[Samba] failed to setup guest info
Dear friends Today i am trying to setup samba+ldap on one of my server, and facing following problem Oct 22 15:43:23 abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] services/services_db.c:svcctl_init_keys(420) Oct 22 15:43:23 abpdel1 smbd[3664]: svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED) Oct 22 15:43:23 abpdel1 smbd[3664]: [2009/10/22 15:43:23, 0] smbd/server.c:main Oct 22 15:43:23 abpdel1 smbd[3664]: ERROR: failed to setup guest info. -- ldap is working perfectly i tested ldap functionality separately. What may be the issue thanks My smb.conf is with attachment thnks http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failed to setup guest info
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dean Crawford wrote: Reading some of the other threads I've also pulled this further information in a hope someone can point me in the right direction to get this working. Extract from pdbedit -Lv nobody Opening cache file at /var/cache/samba/login_cache.tdb Looking up login cache for user nobody No cache entry found No cache entry, bad count = 0, bad time = 0 Unix username:nobody NT username: nobody Account Flags:[NDU] User SID: S-1-5-21-3036719436-1097781103-347993853-2998 You've got the wrong SID for the guest account. pdbedit -x nobody Samba will handle managing the guest user for you. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/sWFIR7qMdg1EfYRAsK5AKDHh8zqDknFQrWHgyDeMk4Tpr0YDgCgrFBB ifR/wOp3VJ+J5E9iC2aCmOk= =7nTZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to setup guest info
Thanks for the quick response. After pdbedit -x nobody pdbedit -Lv nobody reports The LDAP server is succesfully connected pdb backend ldapsam:ldap://127.0.0.1 has a valid init smbldap_search_ext: base = [dc=CRAWFORD_HOUSE,dc=NET], filter = [((uid=nobody)(objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwnam: Unable to locate user [nobody] count=0 Username not found! I still end up with the same error in log.smdb [2006/09/06 06:43:13, 6] passdb/pdb_interface.c:pdb_getsampwsid(320) pdb_getsampwsid: Building guest account [2006/09/06 06:43:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((objectClass=sambaGroupMapping)(gidNumber=65534))], scope = [2] [2006/09/06 06:43:13, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 65534 in cache - S-1-22-2-65534 [2006/09/06 06:43:13, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 65534 - S-1-22-2-65534 [2006/09/06 06:43:13, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/06 06:43:13, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/09/06 06:43:13, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/09/06 06:43:13, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/09/06 06:43:13, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/09/06 06:43:13, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/06 06:43:13, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/06 06:43:13, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) fetch sid from gid cache 65534 - S-1-22-2-65534 [2006/09/06 06:43:13, 5] auth/auth_util.c:make_server_info_sam(603) make_server_info_sam: made server info for user nobody - nobody [2006/09/06 06:43:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope = [2] [2006/09/06 06:43:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope = [2] [2006/09/06 06:43:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-3036719436-1097781103-347993853-501)(sambaSIDList=S-1-22-2-65534)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope = [2] [2006/09/06 06:43:13, 0] smbd/server.c:main(960) ERROR: failed to setup guest info. Dumping pbdedit I see a group nobody still listed # nobody, Groups, CRAWFORD_HOUSE.NET dn: cn=nobody,ou=Groups,dc=CRAWFORD_HOUSE,dc=NET objectClass: posixGroup cn: nobody gidNumber: 1000 trying to remove this gave a cannot remove user's primary group error. No users are mapped to this group. Also in the dump I notice that none of the SID's on the line that fails are listed. Thanks Dean Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dean Crawford wrote: Reading some of the other threads I've also pulled this further information in a hope someone can point me in the right direction to get this working. Extract from pdbedit -Lv nobody Opening cache file at /var/cache/samba/login_cache.tdb Looking up login cache for user nobody No cache entry found No cache entry, bad count = 0, bad time = 0 Unix username:nobody NT username: nobody Account Flags:[NDU] User SID: S-1-5-21-3036719436-1097781103-347993853-2998 You've got the wrong SID for the guest account. pdbedit -x nobody Samba will handle managing the guest user for you. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/sWFIR7qMdg1EfYRAsK5AKDHh8zqDknFQrWHgyDeMk4Tpr0YDgCgrFBB ifR/wOp3VJ+J5E9iC2aCmOk= =7nTZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to setup guest info
