Community Forum

Resolved
0 votes
Hi all,

Long story short. after 200+ days uptime decided to power off, clean/de dust system and allow for all the updates to apply .

Thought it went sweet until trying to access a smb share. Initially it complained of no guest acc so preceded to disable guest via smb.conf. Slightly odd as never touched it before. howvwer got smb service to start.

This is where it gets tricky,

Existing shares are still not available and according to the logs it due to the users are invalid.

Nov 05 10:08:36 srv1.umrealnetworks.lan engine[5943]: exception: error: /usr/clearos/apps/base/libraries/Shell.php (227): /bin/chown: invalid user: ‘pete’
Nov 05 10:08:36 srv1.umrealnetworks.lan engine[5943]: exception: debug backtrace: /usr/clearos/apps/base/libraries/File.php (544): execute
Nov 05 10:08:36 srv1.umrealnetworks.lan engine[5943]: exception: debug backtrace: /var/clearos/events/accounts/accounts (132): chown
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: [2017/11/05 10:09:13.326907, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: [2017/11/05 10:09:13.327250, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: [2017/11/05 10:09:13.334664, 0] ../source3/passdb/lookup_sid.c:1605(get_primary_group_sid)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: Failed to find a Unix account for pete
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: [2017/11/05 10:09:13.334808, 0] ../source3/auth/check_samsec.c:493(check_sam_security)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: [2017/11/05 10:09:13.334840, 0] ../source3/passdb/lookup_sid.c:1605(get_primary_group_sid)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: Failed to find a Unix account for pete
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: [2017/11/05 10:09:13.334931, 0] ../source3/auth/check_samsec.c:493(check_sam_security)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: [2017/11/05 10:09:13.348405, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: [2017/11/05 10:09:13.348602, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: [2017/11/05 10:09:13.350908, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5967]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: [2017/11/05 10:09:13.352405, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5966]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: [2017/11/05 10:09:13.413208, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: [2017/11/05 10:09:13.414951, 0] ../source3/passdb/lookup_sid.c:1605(get_primary_group_sid)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: Failed to find a Unix account for pete
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: [2017/11/05 10:09:13.416368, 0] ../source3/auth/check_samsec.c:493(check_sam_security)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: [2017/11/05 10:09:13.419965, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: can't open username map /etc/samba/smbusers. Error No such file or directory
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: [2017/11/05 10:09:13.421722, 0] ../source3/auth/user_util.c:358(map_username)
Nov 05 10:09:13 srv1.umrealnetworks.lan smbd[5968]: can't open username map /etc/samba/smbusers. Error No such file or directory



Now this is for existing users from the initial install.

Thought I'd try a new user(test) to see what the out come is, same issue, Appears added fine via the wed gui but according to the system the user is invalid.

I've also checked permissions on the users dir, the user/groups are no longer shown and instead numbers.


drwx------ 10 2003 63000 4096 Aug 27 2016 andy
drwx------ 12 2001 63000 4096 Jun 23 17:51 louise
drwx------ 2 2002 63000 59 Jul 27 2016 natx
drwx------ 43 2004 63000 8192 Nov 3 01:00 pete
drwx------ 9 steam steam 4096 Jun 8 20:16 steam
drwx------ 10 teamspeak 63000 4096 Sep 1 2016 teamspeak
drwxr-xr-x 2 root root 45 Nov 5 00:21 test


The only ones that are fine are the manually added via cli, eg teamspeak

Shell login also no longer works due to the same issue, "Invalid user" and yes shell access is enabled


seem the old adage is apt here , "if it aint broke...."

was working so well :(
Sunday, November 05 2017, 10:47 AM
Share this post:

Accepted Answer

Friday, November 10 2017, 10:58 AM - #Permalink
Resolved
0 votes
Just to update every one, Now done a fresh install with applied updates(7.4). Have tried the config restore which has worked a treat :D

All users/groups are working fine.

Thank you all for trying!
The reply is currently minimized Show
Responses (18)
  • Accepted Answer

    Friday, November 10 2017, 01:07 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Weird. That means a config restore into your old set up should have worked as well but the indications were that something was corrupt in both the set up and backup.


    The only difference I can surmise is that this time I did the update then installed the backup configs.

