Bug 14135 - winbind fails to create a session; error code 1 after adding the interfaces
Summary: winbind fails to create a session; error code 1 after adding the interfaces
Status: REOPENED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.10.6
Hardware: All AIX
: P5 minor (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-19 19:57 UTC by Chris Lee
Modified: 2019-09-24 12:26 UTC (History)
0 users

See Also:


Attachments
compress file; krb5.conf; log.nmbd; log.winbindd; methods.cfg; nsswitch.conf & smb.conf (19.54 KB, application/zip)
2019-09-19 19:57 UTC, Chris Lee
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Lee 2019-09-19 19:57:15 UTC
Created attachment 15478 [details]
compress file; krb5.conf; log.nmbd; log.winbindd; methods.cfg; nsswitch.conf & smb.conf

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity

I followed the directions from the above website.

However, winbindd fails to initialize on my new server build with ADS support.  Stand alone SAMBA V4 works fine on the other two AIX systems.  The older V3 SAMBA is also functioning fine. 

Debug [-10] output; the complete log is attached.
interpret_interface: using netmask value 255.255.255.0 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="NRFVCLYDE"
interpret_interface: using netmask value 255.255.255.0 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
exit_daemon: daemon failed to start: Failed to create session, error code 1

with Si & d10 options;
interpret_interface: using netmask value 255.255.255.0 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="NRFVCLYDE"
interpret_interface: using netmask value 255.255.255.0 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
Process with PID=23789688 does not exist.
TimeInit: Serverzone is 14400
msg_dgm_ref_destructor: refs=0
messaging_dgm_ref: messaging_dgm_init returned Error 0
messaging_dgm_ref: unique = 15999726618317231583
Attempting to find a passdb backend to match tdbsam (tdbsam)
No builtin backend found, trying to load plugin
load_module_absolute_path: Probing module '/opt/freeware/lib/samba/pdb/tdbsam.so'
load_module_absolute_path: Module '/opt/freeware/lib/samba/pdb/tdbsam.so' loaded
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
initialize_winbindd_cache: clearing cache and re-creating with version number 2
Registering messaging pointer for type 33 - private_data=0
Registering messaging pointer for type 13 - private_data=0
Registering messaging pointer for type 1028 - private_data=0
Registering messaging pointer for type 1027 - private_data=0
Registering messaging pointer for type 1029 - private_data=0
Registering messaging pointer for type 1036 - private_data=0
Registering messaging pointer for type 1035 - private_data=0
Registering messaging pointer for type 1032 - private_data=0
Registering messaging pointer for type 1033 - private_data=0
Registering messaging pointer for type 1034 - private_data=0
Registering messaging pointer for type 1 - private_data=0
Overriding messaging pointer for type 1 - private_data=0
Registering messaging pointer for type 1038 - private_data=0
wcache_tdc_add_domain: Adding domain BUILTIN ((NULL)), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x1
pack_tdc_domains: Packing 1 trusted domains
pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
add_trusted_domain: Added domain [BUILTIN] [(NULL)] [S-1-5-32]
wcache_tdc_add_domain: Adding domain NRFVCLYDE ((NULL)), SID S-1-5-21-3403663269-735214362-347737058, flags = 0x2, attributes = 0x0, type = 0x1
pack_tdc_domains: Packing 2 trusted domains
pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
pack_tdc_domains: Packing domain NRFVCLYDE (UNKNOWN)
add_trusted_domain: Added domain [NRFVCLYDE] [(NULL)] [S-1-5-21-3403663269-735214362-347737058]
Could not fetch our SID - did we join?
unable to initialize domain list

Below are my various failed combinations.
        interfaces = 10.10.40.255/255.255.255.0
#       interfaces = 10.10.41.15/24 10.10.40.35/24
#       interfaces = 10.10.40.15/255.255.255.0 127.0.0.1/255.0.0.0
#    interfaces = 10.10.40.35/24
#    interfaces = en0

