• [6.7.0-rc4] SMB Active Directory - Access Denied

    nthlevel

    By nthlevel

      • Solved Minor

    It was working with 6.6.6, but RC2, RC3 and now RC4 (I didn't try RC1) are prompting me from a domain-joined Windows workstation. I cannot access my array via Active Directory SMB at all. EDIT: I tried safe mode as well - same issue. let me know if any further information/troubleshooting steps are required.

     

    unraid-diagnostics-20190216-1744.zip

    Access_Denied.png

    • Upvote 1
    Go to reports Prereleases

    User Feedback

    Recommended Comments

    dsmith44

    I also have this issue. 

     

    A domain un-join and re-join after reboot doesn't rectify this either.

     

    This is with rc7

     

    Final lines in syslog, with additional SMB logs enabled are

      

    Mar 3 10:20:21 unraid smbd[7310]: check_ntlm_password: authentication for user [userid] -> [userid] -> [DOMAIN\userid] succeeded
Mar 3 10:20:21 unraid smbd[7310]: [2019/03/03 10:20:21.011860, 2] ../source3/auth/token_util.c:713(finalize_local_nt_token)
Mar 3 10:20:21 unraid smbd[7310]: WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids?
Mar 3 10:20:21 unraid smbd[7310]: [2019/03/03 10:20:21.012217, 2] ../source3/auth/token_util.c:732(finalize_local_nt_token)
Mar 3 10:20:21 unraid smbd[7310]: WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
Mar 3 10:20:21 unraid smbd[7310]: [2019/03/03 10:20:21.012569, 2] ../source3/auth/token_util.c:774(finalize_local_nt_token)
Mar 3 10:20:21 unraid smbd[7310]: Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind allocate gids?

     

    So looks like some winbind problem.

     

    Note behaviour is identical from Windows and Mac hosts, so this isn't a recent Windows update.

     

    Happened when moving to 6.7.0-rc releases.

     

    I will probably revert to 6.6

    unraid-diagnostics-20190303-0957.zip

    • Upvote 1
    Link to comment
    Ravinmiist

    Any updates on this thread. I am also experiencing this issue.

     

    I request to make this thread change from Minor to Urgent. Due to not being able to access the NAS via SMB it is a showstopper in my humble opinion 

    Edited by Ravinmiist
    • Upvote 3
    Link to comment
    dsmith44

    This is a critical issue for me, a NAS that can't act as a NAS is somewhat pointless.

     

    Seems to be a Samba 4.9 issue which 6.7 introduces.

     

    https://bugzilla.samba.org/show_bug.cgi?id=13697

     

    As suggested in multiple places (https://lists.samba.org/archive/samba/2018-September/218485.html)

    running 

    net -s /dev/null groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin

    fixes the problem.

     

    I've added this to my /boot/config/go script.

     

    However I am not 100% comfortable with this as not clear if this is going to cause other issues and the mapping created doesn't actually match the errors, but will run rc5 like this for now and see if anything crops up.

     

    Edited by dsmith44
    • Upvote 1
    Link to comment
    Dazog
    5 hours ago, dsmith44 said:

    This is a critical issue for me, a NAS that can't act as a NAS is somewhat pointless.

     

    Seems to be a Samba 4.9 issue which 6.7 introduces.

     

    https://bugzilla.samba.org/show_bug.cgi?id=13697

     

    As suggested in multiple places (https://lists.samba.org/archive/samba/2018-September/218485.html)

    running 

    
net -s /dev/null groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin

    fixes the problem.

     

    I've added this to my /boot/config/go script.

     

    However I am not 100% comfortable with this as not clear if this is going to cause other issues and the mapping created doesn't actually match the errors, but will run rc5 like this for now and see if anything crops up.

     

    They just need to push Samba 4.9.5 before 6.7 final.

     

    It fixes this bug.

     

    https://www.samba.org/samba/history/samba-4.9.5.html

     

    @limetech

    Edited by Dazog
    • Upvote 2
    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.

    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.