    So may be something got corrupted/broken on the original setup when the update applied
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 10 2017, 11:11 AM - #Permalink
    Resolved
    0 votes
    Weird. That means a config restore into your old set up should have worked as well but the indications were that something was corrupt in both the set up and backup.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 10 2017, 12:12 AM - #Permalink
    Resolved
    0 votes
    Ben Chambers wrote:

    Can you try running:

    service nslcd restart 


    Don't think it's your issue but would like to confirm.

    B


    Nope, that didn't work either. I have restarted the system several times to see if that would resolve any issues.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 09 2017, 11:57 PM - #Permalink
    Resolved
    0 votes
    Can you try running:

    service nslcd restart 


    Don't think it's your issue but would like to confirm.

    B
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 09 2017, 11:20 PM - #Permalink
    Resolved
    0 votes
    Dave Loper wrote:

    On the box that I saw broken UIDs it was a matter of simply putting the user's ID back into the /home/username folder:

    chown -R username /home/username


    But that's the problem! the user nor the groups exist to the system yet show via the web GUI

    I think the only way it's going to be solved is a fresh install. Not something I am looking forward to. I don't want to use a config backup to restore in case it fudges it again . :(
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 09 2017, 07:02 PM - #Permalink
    Resolved
    0 votes
    On the box that I saw broken UIDs it was a matter of simply putting the user's ID back into the /home/username folder:

    chown -R username /home/username
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 06 2017, 11:21 PM - #Permalink
    Resolved
    0 votes
    Dave Loper wrote:

    I think I found a system out there that exhibits a similar problem.

    Run the following for each of your usernames:

    id username

    Then compare these with the /home directory permission UIDs:

    ls -la /home

    You may want to capture your LDAP as it stands...

    slapcat -n3 > /root/ldapdump.current

    And see if it is different from the ldif file found in your configuration backup from a week ago (best to back up these as well to local files)



    Already done that and it says invalid user.

    This is what is shown. with ls -la
    drwx------  12      2001     63000   4096 Jun 23 17:51 louise


    Just to add, the uids do match between the user in the ldap cap to the dir listing for said user.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 06 2017, 10:39 PM - #Permalink
    Resolved
    0 votes
    I think I found a system out there that exhibits a similar problem.

    Run the following for each of your usernames:

    id username

    Then compare these with the /home directory permission UIDs:

    ls -la /home

    You may want to capture your LDAP as it stands...

    slapcat -n3 > /root/ldapdump.current

    And see if it is different from the ldif file found in your configuration backup from a week ago (best to back up these as well to local files)
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 06 2017, 05:37 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Please don't do that. The dc's have to tie up with other bits. Can you hang on for the moment?


    Can do, Everything else appears to be working fine
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 06 2017, 05:21 PM - #Permalink
    Resolved
    0 votes
    Please don't do that. The dc's have to tie up with other bits. Can you hang on for the moment?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 06 2017, 05:11 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    ... and from your backup, open the file /var/clearos/openldap/snapshot.ldif and see if the dc entries there are as you' think they should be.



    Now this is strange as the old backups + the test server I've done all state dc=system .

    I take yours is running 7.4 ?

    I'm tempted to change all references of dc=system to give it a go.. Cant make it any worse can I :p
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 06 2017, 04:27 PM - #Permalink
    Resolved
    0 votes
    ... and from your backup, open the file /var/clearos/openldap/snapshot.ldif and see if the dc entries there are as you' think they should be.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 06 2017, 04:23 PM - #Permalink
    Resolved
    0 votes
    To me your dc entry looks dodgy. For guests group I get:
    dn: cn=guests,ou=Groups,ou=Accounts,dc=howitts,dc=co,dc=uk
    cn: guests
    member: cn=No Members,ou=Users,ou=Accounts,dc=howitts,dc=co,dc=uk
    and for the guest account:
    dn: cn=Guest Account,ou=Users,ou=Accounts,dc=howitts,dc=co,dc=uk
    sn: Guest Account
    plus loads of other entries.

    If you have not reset everything yet, please can you preserve an older config backup from /var/clearos/configuration_backup, but it may not be a good idea to restore it yet.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 05 2017, 07:14 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Can you have a look at this post and do the same diagnostic stuff?