# netstat -in
Name   Mtu   Network     Address                 Ipkts     Ierrs        Opkts     Oerrs  Coll
en0    1500  link#2      62.43.3.44.17.4    633284     0  1072294     0     0
en0    1500  10.10.40    10.10.40.35        633284     0  1072294     0     0
en0    1500  10.10.40    10.10.40.15        633284     0  1072294     0     0
en1    1500  link#3      62.43.3.44.17.5    650101     0   213221     0     0
en1    1500  10.10.41    10.10.41.15        650101     0   213221     0     0
en2    1500  link#4      62.43.3.44.17.6   1427931     0  1629156     0     0
en2    1500  172.16.252  172.16.252.15     1427931     0  1629156     0     0
en3    1500  link#5      62.43.3.44.17.7    680634     0  1224463     0     0
en3    1500  172.16.253  172.16.253.15      680634     0  1224463     0     0
lo0    16896 link#1                          54392     0    54392     0     0
lo0    16896 127         127.0.0.1           54392     0    54392     0     0
lo0    16896 ::1%1                           54392     0    54392     0     0
nrfpclydea:/opt/freeware/var

 # netstat -i
Name   Mtu   Network     Address                 Ipkts     Ierrs        Opkts     Oerrs  Coll
en0    1500  link#2      62.43.3.44.17.4    633301     0  1072333     0     0
en0    1500  10.10.40    nrfvclyde          633301     0  1072333     0     0
en0    1500  10.10.40    nrfpclydea         633301     0  1072333     0     0
en1    1500  link#3      62.43.3.44.17.5    650115     0   213223     0     0
en1    1500  10.10.41    nrfpclydea-rpv     650115     0   213223     0     0
en2    1500  link#4      62.43.3.44.17.6   1427953     0  1629180     0     0
en2    1500  172.16.252  nrfpclydea-xd1    1427953     0  1629180     0     0
en3    1500  link#5      62.43.3.44.17.7    680642     0  1224479     0     0
en3    1500  172.16.253  nrfpclydea-xd2     680642     0  1224479     0     0
lo0    16896 link#1                          54392     0    54392     0     0
lo0    16896 127         loopback            54392     0    54392     0     0
lo0    16896 ::1%1                           54392     0    54392     0     0

# /opt/freeware/sbin/winbindd --version
Version 4.10.6
nrfpclydea:/opt/freeware/var
 # /opt/freeware/sbin/nmbd --version
Version 4.10.6
# rpm -qa | grep sam
samba-common-4.10.6-1.ppc
samba-winbind-clients-4.10.6-1.ppc
samba-winbind-4.10.6-1.ppc
samba-test-4.10.6-1.ppc
samba-python-4.10.6-1.ppc
samba-winbind-devel-4.10.6-1.ppc
samba-devel-4.10.6-1.ppc
samba-client-4.10.6-1.ppc
samba-libs-4.10.6-1.ppc
samba-4.10.6-1.ppc
samba-test-libs-4.10.6-1.ppc
samba-pidl-4.10.6-1.ppc
samba-winbind-krb5-locator-4.10.6-1.ppc

The host system is AIX 71 TL05 SP04

yum install samba
AIX_Toolbox                                                         | 2.9 kB  00:00:00
AIX_Toolbox_71                                                      | 2.9 kB  00:00:00
AIX_Toolbox_noarch                                                  | 2.9 kB  00:00:00
Setting up Install Proces
Package samba-4.10.6-1.ppc already installed and latest version
Nothing to do

# cat /etc/resolv.conf
#nameserver      10.10.10.50
#nameserver      10.10.10.51
nameserver 192.168.4.19
domain  ad.nrfdist.com
options rotate
search ad.nrfdist.com

the new AD Servers;
10.10.10.50 NRFVAD01  NRFVAD01.ad.nrfdist.com nrfvad01.ad.nrfdist.com
10.10.10.51 NRFVAD02  NRFVAD02.ad.nrfdist.com nrfvad02.ad.nrfdist.com

> set TYPE=SRV
> NRFVAD01
Server:         192.168.4.19
Address:        192.168.4.19#53

Non-authoritative answer:
*** Can't find NRFVAD01: No answer

Authoritative answers can be found from:
ad.nrfdist.com
        origin = nrfvad02.ad.nrfdist.com
        mail addr = hostmaster.ad.nrfdist.com
        serial = 114325
        refresh = 900
        retry = 600
        expire = 86400
        minimum = 3600

> set TYPE=SRV
> NRFVAD02
Server:         192.168.4.19
Address:        192.168.4.19#53

