Code:
Jan 22 08:43:10 ph3-archive01 smbd[58030]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed
This error occurs after a while when accessing a CIFS share on FreeNAS.
Configuration Details:
- Supermicro Chassis with X10SLM+-LN4F
- Intel E3-1241v3 processor
- 16GB RAM
- 4x 6TB WD Red
- FreeNAS version: FreeNAS-9.3-STABLE-201601181840
- FreeNAS is linked to AD domain corp.local
- FreeNAS AD user is "freenas"
- FreeNAS AD password is 32 characters long, alphanumeric, no extra character types
- Dataset configured for Windows permissions
- Dataset user set to corp\veeambackup
- Dataset group set to corp\storage admins
- User balmerc is a member of corp\storage admins
- Default CIFS share settings
- CIFS service set to SMB2 and also tried SMB3
Diagnostic Tool Checks
Code:
[root@ph3-archive01] ~# wbinfo -t checking the trust secret for domain CORP via RPC calls succeeded [root@ph3-archive01] ~# wbinfo -u | grep balmerc corp\balmerc [root@ph3-archive01] ~# wbinfo -g | grep storage corp\storage admins [root@ph3-archive01] ~# wbinfo -s S-1-5-21-2090951631-4114697917-3468598393-1107 corp\balmerc 1 [root@ph3-archive01] ~# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: freenas@CORP.LOCAL Issued Expires Principal Jan 22 08:54:19 Jan 22 18:54:19 krbtgt/CORP.LOCAL@CORP.LOCAL Jan 22 08:54:43 Jan 22 18:54:19 cifs/vs011101.corp.local@CORP.LOCAL Jan 22 08:54:50 Jan 22 18:54:19 ldap/vs011101.corp.local@CORP.LOCAL
Logs
Code:
Jan 22 10:57:06 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: /usr/local/bin/net -d 0 getlocalsid Jan 22 10:57:06 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc' Jan 22 10:57:06 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: klist Jan 22 10:57:08 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: mount Jan 22 10:57:08 ph3-archive01 generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: /usr/local/bin/net -d 0 getlocalsid Jan 22 10:57:09 ph3-archive01 notifier: Performing sanity check on Samba configuration: OK Jan 22 10:57:09 ph3-archive01 notifier: Starting nmbd. Jan 22 10:57:09 ph3-archive01 notifier: Starting smbd. Jan 22 10:57:09 ph3-archive01 nmbd[12604]: [2016/01/22 10:57:09.153410, 0] ../lib/util/become_daemon.c:136(daemon_ready) Jan 22 10:57:09 ph3-archive01 notifier: Starting winbindd. Jan 22 10:57:09 ph3-archive01 smbd[12608]: [2016/01/22 10:57:09.179281, 0] ../lib/util/become_daemon.c:136(daemon_ready) Jan 22 10:57:09 ph3-archive01 winbindd[12612]: [2016/01/22 10:57:09.753810, 0] ../lib/util/become_daemon.c:136(daemon_ready) Jan 22 10:57:30 ph3-archive01 smbd[12649]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed Jan 22 10:57:30 ph3-archive01 smbd[12666]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed Jan 22 10:57:36 ph3-archive01 smbd[12667]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsSID S-1-5-21-2090951631-4114697917-3468598393-1107 -> getpwuid(21107) failed
Samba Config
Code:
[global] server max protocol = SMB3 encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 469946 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody map to guest = Bad User obey pam restrictions = yes directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g server string = FreeNAS Server ea support = yes store dos attributes = yes lm announce = yes acl allow execute always = true acl check permissions = true dos filemode = yes multicast dns register = yes domain logons = no idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = member server netbios name = PH3-ARCHIVE01 workgroup = CORP realm = CORP.LOCAL security = ADS client use spnego = yes cache directory = /var/tmp/.cache/.samba local master = no domain master = no preferred master = no ads dns update = yes winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = no winbind refresh tickets = yes idmap config CORP: backend = rid idmap config CORP: range = 20000-90000000 allow trusted domains = no client ldap sasl wrapping = plain template shell = /bin/sh template homedir = /home/%D/%U pid directory = /var/run/samba create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP437 unix charset = UTF-8 log level = 1 [Veeam] path = /mnt/ph3-archive01/Veeam printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes vfs objects = zfs_space zfsacl aio_pthread streams_xattr hide dot files = yes guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare
I've had this exact issue before (a year ago) and I ended up just dropping it from the AD domain and using a local account for Veeam. At the time I was only using it to store backups anyways and local authentication works flawless. However we are looking to expand the use of FreeNAS and one of them is for small offices with users accessing it. This box is my test box for a Veeam rollout and so I'm using it to test getting AD working as well now.
I have to assume I am overlooking something since I don't see any reports of this problem except for a year or so ago and the solution was integrated into a patch prior to 9.3.