Prev: Attempting to Join Domain
Next: [Samba] Samba and problem with DAPI (Crypto Api)
From: Simon Kelly on 22 Aug 2006 02:00
Hi everybody.

This is my first post here - Im hoping that someone out there can
shed some light on my little problem, it's starting to drive me
nuts! :)

Ive had a look through the archives as well as other methods for
finding a solution to my problem but to no avail, so I decided to
post here - hope you dont mind!

Im migrating an old samba 2.2 PDC to a new system running 3.0.23, we
have a requirement not to have local users on this new machine - no
problems says I , this will give me a chance to try out an ldapsam
backend with ldapsam:trusted.

I have populated the nobody and root user accounts (as well as some
test users) into LDAP but when I try to start samba, it fails with a
"ERROR: failed to setup guest info." error in log.smbd.

From what I have seen from a debug level 3 log (attached) of this
sequence, it binds to the LDAP directory, finds the root user, hits a
permission error (WERR_ACCESS_DENIED) along the way, starts to find
my nobody user (I see references to nobody's uid - 60001 - in the
log) and then bombs out. nmdb starts up but smbd doesnt come up (for
more than a second anyway, if at all)

Our directory already has the samba schemas installed and this
directory serves PDC requests for another of our domains (that has
local unix users defined) - so I am assuming that this is not a
schema issue. I am thinking that I have missed something rather
obvious along the way, as it is my first time attempting this, or i
have done something completely wrong fundamentally and digging myself
a deeper and deeper hole as I continue?!

Any help would be GREATLY appreciated :)

I have included copies of my log.smbd (debug level 3) , my smb.conf
and a dump of my root,nobody and nobody group ldap entries. If you
need any more information - just ask.

Thanks

Simon

(log.smbd)

[2006/08/22 11:44:58, 0] smbd/server.c:main(847)
smbd version 3.0.23 started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/08/22 11:44:58, 2] param/loadparm.c:do_section(3704)
Processing section "[homes]"
[2006/08/22 11:44:58, 2] param/loadparm.c:do_section(3704)
Processing section "[netlogon]"
[2006/08/22 11:44:58, 2] param/loadparm.c:do_section(3704)
Processing section "[Profiles]"
[2006/08/22 11:44:58, 3] param/loadparm.c:lp_add_ipc(2629)
adding IPC service
[2006/08/22 11:44:58, 3] printing/pcap.c:pcap_cache_reload(117)
reloading printcap cache
[2006/08/22 11:44:59, 3] printing/print_svid.c:sysv_cache_reload(72)
No Printers found!!!
[2006/08/22 11:44:59, 3] printing/pcap.c:pcap_cache_reload(223)
reload status: error
[2006/08/22 11:44:59, 3] printing/pcap.c:pcap_cache_reload(117)
reloading printcap cache
[2006/08/22 11:44:59, 3] printing/print_svid.c:sysv_cache_reload(72)
No Printers found!!!
[2006/08/22 11:44:59, 3] printing/pcap.c:pcap_cache_reload(223)
reload status: error
[2006/08/22 11:44:59, 2] lib/interface.c:add_interface(81)
added interface ip=130.95.72.10 bcast=130.95.72.255
nmask=255.255.255.0
[2006/08/22 11:44:59, 2] lib/interface.c:add_interface(81)
added interface ip=130.95.136.10 bcast=130.95.136.255
nmask=255.255.255.0
[2006/08/22 11:44:59, 3] smbd/server.c:main(877)
loaded services
[2006/08/22 11:44:59, 3] smbd/server.c:main(892)
Becoming a daemon.
[2006/08/22 11:44:59, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
Registered MSG_REQ_POOL_USAGE
[2006/08/22 11:44:59, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2006/08/22 11:44:59, 2] lib/smbldap_util.c:smbldap_search_domain_info
(219)
smbldap_search_domain_info: Searching for:[(&
(objectClass=sambaDomain)(sambaDomainName=EE-CIIPS2))]
[2006/08/22 11:44:59, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2006/08/22 11:44:59, 3] lib/smbldap.c:smbldap_connect_system(992)
ldap_connect_system: succesful connection to the LDAP server
[2006/08/22 11:44:59, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/08/22 11:44:59, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/08/22 11:44:59, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/22 11:44:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: root
[2006/08/22 11:44:59, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/22 11:44:59, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
store_gid_sid_cache: gid 0 in cache -> S-1-22-2-0
[2006/08/22 11:44:59, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache
(907)
fetch sid from uid cache 0 ->
S-1-5-21-2285122461-3938449209-3485319758-1000
[2006/08/22 11:44:59, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache
(979)
fetch sid from gid cache 0 -> S-1-22-2-0
[2006/08/22 11:44:59, 3] lib/util_seaccess.c:se_access_check(250)
[2006/08/22 11:44:59, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-7
[2006/08/22 11:44:59, 0] services/services_db.c:svcctl_init_keys(420)
init_services_keys: key lookup failed! (WERR_ACCESS_DENIED)
[2006/08/22 11:44:59, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/08/22 11:44:59, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/08/22 11:44:59, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/22 11:44:59, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
store_gid_sid_cache: gid 60001 in cache -> S-1-22-2-60001
[2006/08/22 11:44:59, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999)
fetch gid from cache 60001 -> S-1-22-2-60001
[2006/08/22 11:44:59, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/22 11:44:59, 0] smbd/server.c:main(960)
ERROR: failed to setup guest info.

(smb.conf)

[global]

log level = 3

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = EE-CIIPS2
netbios name = ee-ciips2

# server string is the equivalent of the NT Description field
server string = CIIPS Access Server

# Security mode. Defines in which mode Samba will operate. Possible
# values
 | 
Pages: 1
Prev: Attempting to Join Domain
Next: [Samba] Samba and problem with DAPI (Crypto Api)