Non-authoritative answer:
*** Can't find NRFVAD02: No answer

Authoritative answers can be found from:
ad.nrfdist.com
        origin = NRFVAD02.ad.nrfdist.com
        mail addr = hostmaster.ad.nrfdist.com
        serial = 114349
        refresh = 900
        retry = 600
        expire = 86400
        minimum = 3600

net ads info
LDAP server: 10.10.10.50
LDAP server name: NRFVAD01.ad.nrfdist.com
Realm: AD.NRFDIST.COM
Bind Path: dc=AD,dc=NRFDIST,dc=COM
LDAP port: 389
Server time: Wed, 18 Sep 2019 21:38:06 EDT
KDC server: 10.10.10.50
Server time offset: 88
Last machine account password change: Wed, 31 Dec 1969 19:00:00 EST

net ads join -U administrator
Enter administrator's password:
Failed to join domain: failed to lookup DC info for domain 'AD.NRFDIST.COM' over rpc: The attempted logon is invalid. This is either due to a bad username or authentication information.


# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
(by default Samba will discover the correct DC to contact automatically).
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER

The netbios or pre-windows 2000 name of the domain = ad
The fqdn for the domain = ad.nrfdist.com
Domain Controllers = nrfvad01.ad.nrfdist.com 10.10.10.50    nrfvad02.ad.nrfdist.com 10.10.10.51
The OU that contains user accounts =  CN=nrfusers,DC=ad,DC=nrfdist,DC=com
The account to use when joining the server to the domain:  LDAP://nrfvad01.ad.nrfdist.com/CN=aix.sa,CN=users,DC=ad,DC=nrfdist,DC=com

cat /etc/samba/user.map
!root = AD.NRFDIST.COM\Administrator  AD.NRFDIST.COM\administrator

The samba-tool is not available with the IBM AIX distribution.
Comment 1 Louis 2019-09-20 10:39:57 UTC
Hai, 

I dont know much of AIX, but you config dont look good to me. 
I suggest you try again but with the following settings, adapt where needed and check again.


/etc/hosts
127.0.0.1  localhost
IP of this server     nrfvclyde.ad.nrfdist.com nrfvclyde
# the ip of the server is the one that contains also the A+PTR record. 

# AD servers, should resolve through DNS, but this is allowed. 
10.10.10.50 nrfvad01.ad.nrfdist.com nrfvad01
10.10.10.51 nrfvad02.ad.nrfdist.com nrfvad02



/etc/resolv.conf
search ad.nrfdist.com
nameserver      10.10.10.50
nameserver      10.10.10.51
options rotate

/etc/krb5.conf
[logging]
    default=FILE:/var/log/krb5/libs.log
    kdc=FILE:/var/log/krb5/kdc.log
    admin_server=FILE:/var/log/krb5/admin.log

[libdefaults]
    default_realm = AD.NRFDIST.COM
    dns_lookup_realm = false
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    forwardable = yes



# Format: WORKGROUPNAME\Administrator 
/etc/samba/user.map
!root = NRFDIST\Administrator  NRFDIST\administrator

/etc/samba/smb.conf
# i removed most of you shares, so readd these but have a look at this. 
# much better to read now. 
[global]

    private dir = /opt/freeware/private                
    cache directory = /opt/freeware/var/cache
    lock directory = /opt/freeware/var/locks
    private dir = /opt/freeware/var/private
    state directory = /opt/freeware/var/locks/state
    binddns dir = /opt/freeware/var/bind-dns

    log file = /opt/freeware/var/log.%m          	
    log level = smbd:1 passdb:1 auth:1 winbind:1 nmbd:1
    max log size = 10 # double , the other had : 50

    security = ADS
    workgroup = NRFDIST
    realm = AD.NRFDIST.COM
    netbios name = NRFVCLYDE

    server string = CLYDE Samba Server
    os level = 20
    preferred master = no	

    interfaces = ens3 lo
    #or  interfaces = ip/mask lo
    #optinal: bind interfaces only = yes

    username map = /etc/samba/user.map     
	
    ######################### CNL
    # Default ID mapping configuration for local BUILTIN accounts
    # and groups on a domain member. The default (*) domain:
    # - must not overlap with any domain ID mapping configuration!
    # - must use a read-write-enabled back end, such as tdb.
    idmap config * : backend = tdb
    idmap config  * : range = 1000-8999
	
