Code:
Jan 22 08:43:10 ph3-archive01 smbd[58030]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed
This error occurs after a while when accessing a CIFS share on FreeNAS.
Configuration Details:
- Supermicro Chassis with X10SLM+-LN4F
- Intel E3-1241v3 processor
- 16GB RAM
- 4x 6TB WD Red
- FreeNAS version: FreeNAS-9.3-STABLE-201601181840
- FreeNAS is linked to AD domain corp.local
- FreeNAS AD user is "freenas"
- FreeNAS AD password is 32 characters long, alphanumeric, no extra character types
- Dataset configured for Windows permissions
- Dataset user set to corp\veeambackup
- Dataset group set to corp\storage admins
- User balmerc is a member of corp\storage admins
- Default CIFS share settings
- CIFS service set to SMB2 and also tried SMB3
Diagnostic Tool Checks
Code:
[root@ph3-archive01] ~# wbinfo -t
checking the trust secret for domain CORP via RPC calls succeeded
[root@ph3-archive01] ~# wbinfo -u | grep balmerc
corp\balmerc
[root@ph3-archive01] ~# wbinfo -g | grep storage
corp\storage admins
[root@ph3-archive01] ~# wbinfo -s S-1-5-21-2090951631-4114697917-3468598393-1107
corp\balmerc 1
[root@ph3-archive01] ~# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: freenas@CORP.LOCAL
Issued Expires Principal
Jan 22 08:54:19 Jan 22 18:54:19 krbtgt/CORP.LOCAL@CORP.LOCAL
Jan 22 08:54:43 Jan 22 18:54:19 cifs/vs011101.corp.local@CORP.LOCAL
Jan 22 08:54:50 Jan 22 18:54:19 ldap/vs011101.corp.local@CORP.LOCALLogs
Code:
Jan 22 10:57:06 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: /usr/local/bin/net -d 0 getlocalsid Jan 22 10:57:06 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc' Jan 22 10:57:06 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: klist Jan 22 10:57:08 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: mount Jan 22 10:57:08 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: /usr/local/bin/net -d 0 getlocalsid Jan 22 10:57:09 ph3-archive01 notifier: Performing sanity check on Samba configuration: OK Jan 22 10:57:09 ph3-archive01 notifier: Starting nmbd. Jan 22 10:57:09 ph3-archive01 notifier: Starting smbd. Jan 22 10:57:09 ph3-archive01 nmbd[12604]: [2016/01/22 10:57:09.153410, 0] ../lib/util/become_daemon.c:136(daemon_ready) Jan 22 10:57:09 ph3-archive01 notifier: Starting winbindd. Jan 22 10:57:09 ph3-archive01 smbd[12608]: [2016/01/22 10:57:09.179281, 0] ../lib/util/become_daemon.c:136(daemon_ready) Jan 22 10:57:09 ph3-archive01 winbindd[12612]: [2016/01/22 10:57:09.753810, 0] ../lib/util/become_daemon.c:136(daemon_ready) Jan 22 10:57:30 ph3-archive01 smbd[12649]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed Jan 22 10:57:30 ph3-archive01 smbd[12666]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed Jan 22 10:57:36 ph3-archive01 smbd[12667]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed
Samba Config
Code:
[global]
server max protocol = SMB3
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 469946
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
acl allow execute always = true
acl check permissions = true
dos filemode = yes
multicast dns register = yes
domain logons = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
netbios name = PH3-ARCHIVE01
workgroup = CORP
realm = CORP.LOCAL
security = ADS
client use spnego = yes
cache directory = /var/tmp/.cache/.samba
local master = no
domain master = no
preferred master = no
ads dns update = yes
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = no
winbind refresh tickets = yes
idmap config CORP: backend = rid
idmap config CORP: range = 20000-90000000
allow trusted domains = no
client ldap sasl wrapping = plain
template shell = /bin/sh
template homedir = /home/%D/%U
pid directory = /var/run/samba
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
[Veeam]
path = /mnt/ph3-archive01/Veeam
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
vfs objects = zfs_space zfsacl aio_pthread streams_xattr
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcareI've had this exact issue before (a year ago) and I ended up just dropping it from the AD domain and using a local account for Veeam. At the time I was only using it to store backups anyways and local authentication works flawless. However we are looking to expand the use of FreeNAS and one of them is for small offices with users accessing it. This box is my test box for a Veeam rollout and so I'm using it to test getting AD working as well now.
I have to assume I am overlooking something since I don't see any reports of this problem except for a year or so ago and the solution was integrated into a patch prior to 9.3.
