Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SMB show and lookup commands failing - latest SRU

Scott S.Aug 3 2020 — edited Sep 4 2020

I'm trying a simple setup for a few client machines, I'd prefer to use NFSv4 however between different versions of windows the NFS client feature may not be available and when it is only NFSv3 is supported natively.

No AD, KRB5 nor LDAP, just basic local passwd auth for now.

Following the docs, I've been through the troubleshooting sections and this is where I am:

$ smbadm join -w WORKGROUP

After joining WORKGROUP the smb service will be restarted automatically.

Would you like to continue? [no]: yes

Successfully joined WORKGROUP

$ smbadm lookup-server //HPE-Backup

Workgroup: WORKGROUP

Server: HPE-BACKUP

IP address: 127.0.0.1

$ smbadm lookup-user cat

LsaLookup failed: CANT_ACCESS_DOMAIN_INFO

$ smbadm show-shares cat

Assertion failed: *bind_probes.bind_start != NULL, file ../common/ntsvcs_clnt.c, line 349, function ndr_rpc_bind

Abort

$ smbadm show-shares -t local

Enter password:

Assertion failed: *bind_probes.bind_start != NULL, file ../common/ntsvcs_clnt.c, line 349, function ndr_rpc_bind

Abort

Something wrong involving rpc? I see strange things going on with rpcbind, and no, samba is not enabled nor installed.

In dmesg I see entries i.e.:

rpcbind: [ID 702911 daemon.warning] refused connect from <<Client-IP>> to getport()

rpcbind: [ID 727407 daemon.error] udp6: address in use

rpcbind: [ID 727407 daemon.error] tcp6: address in use

rpcbind: [ID 727407 daemon.error] udp: address in use

rpcbind: [ID 727407 daemon.error] tcp: address in use

rpcbind: [ID 727407 daemon.error] ticlts: address in use

rpcbind: [ID 727407 daemon.error] ticotsord: address in use

rpcbind: [ID 727407 daemon.error] ticots: address in use

rpcbind: [ID 929946 daemon.error] could not find loopback transports

on a tangent - I'm curios as to why this appears and how to remove deprecated crypto ciphers?

smbd[882]: [ID 275133 daemon.warning] use of deprecated crypto cipher md5-hmac by /usr/lib/smbd

smbd[882]: [ID 275133 daemon.warning] use of deprecated crypto cipher md5 by /usr/lib/smbd

smbd[882]: [ID 275133 daemon.warning] use of deprecated crypto cipher des-ecb by /usr/lib/smbd

also, I read that SMB direct can be enabled on some clients which uses RDMA, is this possible to support on the server side? That would be quite good to have

and I notice that we have client and client2 in the services, what is the difference?

$ svcs -a | grep smb

online         14:01:52        svc:/network/smb:default

online         14:02:26        svc:/network/smb/client2:default

online         14:09:34        svc:/network/smb/client:default

online         20:19:32        svc:/network/smb/server:default

$svcs -xv is blank.

Login on the client side always fails, accessing the separate "guest ok" share works. ( tried resetting pass and then restart of services )

I have the needed entry as per:

cat /var/smb/smbpasswd

cat:105::<<hash>>

$ tail -1 /etc/pam.d/other

password required    pam_smb_passwd.so.1    nowarn

smbd[882]: [ID 812811 daemon.notice] logon[-WORK-\cat]: LOGON_FAILURE

$ smbstat

Couldn't name file system!

(smbstat.c, smbstat_fs_name, 1373

$ share

IPC$ smb - Remote IPC

c$ /var/smb/cvol smb - Default Share

cat /data/cat smb

$ zfs get share

NAME                              PROPERTY  VALUE  SOURCE

data/cat                          share     name=cat,path=/data/cat,prot=smb local

With valid idmapd which appears to work ok as I can see cached entries in the db:

$ idmap list

add winname:cat unixuser:cat

add winname:Guest@HPE-Backup unixuser:nobody

add winname:Administrator@HPE-Backup unixuser:root

$ idmap dump

gsid:S-1-5-21-2531701364-744833045-3135218578-513 == gid:2147483651

gsid:S-1-5-32-546 == gid:2147483652

gsid:S-1-5-2 == gid:2147483650

To also add, for any MAC OS clients it appears at this moment Time Machine over SMB does not work either, although this is possible to do as described here - https://developer.apple.com/library/archive/releasenotes/NetworkingInternetWeb/Time_Machine_SMB_Spec/index.html

It does appear that SMB creates much network traffic yet only a small amount of data is effectively transferred. On the pool with sync=disabled and constant data being sent this is what I was seeing (every 5s was between 7-9MB):

zpool iostat -v data 5

               capacity     operations    bandwidth

pool        alloc   free   read  write   read  write

----------  -----  -----  -----  -----  -----  -----

data         252G  1.57T      0     84      0  7.68M

  mirror-0   252G  1.57T      0     84      0  7.68M

    c1t2d0      -      -      0     18      0  7.68M

    c1t3d0      -      -      0     18      0  7.68M

My last note to add is idmap rules

"NT Authority" is a user on Windows clients sometimes used, I think this should be added to the "well-known names" as per - https://docs.oracle.com/cd/E23824_01/html/821-1449/createidmappingstrategy.html#mapwellknownnames

Message was edited by: Scott S.
Comments
Post Details
Added on Aug 3 2020
#oracle-solaris, #solaris-11
1 comment
846 views