    # - You must set a DOMAIN backend configuration ( Should match with workgroup) 
    idmap config NRFDIST : backend = rid
    idmap config NRFDIST : range = 10000-999999
    idmap config NRFDIST : unix_nss_info = no

    ########################  
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    winbind refresh tickets = Yes 

    # Only set these to yes, while testing, yes, slows down you server..
    # use: getent passwd username/group 
    winbind enum users = no
    winbind enum groups = no

    # separate domain and username with '+', like DOMAIN+username
    winbind separator = +
	
    # and this removes the "DOM+" part from your users.. 
    winbind use default domain = Yes

    # Disable printing
    load printers = no
	
    # give winbind users a real shell (only needed if they have telnet access)
    template homedir = /usr/users/%U
    template shell = /bin/bash

    # For ACL support on member servers with shares (Obligated for members)
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

    # other optional settings
    create mask = 0774   
    directory mask = 0775

#####################################

[homes]
    read only = No
    browseable = No

[mgmtdata]
    path = /pcdata/mgmtdata
    comment = shared directory for MgmtInqScr data
    writable = yes
    # If you apply all above settings, these "valid user" need to be changed.
    force create mode = 0666
    # I suggest, use groups here.
    valid users = \
       NRFDIST+bobb, \
       NRFDIST+wendyj, \
       NRFDIST+peterr, \
       NRFDIST+debbiej, \
       NRFDIST+stephm, \
       NRFDIST+sueb, \
       NRFDIST+andrewr, \
       NRFDIST+billn, \
       NRFDIST+gordons, \
       NRFDIST+gregc2, \
       NRFDIST+brendab2, \
       NRFDIST+erikaw, \
       NRFDIST+operator, \
       NRFDIST+melindab, \
       NRFDIST+donnat

[adtest]
    # Test like this and read man smb.conf
    # read also https://wiki.samba.org/index.php/Samba_File_Serving 
    path = /home/billn/tmp
    browseable = yes
    comment = test this share
    writable = yes
    force directory mode = 4775 # or 4770
    force group = +your-group-here


This should give a better result.
Comment 2 Chris Lee 2019-09-20 17:57:14 UTC
Thank you.

I changed the workgroup to match the domain & winbindd is now running.

 workgroup = AD.NRFDIST.COM <http://AD.NRFDIST.COM>

File /etc/hosts already had the AD servers;
 # cat /etc/hosts | grep vad
10.10.10.50 NRFVAD01  NRFVAD01.ad.nrfdist.com nrfvad01.ad.nrfdist.com
10.10.10.51 NRFVAD02  NRFVAD02.ad.nrfdist.com nrfvad02.ad.nrfdist.com

I changed the DNS server to use the AD servers. The 192.168.4.19 is the
old AD/DNS server.

 # cat  /etc/resolv.conf
nameserver      10.10.10.50
nameserver      10.10.10.51
# nameserver 192.168.4.19
# domain  ad.nrfdist.com
options rotate
search ad.nrfdist.com

Could not find machine account in secrets database: Failed to fetch
machine account password for AD.NRFDIST.COM from both secrets.ldb (Could
not find entry to match filter:
'(&(flatname=AD.NRFDIST.COM)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:4712) and from
/opt/freeware/var/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[2019/09/20 09:01:51.894931,  1]
../../source3/winbindd/winbindd_cm.c:1306(cm_prepare_connection)
  Failed to prepare SMB connection to NRFVAD01.ad.nrfdist.com:
NT_STATUS_NETWORK_NAME_DELETED

 # nslookup
> set type=SRV
> NRFVAD01.ad.nrfdist.com
Server:         10.10.10.50
Address:        10.10.10.50#53

*** Can't find NRFVAD01.ad.nrfdist.com: No answer

 set type=SRV
>  NRFVAD01
Server:         10.10.10.50
Address:        10.10.10.50#53

*** Can't find NRFVAD01: No answer


Can you tell which directory/files has an issue? From the smbd log;
  messaging_dgm_cleanup(20054066) returned Permission denied
[2019/09/20 09:00:27.452589, 10, pid=12582966, effective(0, 0), real(0,
0)] ../../source3/lib/messages_dgm.c:1600(messaging_dgm_wipe_fn)

Also, the samba-tool is not compiled for my distribution. Is this a
compiled module or a perl script? Where can I locate a copy for AIX?



