that if you start with Slackware, you use Slack's samba installer, not the
> source from Samba itself.
>
> I've fixed two library problems with libtalloc and libwbclient that
> prevented smbd from starting (with a Signal 6 - hard crash). It now
> starts...but my original problem between wbinfo and winbindd persists. I
> think there's a similar library problem going on here that's causing wbinfo
> to break off the pipe back to winbindd when it requests...anything.
> Ironically, wbinfo from my new BDC works just fine. But I still can't
> vampire. This library issue may be at hand with my "Segmentation Fault" when
> trying to do the vampire. Not sure, but if anyone has any suggestions in
> that regard, I'd sure appreciate the boost.  I've read additional
> non-Slackware posts indicating a problem between wbinfo and libwbclient
> versions, so I'm suspecting I've introduced that issue here, but now I'm
> just too tired to sort through it any more for now.
>
> Been working on this all day, and my brain is toast, and I realize my
> situation may be so specific there's no way anyone could really offer much
> insight, but if for no other reason I thought I'd update this thread and at
> least try to document what I've done.
>
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Problems-in-SAMBA-3-3-to-4-0-migration-tp4680653p4680891.html
> Sent from the Samba - General mailing list archive at Nabble.com.

I wonder if your problems are being caused by the use of the smbpasswd
passdb ?

If you examine 'man smb.conf' for 3.6, you will find this (under 'passdb
backend') :

            • smbpasswd - The old plaintext passdb backend. Some Samba
                features will not work if this passdb backend is used.

Perhaps if you migrate to tdbsam it will work, not sure because I have
never had to do it, but it is worth trying in a test setup, I believe
that you can do this with pdbedit.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
Rowland

I had a bit of success last night. I didn't *think* I'd changed any library references, but I think by accident I did - while comparing library references between strace dumps of winbindd and wbinfo and noticing some different links to libwbclient.so.0, I tried some temporary symlinks to one of two different versions I found, but wbinfo just aborted on startup. When I undid those symlinks and restarted winbindd, wbinfo started working!

I don't know if I should be pleased that it works or scared at an accidental fix!

Assuming my current state survives a restart, I have only one remaining issue - the net rpc vampire still isn't working from the BDC. That still leads to machine credential check failures in the BDC-specific logs on the PDC host. With winbindd seemingly happy, have to assume there's something encryption related going on there. Still getting the hard seg fault after vampire.
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
In reply to this post by Rowland Penny-5
Here's where I am on this...

I gave up trying the net rpc vampire. No matter what I tried, I could not overcome the seg fault. I would get blank results for net rpc samdump as well. I manually copied my smbpasswd and groups files and manually added the mappings.

In the midst of this, however, something more immediate and concerning arose. Every machine in my domain os now failing a machine credential check. The logs show rejected credentials for my new BDC and all my other Win7 Pro clients. Trouble is the smbpasswd files are unchanged from their originals, so I know the machine account passwords haven't changed, and surely the password for my new BDC hasn"t expired already. So that suggests to me I've changed a setting in smb.conf that's affected machine credential authentication. The question is what??

Users are logging in with cached credentials from these machines, so for now I'm ok, but I fear I"m on borrowed time. What on earth might be a suspect for the credential check failures?? Sure smells to me like a session encryption or signature problem causing wrong values to be computed, but I'm just not sure where the most likely suspect is. If I can get past this, I'll be happy.

Thanks in advance.

Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
In reply to this post by Rowland Penny-5
Roland (and any others who are still following this)

I had an epiphany earlier today (that I cannot immediately test) that may explain my situation regarding my domain's various machine accounts suddenly no longer authenticating properly (credential check failing). I'd appreciate a sanity check on the theory.

When I built my Samba 4.1 BDC, net rpc joindomain worked against the existing PDC. However, *at the time I added it*, my PDC was Samba 3.3.4. I then updated the 3.3.4 box to 3.6.24, and *now * observe client machines (including my new BDC) whose credential checks are failing. I believe there is a default higher level of security under 3.6.24 that is affecting session negotiation, or security protocol, that in turn is causing the credential checks to fail. Would this not be related to possibly secure channel communication or encryption bit length - anything that might cause checksum calculations to change by virtue of the change in SAMBA versions? (Thinking in terms of ntlm_auth, schannel security settings in smb.conf that might have changed, etc).

Sorry if this doesn't make a great deal of sense at this point, I'm writing this in a hurry and it probably isn't as polished as I'd like.