    SID's match, all the info appears to be there, users/groups etc including the guest acc that samba complains about. Very odd

    One thing I had noticed is this from the slapcat -n3 output


    dn: cn=guests,ou=Groups,ou=Accounts,dc=system,dc=lan
    cn: guests
    member: cn=No Members,ou=Users,ou=Accounts,dc=system,dc=lan


    Shouldn't the dc read
    dc=umrealnetworks
    ?

    Edit,

    Just checked on my test server setup and I guess no. So no clue.

    Looking like a re install. :( :( :(
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 05 2017, 05:04 PM - #Permalink
    Resolved
    0 votes
    Can you have a look at this post and do the same diagnostic stuff?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 05 2017, 04:28 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Please can you check if LDAP is running:
    service slapd status
    Also which version of ClearOS are you using?
    cat /etc/clearos-release


    Should have stated, Clearos 7.4 final

    Yes ldap is running.


    systemctl status slapd.service
    ● slapd.service - OpenLDAP Server Daemon
    Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled)
    Active: active (running) since Sat 2017-11-04 21:06:16 GMT; 19h ago
    Docs: man:slapd
    man:slapd-config
    man:slapd-hdb
    man:slapd-mdb
    file:///usr/share/doc/openldap-servers/guide.html
    Process: 3711 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS)
    Process: 3693 ExecStartPre=/usr/libexec/openldap/prestart.sh (code=exited, status=0/SUCCESS)
    Main PID: 3713 (slapd)
    CGroup: /system.slice/slapd.service
    └─3713 /usr/sbin/slapd -u ldap -h ldap://127.0.0.1/

    Nov 04 21:06:16 srv1.umrealnetworks.lan systemd[1]: Starting OpenLDAP Server Daemon...
    Nov 04 21:06:16 srv1.umrealnetworks.lan prestart.sh[3693]: Configuration directory '/etc/openldap/slapd.d' does not exist.
    Nov 04 21:06:16 srv1.umrealnetworks.lan prestart.sh[3693]: Warning: Usage of a configuration file is obsolete!
    Nov 04 21:06:16 srv1.umrealnetworks.lan runuser[3697]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
    Nov 04 21:06:16 srv1.umrealnetworks.lan runuser[3697]: pam_unix(runuser:session): session closed for user ldap
    Nov 04 21:06:16 srv1.umrealnetworks.lan slapd[3711]: @(#) $OpenLDAP: slapd 2.4.44 (Aug 12 2017 06:10:11) $
    mockbuild@build64-1.clearsdn.local:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
    Nov 04 21:06:16 srv1.umrealnetworks.lan systemd[1]: Started OpenLDAP Server Daemon.


    I've done a quick install into a vm to compare.

    id guest shows fine on the fresh test setup. Mine says invalid .

    Don't really want to do a fresh install.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 05 2017, 01:01 PM - #Permalink
    Resolved
    0 votes
    Please can you check if LDAP is running:
    service slapd status
    Also which version of ClearOS are you using?
    cat /etc/clearos-release
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 05 2017, 10:54 AM - #Permalink
    Resolved
    0 votes
    Just to add, checked the perms on the flexshare dir, seems they have got messed up too,


    drwxrwxr-x 6 apache 63000 75 Jul 28 2016 media
    drwxrwx--- 5 apache 63000 4096 Oct 18 15:42 oneforall


    Edit.


    Checking /etc/groups the users grope is missing .

    cut -d: -f1 /etc/group
    root
    bin
    daemon
    sys
    adm
    tty
    disk
    lp
    mem
    kmem
    wheel
    cdrom
    mail
    man
    dialout
    floppy
    games
    tape
    video
    ftp
    lock
    audio
    nobody
    tcpdump
    utmp
    utempter
    ssh_keys
    input
    systemd-journal
    systemd-bus-proxy
    systemd-network
    dbus
    webconfig
    postdrop
    postfix
    clearsync
    polkitd
    dip
    sshd
    slocate
    saslauth
    suva
    avahi
    ntp
    ldap
    filter
    clearconsole
    chrony
    clam
    flexshares
    nscd
    transmission
    radiusd
    apache
    tss
    wbpriv
    mysql
    system-mysql
    arpwatch
    snort
    screen
    teamspeak
    squid
    rpc
    rpcuser
    nfsnobody
    steam
    openvpn
    ssl-cert
    insserver
    dansguardian
    The reply is currently minimized Show
Your Reply