Created attachment 1248638 [details]
smb log with debug = 3 enabled.

Description of problem:  When Customer tries to access Gluster CIFS share using ADS it fails on the first attempt and then succeeds for subsequent attempts.  If they leave for some time and come back it follow the same pattern. 

They have this issue on 2 nodes running RHEL7.x, but on the previous version running RHEL6 they did not experience this, and still have 2 nodes running rhel6 which they will leave in production while this is resolved on these 2 nodes that are not working. I believe this issue is related to a bug that has been found in samba version 4.1 and newer.  Rhel7 uses samba 4.4, while rhel6 is using samba 3.6.  

In the log snippet below you will see that the username/passwords is succesful, but the SID to UID conversion returned a -1 value. This is addressed in the below samba bug [1]

[1] https://bugzilla.samba.org/show_bug.cgi?id=10604

I am opening this bug for Engineering to OK the patch that has been create for this bugzilla and implement a fix or give the OK to apply the samba patch. 




Version-Release number of selected component (if applicable):Gluster 3.1/Rhel7/samba 4.4


How reproducible:every time. 


Steps to Reproduce:
1.attempt to access share with ADS configured, first attempt fails
2.second attempt succeeds. 
3.

Actual results:

[2017/02/08 09:43:11.592254,  3, pid=7736] ../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [ETS]\[dzuckerman]@[TYR] with the new password interface
[2017/02/08 09:43:11.592271,  3, pid=7736] ../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [ETS]\[dzuckerman]@[TYR]
[2017/02/08 09:43:11.599836,  3, pid=7736] ../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: winbind authentication for user [dzuckerman] succeeded
[2017/02/08 09:43:11.599876,  2, pid=7736] ../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [dzuckerman] -> [dzuckerman] -> [dzuckerman] succeeded   <------------ The username/password is succeeding. 
[2017/02/08 09:43:11.599910,  3, pid=7736] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/02/08 09:43:11.599920,  3, pid=7736] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2017/02/08 09:43:11.599946,  3, pid=7736] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/02/08 09:43:11.599957,  3, pid=7736] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2017/02/08 09:43:11.605893,  1, pid=7736] ../source3/auth/token_util.c:430(add_local_groups)
  SID S-1-5-21-8915387-1766009709-1703228666-10401 -> getpwuid(4294967295) failed        <------------------------The SID to UID mapping is what's failing
[2017/02/08 09:43:11.605926,  3, pid=7736] ../source3/auth/token_util.c:316(create_local_nt_token_from_info3)
  Failed to finalize nt token
[2017/02/08 09:43:11.605939,  1, pid=7736] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego)
  Failed to generate session_info (user and group token) for session setup: NT_STATUS_UNSUCCESSFUL
[2017/02/08 09:43:11.605975,  3, pid=7736] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/sesssetup.c(293) cmd=115 (SMBsesssetupX) NT_STATUS_UNSUCCESSFUL
[2017/02/08 09:43:11.606394,  3, pid=7736] ../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (failed to receive smb request)
[2017/02/08 09:43:11.609261,  3, pid=7597] ../source3/lib/util_procid.c:54(pid_to_procid)
  pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
[2017/02/08 09:43:11.609672,  3, pid=7597] ../source3/lib/dbwrap/dbwrap_ctdb.c:1715(db_open_ctdb)
  db_open_ctdb: opened database 'serverid.tdb' with dbid 0x9ec2a880



Expected results:

The Cifs access should work the first attempt.  


Additional info: