Created attachment 17756 [details]
smb.conf and log excerpts
I recently set up a domain member server with Debian Bookworm and Samba 4.17.5, and I have noted frequent and lots of permission denied errors in the journal (the same errors as in log.smbd). Example of the errors are found in the attachment under heading Journal dump. Essentially the error pairs is as shown below with variations, depending on machine account and share:
Feb 09 09:51:37 konsrvfast smbd: chdir_current_service: vfs_ChDir(/data/samba/Publishing) failed: Permission denied. Current token: uid=11155, gid=10515, 5 groups: 11155 10515 3003 3004 3006
Feb 09 09:51:37 konsrvfast smbd: [2023/02/09 09:51:37.557723, 0, effective(11155, 10515), real(11155, 0)] ../../source3/smbd/smb2_service.c:168(chdir_current_service)
The uid 11155 is an existing AD machine account, and gid 10515 is the standard AD group Computers
I have also noted other errors in some of the samba log files.
In log.samba-dcerpcd smbd tries to connect to a pipe in /run/samba/ncalrpc/EPMAPPER. The pipe exists, but in the directory /run/samba/ncalrpc/np/epmapper
Further, in the log file log.wb-SAMDOM is recorded, that smbd tries to access the file /var/lib/samba/private/secrets.ldb, which does not exist. However, the file /var/lib/samba/private/secrets.tdb exists.
Finally, in the log file log.winbindd there are numerous errors where winbind cannot convert sid S-0-0, which raises the error NT_STATUS_NONE_MAPPED and furtner on the error Failed with NT_STATUS_INVALID_SID
The shares of the member server were basically set up according to the Samba Wiki for use with Windows ACLs, and then all management is made through the RSAT tool suite.
As otherwise everything seems to be working, I have put a minor severity on the bug report. The users do not complain, and the roaming profiles seem to work.