NethServer Version: 7.9.2009
Module: File Server, AD
Hello,
I’m having some problems with File Server on Nethserver.
The server is fully updated, was working without any problem.
Today, we lost access to the shared folders, everything else is working correctly.
Not even admin can login to the shared folders.
The error on neth log is: “…/source3/smbd/uid.c:448(change_to_user_internal)”
Already checked permissions, reset permissions on all folders but it doesn’t fix the issue.
Tryed several solutions proposed on other threads but with no success.
After rebooting nethserver shared folders work for up to 5 minutes but returns to not working after that.
Tryed with every folder and every user, always with the same result.
I’m stuck at this point, any help would be awesome
dnutan
(Marc)
July 19, 2021, 9:22pm
2
Do the related services keep running when access is not allowed?
systemctl status -l smb nmb winbind
ls -hal /var/lib/nethserver/ibay/
3 Likes
sssd status all nominal altough there is a warning "Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing.
Sorry you’re right,
At this point any red lettering i identify as an error
its really weird behavior, keep getting this on the logs but can’t really understand why is happening
[2021/07/20 22:07:36.490699, 0] …/…/source3/smbd/uid.c:448(change_to_user_internal)
PRIORITY 3
SYSLOG_FACILITY 3
SYSLOG_IDENTIFIER smbd
SYSLOG_PID 7425
_BOOT_ID 51707200932846adb24293cea4cdc9e7
_CAP_EFFECTIVE 0
_CMDLINE /usr/sbin/smbd --foreground --no-process-group
_COMM smbd
_EXE /usr/sbin/smbd
_GID 0
_HOSTNAME server.domain.com
_MACHINE_ID dfdd62ba98f74fd7b8881d7820af0fc7
_PID 7425
_SOURCE_REALTIME_TIMESTAMP 1626815256490794
_SYSTEMD_CGROUP /user.slice/user-1526201112.slice/session-c1231.scope
_SYSTEMD_OWNER_UID 1526201112
_SYSTEMD_SESSION c1231
_SYSTEMD_SLICE user-1526201112.slice
_SYSTEMD_UNIT session-c1231.scope
_TRANSPORT syslog
_UID 1526201112
__CURSOR s=b06ad3e2655d421b8eddd485d75edc11;i=399d9;b=51707200932846adb24293cea4cdc9e7;m=189c8ded79;t=5c794717a7540;x=ae6870845580e542
__MONOTONIC_TIMESTAMP 105705762169
__REALTIME_TIMESTAMP 1626815256491328
mrmarkuz
(Markus Neuberger)
July 20, 2021, 9:31pm
8
Please also check the status of the NethServer DC:
systemctl status nsdc -l
Everything looks fine
[root@server ~]# systemctl status nsdc -l
● nsdc.service - NethServer Domain Controller container
Loaded: loaded (/usr/lib/systemd/system/nsdc.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2021-07-20 21:51:17 WEST; 45min ago
Docs: man:systemd-nspawn(1)
Main PID: 6429 (systemd-nspawn)
Status: “Container running.”
CGroup: /machine.slice/nsdc.service
├─6429 /usr/bin/systemd-nspawn --quiet --keep-unit --boot --network-b ridge=br0 --machine=nsdc --capability=CAP_SYS_TIME
├─6478 /usr/lib/systemd/systemd
└─system.slice
├─samba.service
│ ├─ 6582 /usr/sbin/samba -i --debug-stderr
│ ├─ 6695 /usr/sbin/samba -i --debug-stderr
│ ├─ 6697 /usr/sbin/samba -i --debug-stderr
│ ├─ 6698 /usr/sbin/samba -i --debug-stderr
│ ├─ 6699 /usr/sbin/samba -i --debug-stderr
│ ├─ 6700 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 6702 /usr/sbin/samba -i --debug-stderr
│ ├─ 6703 /usr/sbin/samba -i --debug-stderr
│ ├─ 6704 /usr/sbin/samba -i --debug-stderr
│ ├─ 6706 /usr/sbin/samba -i --debug-stderr
│ ├─ 6707 /usr/sbin/samba -i --debug-stderr
│ ├─ 6709 /usr/sbin/samba -i --debug-stderr
│ ├─ 6710 /usr/sbin/samba -i --debug-stderr
│ ├─ 6711 /usr/sbin/samba -i --debug-stderr
│ ├─ 6714 /usr/sbin/samba -i --debug-stderr
│ ├─ 6715 /usr/sbin/winbindd -D --option=server role check:inhibit= yes --foreground
│ ├─ 6716 /usr/sbin/samba -i --debug-stderr
│ ├─ 6718 /usr/sbin/samba -i --debug-stderr
│ ├─ 6768 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 6769 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 6771 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 7700 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 7713 /usr/sbin/samba -i --debug-stderr
│ ├─21282 /usr/sbin/samba -i --debug-stderr
│ └─21287 /usr/sbin/samba -i --debug-stderr
├─console-getty.service
│ └─6570 /sbin/agetty --noclear --keep-baud console 115200,38400,96 00 vt220
├─dbus.service
│ └─6548 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─ntpd.service
│ └─6552 /usr/sbin/ntpd -u ntp:ntp -g
├─systemd-logind.service
│ └─6545 /usr/lib/systemd/systemd-logind
└─systemd-journald.service
└─6494 /usr/lib/systemd/systemd-journald
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: [ OK ] Started Cleanup of Temporary Directories.
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: [ OK ] Started Login Servi ce.
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: [ OK ] Reached target Netw ork.
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: [ OK ] Started Samba domai n controller daemon.
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: [ OK ] Reached target Mult i-User System.
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: [ OK ] Reached target Grap hical Interface.
