Project

General

Profile

Bug #77629

SMB Refuses to start with LDAP enabled

Added by Bug Clerk over 1 year ago. Updated over 1 year ago.

Status:
Done
Priority:
No priority
Assignee:
Andrew Walker
Category:
Services
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

We currently have a simple setup with a single samba mount with authentication against an OpenLDAP server, the FreeNAS server has read-only access. But since I upgraded to 11.2-U2 from 11.2-U1 SMB refuses to start while LDAP is enabled.

It exits with the following logs:

[2019/02/21 07:59:28.125844,  2] ../source3/param/loadparm.c:2807(lp_do_section)
  Processing section "[timemachine]" 
[2019/02/21 07:59:28.126235,  2] ../source3/lib/interface.c:345(add_interface)
  added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
[2019/02/21 07:59:28.126262,  2] ../source3/lib/interface.c:345(add_interface)
  added interface vlan350 ip=172.19.10.150 bcast=172.19.255.255 netmask=255.255.0.0
[2019/02/21 07:59:28.126324,  1] ../source3/profile/profile_dummy.c:30(set_profile_level)
  INFO: Profiling support unavailable in this build.
[2019/02/21 07:59:28.127535,  2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info)
  smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=REDACTED))]
[2019/02/21 07:59:28.159375,  2] ../source3/lib/smbldap.c:847(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2019/02/21 07:59:28.264139,  2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info)
  smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=REDACTED))]
[2019/02/21 07:59:28.271122,  2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info)
  smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=REDACTED))]
[2019/02/21 07:59:28.273699,  2] ../source3/lib/smbldap.c:847(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2019/02/21 07:59:28.284080,  2] ../source3/lib/smbldap.c:847(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2019/02/21 07:59:28.343186,  2] ../source3/lib/smbldap.c:847(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2019/02/21 07:59:28.418702,  0] ../source3/groupdb/mapping.c:863(pdb_create_builtin_alias)
  pdb_create_builtin_alias: Could not add group mapping entry for alias 544 (NT_STATUS_ACCESS_DENIED)
[2019/02/21 07:59:28.418824,  2] ../source3/auth/token_util.c:713(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind allocate gids?
[2019/02/21 07:59:28.461250,  0] ../source3/groupdb/mapping.c:863(pdb_create_builtin_alias)
  pdb_create_builtin_alias: Could not add group mapping entry for alias 545 (NT_STATUS_ACCESS_DENIED)
[2019/02/21 07:59:28.461287,  2] ../source3/auth/token_util.c:732(finalize_local_nt_token)
  WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2019/02/21 07:59:28.502320,  0] ../source3/groupdb/mapping.c:863(pdb_create_builtin_alias)
  pdb_create_builtin_alias: Could not add group mapping entry for alias 546 (NT_STATUS_ACCESS_DENIED)
[2019/02/21 07:59:28.502426,  2] ../source3/auth/token_util.c:774(finalize_local_nt_token)
  Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED!  Can Winbind allocate gids?
[2019/02/21 07:59:28.502477,  0] ../source3/auth/auth_util.c:1382(make_new_session_info_guest)
  create_local_token failed: NT_STATUS_ACCESS_DENIED
[2019/02/21 07:59:28.502530,  0] ../source3/smbd/server.c:2000(main)
  ERROR: failed to setup guest info.

The issue can be "fixed" by using a write-allowed user for the LDAP bind, this is only required once but this is quite unclear. This should be at least a caveat in the upgrade notes, or a different solution (Like a downloadable LDIF) should be provided.


Related issues

Copied from FreeNAS - Bug #76269: Fix guest account intialization in read-only LDAP environmentsDone

History

#1 Updated by Bug Clerk over 1 year ago

  • Copied from Bug #76269: Fix guest account intialization in read-only LDAP environments added

#2 Updated by Bug Clerk over 1 year ago

  • Target version changed from Master - FreeNAS Nightlies to 11.3-BETA1

#3 Updated by Bug Clerk over 1 year ago

  • Status changed from Unscreened to In Progress

#4 Updated by Bug Clerk over 1 year ago

  • Status changed from In Progress to Ready for Testing

#5 Updated by Dru Lavigne over 1 year ago

  • Status changed from Ready for Testing to Done
  • Target version changed from 11.3-BETA1 to Master - FreeNAS Nightlies
  • Needs QA changed from Yes to No
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

Also available in: Atom PDF