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dean Crawford wrote: Thanks for the quick response. After pdbedit -x nobody pdbedit -Lv nobody reports The LDAP server is succesfully connected pdb backend ldapsam:ldap://127.0.0.1 has a valid init smbldap_search_ext: base = [dc=CRAWFORD_HOUSE,dc=NET], filter = [((uid=nobody)(objectclass=sambaSamAccount))], scope = [2] ldapsam_getsampwnam: Unable to locate user [nobody] count=0 Username not found! I still end up with the same error in log.smdb pdb_getsampwsid: Building guest account make_server_info_sam: made server info for user nobody - nobody smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter =[((|(objectclass=sambaGroupMapping)(sambaGroupType=4)) (|(sambaSIDList=S-1-5-21-3036719436-1097781103-347993853-501) (sambaSIDList=S-1-22-2-65534)(sambaSIDList=S-1-1-0) (sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope = [2] ERROR: failed to setup guest info. This implies that the failure is from trying to enumerate local group membership. Try setting 'winbind nested groups = no' as a temporary workaround and let me know what happens. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/t+sIR7qMdg1EfYRAkrtAJ0Vf95zIzRYUsCfKCEZk7pbCZXcEgCfTkAq YuYZIMEvabZsWY5bTr3ge3E= =NTlO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to setup guest info
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dean Crawford wrote: Hi Jerry Yes when I set winbind nested groups = no everything loads correctly. Can I assume this means then that there is something screwy with my groups? No. I think this is our bug somehow. I'll try to track it down. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/4EcIR7qMdg1EfYRAkOeAJ9n6sCiJa1K9+ZPtdOxHc8hQI/95ACg5/Rv LRoEwx85c4sEFD5sLa0wFg0= =VMvL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to setup guest info
Reading some of the other threads I've also pulled this further information in a hope someone can point me in the right direction to get this working. Extract from pdbedit -Lv nobody Opening cache file at /var/cache/samba/login_cache.tdb Looking up login cache for user nobody No cache entry found No cache entry, bad count = 0, bad time = 0 Unix username:nobody NT username: nobody Account Flags:[NDU] User SID: S-1-5-21-3036719436-1097781103-347993853-2998 smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((objectClass=sambaGroupMapping)(gidNumber=65534))], scope = [2] Primary Group SID:S-1-5-21-3036719436-1097781103-347993853-513 Full Name:nobody Home Directory: \\PDC-SRV\nobody HomeDir Drive:H: Logon Script: Profile Path: \\PDC-SRV\profiles\nobody Domain: CRAWFORD_HOUSE /var/log/samba/log.smbd with log level = 9 [2006/09/05 22:24:13, 6] passdb/pdb_interface.c:pdb_getsampwsid(320) pdb_getsampwsid: Building guest account [2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((objectClass=sambaGroupMapping)(gidNumber=65534))], scope = [2] [2006/09/05 22:24:13, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 65534 in cache - S-1-22-2-65534 [2006/09/05 22:24:13, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 65534 - S-1-22-2-65534 [2006/09/05 22:24:13, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/05 22:24:13, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/09/05 22:24:13, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/09/05 22:24:13, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/09/05 22:24:13, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/09/05 22:24:13, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/09/05 22:24:13, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/09/05 22:24:13, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) fetch sid from gid cache 65534 - S-1-22-2-65534 [2006/09/05 22:24:13, 5] auth/auth_util.c:make_server_info_sam(603) make_server_info_sam: made server info for user nobody - nobody [2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope = [2] [2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope = [2] [2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base = [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter = [((|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-3036719436-1097781103-347993853-501)(sambaSIDList=S-1-22-2-65534)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope = [2] [2006/09/05 22:24:13, 0] smbd/server.c:main(960) ERROR: failed to setup guest info. Thanks Dean Crawford Dean Crawford wrote: I've been trying for the past week to get Samba and LDAP to work together as a PDC on my Gentoo box and allow some XP boxes to get in. I've read and followed the how-to's (emerged and unmergred more then a few times) My LDAP accounts all seem to work when I do the ssh test into them. Changing the domain in XP fails with the network path not found error even after all the registry tweaks. While tring to work through this issue I discoved