 # wbinfo --ping-dc
checking the NETLOGON for domain[AD.NRFDIST.COM] dc connection to "" failed
failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND

Thank you



‹
Regards,
Chris

Christopher Lee
President / CEO, ITS, Inc.
888.264.7852 <tel:888.264.7852> | T: 207.929.2612 <tel:T:%20207.929.2613>
| M: 207.266.9060 <tel:T:%20207.929.2613>
Chris.Lee@itsne.com | itsne.com <http://itsne.com/>
 <http://www.facebook.com/itsne>  <http://twitter.com/ITS_innovate>
<http://www.linkedin.com/company/its-inc-?trk=company_logo>
<http://plus.google.com/106571444730456248578/posts>
  IBM Premier Business Partner & Systems Integration Specialists
  
Please treat this and all communications from ITS, Inc. as confidential.
If you receive this in error please do not disseminate and destroy it
immediately.






On 9/20/19, 6:39 AM, "samba-bugs@samba.org" <samba-bugs@samba.org> wrote:

>https://bugzilla.samba.org/show_bug.cgi?id=14135
>
>--- Comment #1 from Louis <belle@samba.org> ---
>Hai, 
>
>I dont know much of AIX, but you config dont look good to me.
>I suggest you try again but with the following settings, adapt where
>needed and
>check again.
>
>
>/etc/hosts
>127.0.0.1  localhost
>IP of this server     nrfvclyde.ad.nrfdist.com nrfvclyde
># the ip of the server is the one that contains also the A+PTR record.
>
># AD servers, should resolve through DNS, but this is allowed.
>10.10.10.50 nrfvad01.ad.nrfdist.com nrfvad01
>10.10.10.51 nrfvad02.ad.nrfdist.com nrfvad02
>
>
>
>/etc/resolv.conf
>search ad.nrfdist.com
>nameserver      10.10.10.50
>nameserver      10.10.10.51
>options rotate
>
>/etc/krb5.conf
>[logging]
>    default=FILE:/var/log/krb5/libs.log
>    kdc=FILE:/var/log/krb5/kdc.log
>    admin_server=FILE:/var/log/krb5/admin.log
>
>[libdefaults]
>    default_realm = AD.NRFDIST.COM
>    dns_lookup_realm = false
>    dns_lookup_kdc = true
>    ticket_lifetime = 24h
>    forwardable = yes
>
>
>
># Format: WORKGROUPNAME\Administrator
>/etc/samba/user.map
>!root = NRFDIST\Administrator  NRFDIST\administrator
>
>/etc/samba/smb.conf
># i removed most of you shares, so readd these but have a look at this.
># much better to read now.
>[global]
>
>    private dir = /opt/freeware/private
>    cache directory = /opt/freeware/var/cache
>    lock directory = /opt/freeware/var/locks
>    private dir = /opt/freeware/var/private
>    state directory = /opt/freeware/var/locks/state
>    binddns dir = /opt/freeware/var/bind-dns
>
>    log file = /opt/freeware/var/log.%m
>    log level = smbd:1 passdb:1 auth:1 winbind:1 nmbd:1
>    max log size = 10 # double , the other had : 50
>
>    security = ADS
>    workgroup = NRFDIST
>    realm = AD.NRFDIST.COM
>    netbios name = NRFVCLYDE
>
>    server string = CLYDE Samba Server
>    os level = 20
>    preferred master = no
>
>    interfaces = ens3 lo
>    #or  interfaces = ip/mask lo
>    #optinal: bind interfaces only = yes
>
>    username map = /etc/samba/user.map
>
>    ######################### CNL
>    # Default ID mapping configuration for local BUILTIN accounts
>    # and groups on a domain member. The default (*) domain:
>    # - must not overlap with any domain ID mapping configuration!
>    # - must use a read-write-enabled back end, such as tdb.
>    idmap config * : backend = tdb
>    idmap config  * : range = 1000-8999
>
>    # - You must set a DOMAIN backend configuration ( Should match with
>workgroup) 
>    idmap config NRFDIST : backend = rid
>    idmap config NRFDIST : range = 10000-999999
>    idmap config NRFDIST : unix_nss_info = no
>
>    ########################
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>    winbind refresh tickets = Yes
>
>    # Only set these to yes, while testing, yes, slows down you server..
>    # use: getent passwd username/group
>    winbind enum users = no
>    winbind enum groups = no
>
>    # separate domain and username with '+', like DOMAIN+username
>    winbind separator = +
>
>    # and this removes the "DOM+" part from your users..
>    winbind use default domain = Yes
>
>    # Disable printing
>    load printers = no
>
>    # give winbind users a real shell (only needed if they have telnet
>access)
>    template homedir = /usr/users/%U
>    template shell = /bin/bash
>
>    # For ACL support on member servers with shares (Obligated for
>members)
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>
>    # other optional settings
>    create mask = 0774
>    directory mask = 0775
>
>#####################################
>
>[homes]
>    read only = No
>    browseable = No
>
>[mgmtdata]
>    path = /pcdata/mgmtdata
>    comment = shared directory for MgmtInqScr data
>    writable = yes
>    # If you apply all above settings, these "valid user" need to be
>changed.
>    force create mode = 0666
>    # I suggest, use groups here.
>    valid users = \
>       NRFDIST+bobb, \
>       NRFDIST+wendyj, \
>       NRFDIST+peterr, \
>       NRFDIST+debbiej, \
>       NRFDIST+stephm, \
>       NRFDIST+sueb, \
>       NRFDIST+andrewr, \
>       NRFDIST+billn, \
>       NRFDIST+gordons, \
>       NRFDIST+gregc2, \
>       NRFDIST+brendab2, \
>       NRFDIST+erikaw, \
>       NRFDIST+operator, \
>       NRFDIST+melindab, \
>       NRFDIST+donnat
>
>[adtest]
>    # Test like this and read man smb.conf
>    # read also https://wiki.samba.org/index.php/Samba_File_Serving
>    path = /home/billn/tmp
>    browseable = yes
>    comment = test this share
>    writable = yes
>    force directory mode = 4775 # or 4770
>    force group = +your-group-here
>
>
>This should give a better result.
>
>-- 
>You are receiving this mail because:
>You reported the bug.
Comment 3 Björn Jacke 2019-09-21 13:14:14 UTC
this is more of a config support case, please do not use bugzilla for this but move it to the samba mailing list instead.
Comment 4 Chris Lee 2019-09-22 15:13:40 UTC
Team,

