smbd fails to start in default config if winbind is running

Bug #1806035 reported by Andreas Hasenack on 2018-11-30
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
samba
Unknown
Unknown
samba (Debian)
Fix Released
Unknown
samba (Ubuntu)
High
Andreas Hasenack

Bug Description

In disco, with samba 4.9.x, smbd fails to start in the default configuration if winbind is already running:

sudo apt install samba winbind
...
invoke-rc.d: initscript smbd, action "start" failed.
...
Errors were encountered while processing:
 samba
E: Sub-process /usr/bin/dpkg returned an error code (1)

The log shows:
[2018/11/30 12:56:04.989473, 0] ../source3/auth/auth_util.c:1382(make_new_session_info_guest)
  create_local_token failed: NT_STATUS_ACCESS_DENIED
[2018/11/30 12:56:04.990195, 0] ../source3/smbd/server.c:2000(main)
  ERROR: failed to setup guest info.

Related branches

Andreas Hasenack (ahasenack) wrote :

From https://docs.fedoraproject.org/en-US/fedora/f29/release-notes/sysadmin/File_Servers/:
"""
Finally, Samba 4.9 differentiates between anonymous and guest access via SMB protocol. A side effect of this is that it is now required to have a mapping for BUILTIN\Guests group. The mapping can be provided automatically if a default identity backend allows to create entries on demand. Alternatively, net utility can be used to provide a group mapping for BUILTIN\Guests via

net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin
"""

(it would be "nogroup" in ubuntu/debian)

Andreas Hasenack (ahasenack) wrote :

Mailing list threads:
- https://lists.samba.org/archive/samba/2018-November/219540.html "Standalone Update 4.8.5 -> 4.9.2 smb fails to start ERROR: failed to setup guest info"
- https://lists.samba.org/archive/samba/2018-October/219059.html "smb.service fails to start after openSUSE Tumbleweed update"
- https://lists.samba.org/archive/samba-technical/2018-September/130369.html "Samba package 4.9.x samba smbd not playing with winbind"

Changed in samba (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
Changed in samba (Debian):
status: New → Confirmed
tags: added: block-proposed
Changed in samba (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: Confirmed → In Progress
Changed in samba (Debian):
status: Confirmed → Fix Released
tags: removed: block-proposed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.9.2+dfsg-2ubuntu2

---------------
samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium

  * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
    failing without a valid idmap configuration. This fixes the smbd startup
    on a standalone server where winbind is available and running. Thanks to
    Stefan Metzmacher <email address hidden>. (LP: #1806035)

 -- Andreas Hasenack <email address hidden> Fri, 21 Dec 2018 10:39:23 -0200

Changed in samba (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.