Thanks for any thoughts.

Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
In reply to this post by soonerdave
Trying to browse the shares on my Samba 4.1 BDC, and I get "NT_STATUS_ACCESS_DENIED"

Machine-specific server logs for the connection attempt show an attempt to hit the IPC$ share, which fails:

"[2015/02/17 20:45:23.930969,  1] ../source3/smbd/process.c:1508(switch_message)  service[IPC$] requires encryptionSMBtdis ACCESS_DENIED. mid=6"

I've tried to figure out how this particular variety of SMB encryption is turned on/configured, or at least which version of the protocol it's tied to, to no avail. Any pointers?

-David
 
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
In reply to this post by soonerdave
***** SUCCESS *****

After nearly a week of wrangling with this annoying and frustrating issue, I'm delighted to report that I finally have EVERYTHING working. I was on the cusp of giving up, but some diligent reading, lots and lots of testing, and some long evenings finally paid off.  I know this thread is kinda buried now by virtue of its age, but I wanted to highlight the problems I had and offer the solution in the event someone else comes along with similar issues:

1. Periodic message indicating machine credential failures on the PDC.


Thinking initially that a password change had taken place, and given that my local profile is too huge to risk losing via a machine/domain rejoin, I took the drastic step of actually dumping the hashes of my own laptop, and found out they matched those stored in my PDC smbpasswd file. I then realize a protocol issue had to be at hand. Turns out it was a really dumb one that's been wrong a long time:

HKLM\System\CCS\Services\Netlogon\Parameters\RequireStrongKey was set to 0, and should be 1.

After restarting NETLOGON, I was able to use the NLTEST tool to reset the secure channel between the machine and the PDC, which causes the machine to reauthenticate. Bingo. Problem solved.

2. Samba 3.6.24 PDC and Win7 clients cannot browse Samba 4.0 shares


This one was really giving me fits. It was a bugzilla log found at https://bugzilla.samba.org/show_bug.cgi?id=10167 that finally turned on the light: I had configured the Samba 4.1.0 box to turn on SMB encryption and server signing, and given that Win7 and Samba 3.6.x can't go beyond SMB2, any client browsing from those boxes back to the Samba 4.1 box was doomed. Reset those two settings, and voila, everyone can now browse everyone else's shares!!!!

This also explained the 'service[IPC$] requires encryptionSMBtdis ACCESS_DENIED' errors in my 4.1 logs - it was telling me precisely what was wrong, and I didn't quite recognize it.

3. NET RPC VAMPIRE failures - probably resolved


I ended up manually copying my smbpasswd and /etc/group files, then manually recreating the group maps because I couldn't get the vampire to work. Now that connections both ways appear to be working, I strongly suspect that this would, in fact, now work - but I don't want to risk upsetting the applecart as it is by trying it now. I'm reasonably sure it would work now, however.

Bottom line - I've got a good BDC up and running in a VM now, and just some minor tweaks are needed going forward. Thanks to all who at least read and certainly to Rowland for the help. Hope I can return the favor sometime.

-David
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

Andrew Bartlett
On Thu, 2015-02-19 at 22:06 -0800, soonerdave wrote:

> ***** SUCCESS *****
>
> After nearly a week of wrangling with this annoying and frustrating issue,
> I'm delighted to report that I finally have EVERYTHING working. I was on the
> cusp of giving up, but some diligent reading, lots and lots of testing, and
> some long evenings finally paid off.  I know this thread is kinda buried now
> by virtue of its age, but I wanted to highlight the problems I had and offer
> the solution in the event someone else comes along with similar issues:
>
> 1. Periodic message indicating machine credential failures on the PDC.
>
>
> Thinking initially that a password change had taken place, and given that my
> local profile is too huge to risk losing via a machine/domain rejoin, I took
> the drastic step of actually dumping the hashes of my own laptop, and found
> out they matched those stored in my PDC smbpasswd file. I then realize a
> protocol issue had to be at hand. Turns out it was a really dumb one that's
> been wrong a long time:
>
> HKLM\System\CCS\Services\Netlogon\Parameters\RequireStrongKey was set to 0,
> and should be 1.
>
> After restarting NETLOGON, I was able to use the NLTEST tool to reset the
> secure channel between the machine and the PDC, which causes the machine to
> reauthenticate. Bingo. Problem solved.