While there maybe a configuration issue with the smb.conf, it would be extremely helpful to have a better diagnostic msg. I cannot determine my error based on the message. 

interpret_interface: using netmask value 24 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
interpret_interface: Adding interface 127.0.0.1/8
added interface 127.0.0.1/8 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Netbios name list:-
my_netbios_names[0]="NRFVCLYDE"
interpret_interface: using netmask value 24 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
interpret_interface: Adding interface 127.0.0.1/8
added interface 127.0.0.1/8 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
exit_daemon: daemon failed to start: Failed to create session, error code 1

The NETBIOS name & the workgroup names are both found. So, it is a puzzle why the winbindd session failed. Perhaps, provide the command so I could see the values.  Also, testparm does not report any issues. 

thank you
Chris
Comment 5 Chris Lee 2019-09-22 15:28:18 UTC
Team,

While there maybe a configuration issue with the smb.conf, it would be extremely helpful to have a better diagnostic msg. I cannot determine my error based on the message. 

interpret_interface: using netmask value 24 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
interpret_interface: Adding interface 127.0.0.1/8
added interface 127.0.0.1/8 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Netbios name list:-
my_netbios_names[0]="NRFVCLYDE"
interpret_interface: using netmask value 24 from config file on interface en0
added interface en0 ip=10.10.40.35 bcast=10.10.40.255 netmask=255.255.255.0
interpret_interface: Adding interface 127.0.0.1/8
added interface 127.0.0.1/8 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
exit_daemon: daemon failed to start: Failed to create session, error code 1

The NETBIOS name & the workgroup names are both found. So, it is a puzzle why the winbindd session failed. Perhaps, provide the command so I could see the values.  Also, testparm does not report any issues. 

thank you
Chris