Noisy Winbindd messages in log after U6.1 upgrade

[rebytr]

Noticed after applying the U6.1 update, every 5 minutes I'm seeing these messages in my log:

winbindd 1318 - - [2021/11/12 06:31:54.172332, 0] ../../source3/rpc_server/rpc_ncacn_np.c:457(rpcint_dispatch)
winbindd 1318 - - rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR

I have a couple of SMB shares setup and they all seem to be working just fine. Based on what I could find regarding the error, if the server role is set to standalone, then you should disable winbindd. However I wasn't sure how to disable winbindd or if that was a legit fix. Anyone else seeing this or have a fix? let me know if additional logs/config info would help.

smb4.conf file:

[global]
dns proxy = No
aio max threads = 2
max log size = 5120
load printers = No
printing = bsd
disable spoolss = Yes
dos filemode = Yes
kernel change notify = No
directory name cache size = 0
nsupdate command = /usr/local/bin/samba-nsupdate -g
unix charset = UTF-8
log level = 0 auth_json_audit:3@/var/log/samba4/auth_audit.log
obey pam restrictions = False
enable web service discovery = True
username map = /usr/local/etc/smbusername.map
username map cache time = 60
logging = syslog@0 file
server min protocol = NT1
map to guest = Bad User
ntlm auth = Yes
client ntlmv2 auth = No
server string = FreeNAS Server
fruit:nfs_aces = No
bind interfaces only = Yes
netbios name = freenas
netbios aliases =
server role = standalone
workgroup = WORKGROUP

 

[anodos]

Can you PM me a debug please? System->Advanced->Save Debug

 

[anodos]

Disabling winbindd isn't the correct solution.

 

[GBillR]

Any update on this? I have the same errors following update to 12.0U6.1:

Code:

Nov 14 15:47:44 Enterprise 1 2021-11-14T15:47:44.220915-05:00 Enterprise.---------.com winbindd 1516 - - [2021/11/14 15:47:44.220890,  0] ../../source3/rpc_server/rpc_ncacn_np.c:457(rpcint_dispatch)
Nov 14 15:47:44 Enterprise 1 2021-11-14T15:47:44.220936-05:00 Enterprise.---------.com winbindd 1516 - -   rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 14 15:49:27 Enterprise 1 2021-11-14T15:49:27.439240-05:00 Enterprise.---------.com smbd 70193 - - [2021/11/14 15:49:27.439169,  1] ../../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Nov 14 15:49:27 Enterprise 1 2021-11-14T15:49:27.439258-05:00 Enterprise.---------.com smbd 70193 - -   Failed to fetch record!

 

[Samuel Tai]

According to https://www.samba.org/~metze/presen...her_sdc2016_dcerpc_security_rev0-handout2.pdf, the DCERPC_NCA_S_OP_RNG_ERROR message typically means an unimplemented MS-RPC handler within Samba for an opnum sent by the client. I suspect this is due to Samba not implementing the IPC$ share, and is basically a cosmetic error that can be ignored. On my system, I only see this error when I try to enumerate shares in Network Neighborhood.

 

[TheExpert]

Same issue ever since U6.1

I hope this gets resolved soon.

 

[tortue]

Same issue ever since U6.1

I hope this gets resolved soon.

Ditto.

Same issue remains in U7.

 

[Dave Grabowski]

After upgrading from 12.0U5 to 12.0U7, this error is appearing in my logs. Seems to be cosmetic, as everything seems to work fine.

The SMB portion of my TrueNAS system is a workgroup fileserver for a couple of clients. There's no AD domain. Very simple.

Since the errors appear to be coming from winbindd, on a whim I tried adding "server services = -winbindd" to the SMB advanced settings, and confirmed that this got added to /etc/local/smb4.conf. However, winbindd still starts when SMB restarts and the errors remain.

Happy to provide debug logs or whatever else is necessary to try to resolve this.

 

[anodos]

Winbindd is required for non-domain-joined cases for builtin / well-known sids.

 

[daff]

Noticed after applying the U6.1 update, every 5 minutes I'm seeing these messages in my log:

I have a couple of SMB shares setup and they all seem to be working just fine. Based on what I could find regarding the error, if the server role is set to standalone, then you should disable winbindd. However I wasn't sure how to disable winbindd or if that was a legit fix. Anyone else seeing this or have a fix? let me know if additional logs/config info would help.

smb4.conf file:

Hi!
Try disabling SMB1 support

 

[Dave Grabowski]

Hi!
Try disabling SMB1 support

No change - the errors keep coming.

Also, turning off SMB1 breaks connectivity to WinXP (yes, I know... I have software that requires an XP VM)

 

[Baenwort]

So it seems to be a problem with samba4 itself.

209660 – net/samba4*: samba_server service file force runs all daemons if called with 'onestart'

bugs.freebsd.org

not sure what we can do but hope that the maintainer takes the patch someone made for the bug.

 

[anodos]

No. We don't use same port as upstream FreeBSD. winbindd is expected to be running in this case. I'm not seeing the error message in Samba 4.15 / TrueNAS 13, and it appears to be related to internal RPC issued when winbindd tries to enumerate trusted domains. I haven't had time to investigate yet, too many irons in the fire right now. There were some hugely impactful changes in between U6 and U6.1 due to major CVE in samba / winbindd.

 

[TheExpert]

After update today to -U8 , the noisy messages persist

 

[Perm1990]

Hello. Any news on this problem?

 

[tortue]

I upgraded to 13U1 yesterday and have not seen the winbindd messages since. Though unrelated, I am getting a diff smbd msg now, but haven't looked into it yet. Seems like it's fixable.

Robert