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: Starting Update UTMP about S ystem Runlevel Changes…
Jul 20 21:51:17 server.domain.com systemd-nspawn[6429]: [ OK ] Started Update UTMP about System Runlevel Changes.
Jul 20 21:51:18 server.domain.com systemd-nspawn[6429]: CentOS Linux 7 (Core)
Jul 20 21:51:18 server.domain.com systemd-nspawn[6429]: Kernel 3.10.0-1160.31.1.el7. x86_64 on an x86_64
mrmarkuz
(Markus Neuberger)
July 20, 2021, 9:53pm
10
Let’s compare permissions:
[root@server2 ~]# ls -hal /var/lib/nethserver/ibay/
total 8.0K
drwxrwxr-x 4 root root 34 Mar 30 18:47 .
drwxr-xr-x. 26 root root 4.0K Sep 10 2020 ..
drwxrws---+ 7 root domain admins@domain.com 4.0K Jan 22 02:01 test22
Also look ok
total 200K
drwxrwxr-x 27 root root 4.0K Jul 19 17:08 .
drwxr-xr-x. 18 root root 4.0K Dec 15 2020 ..
drwxrws---+ 13 root domain admins@lcr.pt 4.0K Jun 24 12:24 Arquivo PHC
drwxrwsr-x+ 2 root domain admins@lcr.pt 10 Nov 30 2017 backups
drwxrws---+ 9 root tecnica@lcr.pt 191 Feb 27 14:49 BACKUPS PCS
drwxrws---+ 3 root domain users@lcr.pt 47 Oct 29 2019 COBLEX ARQUIVO
drwxrws---+ 3 root domain users@lcr.pt 135 Jul 20 15:12 COBLEX ENCOMENDAS CLI ENTES
drwxrws---+ 11 root domain users@lcr.pt 4.0K Nov 20 2020 COBLEX GERAL
drwxrws---+ 4 root domain users@lcr.pt 4.0K Apr 8 10:19 COBLEX LOGÍSTICA
drwxrwsr-x+ 5 root tecnica@lcr.pt 76 Jan 22 17:40 Documentos
drwxrwsr-x+ 3 root domain admins@lcr.pt 29 Nov 15 2017 emails
drwxrws---+ 7 root domain users@lcr.pt 4.0K Apr 22 10:56 GERENCIA
drwxrwsr-x+ 6 root domain users@lcr.pt 4.0K Jul 16 15:48 IDI
drwxrwsr-x+ 6 root domain users@lcr.pt 4.0K Jul 17 16:05 LABORATORIO COBLEX
drwxrwsr-x+ 16 root domain users@lcr.pt 4.0K Jul 14 10:50 LCR ETIQUETAS
drwxrwsr-x+ 9 root domain users@lcr.pt 4.0K Jul 6 14:25 LCR GERAL
drwxrwsr-x+ 2 root tecnica@lcr.pt 4.0K Jun 28 17:33 LOGISTICA
drwxrwsrwx 8 root domain users@lcr.pt 4.0K Apr 28 17:51 LOGOTIPOS
drwxrwsr-x+ 2 root domain users@lcr.pt 40K Aug 19 2017 ORDENS FABRICO PVC CO BLEX
drwxrws---+ 4 root domain users@lcr.pt 89 Jul 14 09:58 Produção TR
drwxrwsr-x+ 4 root coblex_users@lcr.pt 4.0K Jul 7 16:30 SCANNER COBLEX
drwxrwsr-x+ 2 root lcr_users@lcr.pt 4.0K Jul 19 12:32 SCANNER LCR
drwxrwsr-x+ 9 root domain users@lcr.pt 4.0K Jun 21 17:55 SISTEMA GESTAO QUALID ADE
drwxrwsr-x 6 root coblex_users@lcr.pt 110 Mar 16 2020 SUSANA
drwxrwsr-x+ 46 root domain users@lcr.pt 8.0K Jul 13 16:35 TC_JP
drwxrwsr-x+ 34 root domain users@lcr.pt 4.0K Oct 20 2020 VEDANTES
drwxrwsr-x+ 2 root domain users@lcr.pt 20K Jul 13 11:33 VEDANTES 2
mrmarkuz
(Markus Neuberger)
July 20, 2021, 10:07pm
12
Is it possible to connect locally with smbclient?
smbclient //localhost/backups -U admin -c ls
1 Like
locally i can connect without problem,
I will try to use another linux machine on the network to see if its only windows related
smbclient //localhost/backups -U admin -c ls
Enter DOMAIN\admin’s password:
. D 0 Thu Nov 30 11:35:19 2017
… D 0 Tue Jul 20 23:01:10 2021
2162434304 blocks of size 1024. 1754221816 blocks available
1 Like
mrmarkuz
(Markus Neuberger)
July 20, 2021, 10:29pm
14
Remote you may need to add the domain:
smbclient //<YOUR_NETH_IP>/backups -U admin@lcr.pt -c ls
As i expected, even with a ubuntu live vm, everything works as expected.
Tried to force a windows machine to use samba v1.5, i can list the folders but still no joy on accessing the files.
how can i check the version that nethserver-samba protocol is using?
mrmarkuz
(Markus Neuberger)
July 20, 2021, 11:10pm
16
You can check protocols with
testparm -v -s | grep proto
Do you use Windows 10 machines with latest updates?
@alpha_842
Hi
NethServer Samba works out of the box with the latest Win10 (and older versions.) Win7 also has no issues accessing NethServer / AD shares.
With AD issues in the past, I’ve had good success with removing the complete Account Provider configuration, then running a config backup to restore AD back to a working state…
Make sure you have a working backup AND a config backup first!
My 2 cents
Andy
1 Like