This is interesting.  We did upgrade the security requirements with
Samba 4.1 by default.  It is odd the RequreStrongKey actually forces
*down* what Windows will do.

> 2. Samba 3.6.24 PDC and Win7 clients cannot browse Samba 4.0 shares
>
>
> This one was really giving me fits. It was a bugzilla log found at
> https://bugzilla.samba.org/show_bug.cgi?id=10167 that finally turned on the
> light: I had configured the Samba 4.1.0 box to turn on SMB encryption and
> server signing, and given that Win7 and Samba 3.6.x can't go beyond SMB2,
> any client browsing from those boxes back to the Samba 4.1 box was doomed.
> Reset those two settings, and voila, everyone can now browse everyone else's
> shares!!!!
>
> This also explained the 'service[IPC$] requires encryptionSMBtdis
> ACCESS_DENIED' errors in my 4.1 logs - it was telling me precisely what was
> wrong, and I didn't quite recognize it.
>
> 3. NET RPC VAMPIRE failures - /probably/ resolved
>
>
> I ended up manually copying my smbpasswd and /etc/group files, then manually
> recreating the group maps because I couldn't get the vampire to work. Now
> that connections both ways appear to be working, I strongly suspect that
> this would, in fact, now work - but I don't want to risk upsetting the
> applecart as it is by trying it now. I'm reasonably sure it would work now,
> however.
>
> Bottom line - I've got a good BDC up and running in a VM now, and just some
> minor tweaks are needed going forward. Thanks to all who at least read and
> certainly to Rowland for the help. Hope I can return the favor sometime.

'net rpc vampire' will never work against a Samba DC.  We never
implemented a sever-side for the SamSync (NETLOGON replication between
and NT4-style PDC and BDC) protocol.  

This is different to AD replication which uses DRSUAPI, and that we do
implement client and server side.

Thanks,

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
>> After restarting NETLOGON, I was able to use the NLTEST tool to reset the
>> secure channel between the machine and the PDC, which causes the machine to
>> reauthenticate. Bingo. Problem solved.

>This is interesting.  We did upgrade the security requirements with
>Samba 4.1 by default.  It is odd the RequreStrongKey actually forces
>*down* what Windows will do.

I think this may have been a legacy setting from some early but errant "in the wild" configuration information for Win7/Pro clients against a Samba PDC. Now, I remember from my logs in all this always seeing my DC negotiate a 128-bit key even with RSK=0 in Windows, but I wonder if Windows did it's part of the authentication dance errantly assuming the shorter key length (even though 128-bit had supposedly been negotiated). Would at least explain the authentication failure. I'm probably way the heck out there, totally off base, but just speculating on the situation. That said, it appeared that prior to my tinkering with the PDC for this project, machine account passwords were routinely being changed without incident when I had RSK=0. The LCT date for my own laptop was, IIRC, about 10 days ago, and this laptop has been in my domain for nearly 3 years.

>'net rpc vampire' will never work against a Samba DC.  We never
>implemented a sever-side for the SamSync (NETLOGON replication between
>and NT4-style PDC and BDC) protocol.  

Argh!! Then that one is totally on me for not reading the documentation more carefully.
Reply | Threaded
Open this post in threaded view
|

Re: Problems in SAMBA 3.3 to 4.0 migration

soonerdave
In reply to this post by Andrew Bartlett
Andrew,

Out of curiosity based on your last reply, I did a bit of snooping about the RequireStrongKey behavior and found what I think is precisely the situation that drove this problem for me, discussed at length between the Samba dev team and some MS engineers some years ago:

https://bugzilla.samba.org/show_bug.cgi?id=6099

If I read this thread correctly, there was some issue just prior to the 3.4 release way back when about how Samba and Windows 7 betas were exchanging protocol negotiation information, and this very issue (RSK) was central to the discussion. Under 3.3.4, RSK=0 implied a 64-bit protocol negotiation key and worked for Win7 clients. The fix for the errant negotiation flags exchange led to a release of Samba 3.4 that broke existing Win7 clients when upgraded from 3.3.4 environments.

This matches my situation almost perfectly, because my PDC was Samba 3.3.4 when this project of mine started. I migrated directly to 3.6.24 in the hopes of solving an unrelated library incompatibility issue. By the time 3.6 was released, it was well-established that RSK should be 1 for Win7 clients, and mine weren't, so for my situation the mere installation of 3.6.24 introduced this situation for me. That explains (at least I think it does :) ) why setting RSK=1 fixed the problem.