that smbd is not starting correctly. Code: thebird # tail /var/log/samba/log.smbd [2006/08/24 20:28:01, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/08/24 20:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/08/24 20:28:01, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/08/24 20:28:01, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) fetch sid from gid cache 65534 - S-1-22-2-65534 [2006/08/24 20:28:01, 0] smbd/server.c:main(960) ERROR: failed to setup guest info. I'm thinking that the failed to setup guest info needs to be the first thing fixed. I thought I had disabled guest accounts in my smb.conf so don't understand why it fails. I have samba-3.0.23a installed. Here is my smb.conf. I don't have networked printers so I commented out all the printer calls. Code: #=== Global Settings = [global] # 1. Server Naming Options: workgroup = CRAWFORD_HOUSE netbios name = TheBird server string = LDAP PDC on
[Samba] Failed to setup guest info
I've been trying for the past week to get Samba and LDAP to work together as a PDC on my Gentoo box and allow some XP boxes to get in. I've read and followed the how-to's (emerged and unmergred more then a few times) My LDAP accounts all seem to work when I do the ssh test into them. Changing the domain in XP fails with the network path not found error even after all the registry tweaks. While tring to work through this issue I discoved that smbd is not starting correctly. Code: thebird # tail /var/log/samba/log.smbd [2006/08/24 20:28:01, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/08/24 20:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/08/24 20:28:01, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/08/24 20:28:01, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) fetch sid from gid cache 65534 - S-1-22-2-65534 [2006/08/24 20:28:01, 0] smbd/server.c:main(960) ERROR: failed to setup guest info. I'm thinking that the failed to setup guest info needs to be the first thing fixed. I thought I had disabled guest accounts in my smb.conf so don't understand why it fails. I have samba-3.0.23a installed. Here is my smb.conf. I don't have networked printers so I commented out all the printer calls. Code: #=== Global Settings = [global] # 1. Server Naming Options: workgroup = CRAWFORD_HOUSE netbios name = TheBird server string = LDAP PDC on Samba Server %v # 2. Printing Options: ; printcap name = cups ; load printers = yes ; printing = cups ; printer admin = @adm ; printer admin = @Domain Admins # 3. Logging Options: time server = yes log file = /var/log/samba/log.%m max log size = 50 log level = 3 # 4. Security and Domain Membership Options: hosts allow = 192.168.1. 192.168.6. 127.0.0.1 # guest account = smbguest # map to guest = bad user security = user ; password level = 8 ; username level = 8 encrypt passwords = yes ; unix password sync = Yes pam password change = yes ; username map = /etc/samba/smbusers # 5. Browser Control and Networking Options: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = lo eth0 bind interfaces only = yes ; interfaces = 192.168.12.2/24 192.168.13.2/24 local master = yes os level = 65 domain master = yes ; preferred master = yes # 6. Domain Control Options: domain logons = yes ; logon script = %m.bat ; logon script = %U.bat logon path = \\%L\profiles\%U logon drive = Z: logon home = \\%L\%U add user script = /usr/sbin/smbldap-useradd -m %u # Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller. add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/userdel -r %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u # Domain groups: # Domain groups are now configured by using the 'net groupmap' tool # Samba Password Database configuration: # Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below. passdb backend = ldapsam:ldap://127.0.0.1 ldap delete dn = Yes ; idmap uid = 1-2 ; idmap gid = 1-2 # LDAP configuration for Domain Controlling: ldap admin dn = cn=Manager,dc=CRAWFORD_HOUSE,dc=NET ldap ssl = no # start_tls should run on 389, but samba defaults incorrectly to 636 ; ldap port = 389 ldap suffix = dc=CRAWFORD_HOUSE,dc=NET ; ldap server = ldap.mydomain.com # Seperate suffixes are available for machines, users, groups, and idmap, if ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap # 7. Name Resolution Options: # Windows Internet Name Serving Support Section: wins support = yes name resolve order = wins lmhosts host bcast # WINS Proxy - Tells Samba to answer name resolution queries on ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names dns proxy = no # 8. File Naming Options: ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no # Share Definitions == [homes] comment = Home Directories path = /home/%U browseable = no valid users = %S read only = no create mask = 0664 directory mask = 0775 # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path =
