Created attachment 17628 [details] configs from file server tested on ubuntu 22.04 using samba built from master branch setting a user gpo winbindd_gpupdate.c:136(gpupdate_user_init), calls samba-gpupdate this generates the below error: /usr/sbin/samba-gpupdate: add_local_groups: SID S-1-5-21-33300784-995546578-3414580312-1107 -> getpwuid(2001107) failed, is nsswitch configured? [2022/10/31 17:19:19.762025, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: Traceback (most recent call last): [2022/10/31 17:19:19.762088, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: File "/usr/sbin/samba-gpupdate", line 136, in <module> [2022/10/31 17:19:19.762107, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: apply_gp(lp, creds, store, gp_extensions, username, [2022/10/31 17:19:19.762113, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: File "/usr/lib/python3/dist-packages/samba/gp/gpclass.py", line 437, in apply_gp [2022/10/31 17:19:19.762172, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: gpos = get_gpo_list(dc_hostname, creds, lp, username) [2022/10/31 17:19:19.762187, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: File "/usr/lib/python3/dist-packages/samba/gp/gpclass.py", line 373, in get_gpo_list [2022/10/31 17:19:19.762246, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: gpos = ads.get_gpo_list(username.split('\\')[-1]) [2022/10/31 17:19:19.762267, 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) /usr/sbin/samba-gpupdate: RuntimeError: Failed to get sid token for 'peter'(CN=Peter Carlson,CN=Users,DC=carlson,DC=lab): The specified account does not exist. [2022/10/31 17:19:19.811877, 0] ../../source3/winbindd/winbindd_gpupdate.c:187(gpupdate_cmd_done) gpupdate_cmd_done: gpupdate failed with exit status 1 However the user can login using ssh, and running samba-gpupdate --target=User -U peter does not generate the error CARLSON\peter@fs1:~$ id uid=2001107(CARLSON\peter) gid=2000513(CARLSON\domain users) groups=2000513(CARLSON\domain users),10000(BUILTIN\administrators),10001(BUILTIN\users),2000512(CARLSON\domain admins),2000572(CARLSON\denied rodc password replication group),2001107(CARLSON\peter),2001108(CARLSON\linux admins) the error is happening in libgpo/pygpo.c on line 457 The ADDC is running on ubuntu 22.04 git branch master the fileserver is running the same config files are attached
Created attachment 17629 [details] config from addc
digging a bit deeper, the actual error occurs here: gpo_ldap.c : 693 at this: status = ADS_ERROR_NT(create_local_nt_token(mem_ctx, &object_sid, false, num_token_sids, token_sids, &new_token));
some further digging: source3/auth/token_util.c:562 pass = getpwuid_alloc(tmp_ctx, uid); and pass is null This is the error in the log: /usr/sbin/samba-gpupdate: add_local_groups: SID S-1-5-21-33300784-995546578-3414580312-1107 -> getpwuid(2001107) failed, is nsswitch configured? root@fs1:~/samba.git# wbinfo -s S-1-5-21-33300784-995546578-3414580312-1107 CARLSON\peter 1 Here is my nsswitch: root@fs1:~/samba.git# cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files systemd winbind group: files systemd winbind shadow: files gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
This bug was referenced in samba master: a8bad5d5b859a2a76ce18919fbe2bf42f8ef7562 ac4726106c6d99794f03591fc0b526d91b947fad ee04bafc25c7b09e53fe2036c5188531b58526a8 c80affe0f192db9f851b5ed0617586783a02a82d
The fix for this bug has landed in master. Peter, could you try this out (either build master, or wait for the release)>