[Samba] Failed to setup guest info
Dean Crawford
dcrawford at shaw.ca
Wed Sep 6 05:34:40 GMT 2006
Reading some of the other threads I've also pulled this further
information in a hope someone can point me in the right direction to get
this working.
Extract from pdbedit -Lv nobody
Opening cache file at /var/cache/samba/login_cache.tdb
Looking up login cache for user nobody
No cache entry found
No cache entry, bad count = 0, bad time = 0
Unix username: nobody
NT username: nobody
Account Flags: [NDU ]
User SID: S-1-5-21-3036719436-1097781103-347993853-2998
smbldap_search_ext: base => [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter
=> [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2]
Primary Group SID: S-1-5-21-3036719436-1097781103-347993853-513
Full Name: nobody
Home Directory: \\PDC-SRV\nobody
HomeDir Drive: H:
Logon Script:
Profile Path: \\PDC-SRV\profiles\nobody
Domain: CRAWFORD_HOUSE
/var/log/samba/log.smbd with log level = 9
[2006/09/05 22:24:13, 6] passdb/pdb_interface.c:pdb_getsampwsid(320)
pdb_getsampwsid: Building guest account
[2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter
=> [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2]
[2006/09/05 22:24:13, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
store_gid_sid_cache: gid 65534 in cache -> S-1-22-2-65534
[2006/09/05 22:24:13, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999)
fetch gid from cache 65534 -> S-1-22-2-65534
[2006/09/05 22:24:13, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/05 22:24:13, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/09/05 22:24:13, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/09/05 22:24:13, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/09/05 22:24:13, 5] auth/auth_util.c:debug_nt_user_token(449)
NT user token: (NULL)
[2006/09/05 22:24:13, 5] auth/auth_util.c:debug_unix_user_token(475)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/09/05 22:24:13, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/09/05 22:24:13, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979)
fetch sid from gid cache 65534 -> S-1-22-2-65534
[2006/09/05 22:24:13, 5] auth/auth_util.c:make_server_info_sam(603)
make_server_info_sam: made server info for user nobody -> nobody
[2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter
=> [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope =>
[2]
[2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=CRAWFORD_HOUSE,dc=NET], filter
=> [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope =>
[2]
[2006/09/05 22:24:13, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=CRAWFORD_HOUSE,dc=NET],
filter =>
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-3036719436-1097781103-347993853-501)(sambaSIDList=S-1-22-2-65534)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))],
scope => [2]
[2006/09/05 22:24:13, 0] smbd/server.c:main(960)
ERROR: failed to setup guest info.
Thanks
Dean Crawford
Dean Crawford wrote:
> I've been trying for the past week to get Samba and LDAP to work
> together as a PDC on my Gentoo box and allow some XP boxes to get in.
>
> I've read and followed the how-to's (emerged and unmergred more then a
> few times)
>
> My LDAP accounts all seem to work when I do the ssh test into them.
>
> Changing the domain in XP fails with the "network path not found
> error" even after all the registry tweaks. While tring to work through
> this issue I discoved that smbd is not starting correctly.
>
> Code:
> thebird # tail /var/log/samba/log.smbd
> [2006/08/24 20:28:01, 3] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2006/08/24 20:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/08/24 20:28:01, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/08/24 20:28:01, 3]
> passdb/lookup_sid.c:fetch_sid_from_gid_cache(979)
> fetch sid from gid cache 65534 -> S-1-22-2-65534
> [2006/08/24 20:28:01, 0] smbd/server.c:main(960)
> ERROR: failed to setup guest info.
>
>
> I'm thinking that the failed to setup guest info needs to be the first
> thing fixed. I thought I had disabled guest accounts in my smb.conf so
> don't understand why it fails.
>
> I have samba-3.0.23a installed. Here is my smb.conf. I don't have
> networked printers so I commented out all the printer calls.
>
> Code:
> #======================= Global Settings
> =====================================
> [global]
>
> # 1. Server Naming Options:
> workgroup = CRAWFORD_HOUSE
> netbios name = TheBird
> server string = LDAP PDC on Samba Server %v
>
> # 2. Printing Options:
> ; printcap name = cups
> ; load printers = yes
> ; printing = cups
> ; printer admin = @adm
> ; printer admin = @"Domain Admins"
>
> # 3. Logging Options:
> time server = yes
> log file = /var/log/samba/log.%m
> max log size = 50
> log level = 3
>
> # 4. Security and Domain Membership Options:
> hosts allow = 192.168.1. 192.168.6. 127.0.0.1
> # guest account = smbguest
> # map to guest = bad user
> security = user
> ; password level = 8
> ; username level = 8
> encrypt passwords = yes
> ; unix password sync = Yes
> pam password change = yes
> ; username map = /etc/samba/smbusers
>
> # 5. Browser Control and Networking Options:
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> interfaces = lo eth0
> bind interfaces only = yes
> ; interfaces = 192.168.12.2/24 192.168.13.2/24
> local master = yes
> os level = 65
> domain master = yes
> ; preferred master = yes
>
> # 6. Domain Control Options:
> domain logons = yes
> ; logon script = %m.bat
> ; logon script = %U.bat
> logon path = \\%L\profiles\%U
> logon drive = Z:
> logon home = \\%L\%U
> add user script = /usr/sbin/smbldap-useradd -m "%u"
>
> # Scripts for LDAP backend (assumes nss_ldap is in use on the domain
> controller.
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/userdel -r "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>
> # Domain groups:
> # Domain groups are now configured by using the 'net groupmap' tool
>
> # Samba Password Database configuration:
> # Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap delete dn = Yes
> ; idmap uid = 10000-20000
> ; idmap gid = 10000-20000
>
> # LDAP configuration for Domain Controlling:
> ldap admin dn = cn=Manager,dc=CRAWFORD_HOUSE,dc=NET
> ldap ssl = no
>
> # start_tls should run on 389, but samba defaults incorrectly to 636
> ; ldap port = 389
> ldap suffix = dc=CRAWFORD_HOUSE,dc=NET
> ; ldap server = ldap.mydomain.com
>
> # Seperate suffixes are available for machines, users, groups, and
> idmap, if
> ldap machine suffix = ou=Hosts
> ldap user suffix = ou=People
> ldap group suffix = ou=Group
> ldap idmap suffix = ou=Idmap
>
> # 7. Name Resolution Options:
> # Windows Internet Name Serving Support Section:
> wins support = yes
> name resolve order = wins lmhosts host bcast
>
> # WINS Proxy - Tells Samba to answer name resolution queries on
> ; wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> dns proxy = no
>
> # 8. File Naming Options:
> ; preserve case = no
> ; short preserve case = no
> # Default case is normally upper case for all DOS files
> ; default case = lower
> # Be very careful with case sensitivity - it can break things!
> ; case sensitive = no
>
> #============================ Share Definitions
> ==============================
> [homes]
> comment = Home Directories
> path = /home/%U
> browseable = no
> valid users = %S
> read only = no
> create mask = 0664
> directory mask = 0775
>
> # Un-comment the following and create the netlogon directory for
> Domain Logons
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> # guest ok = no
> path = /var/lib/samba/netlogon
> browseable = no
> write list = root
>
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> [profiles]
> path = /var/lib/samba/profiles
> writable = yes
> browsable = no
> create mode = 0644
> directory mode = 0755
> guest ok = no
>
> ;[printers]
> ; comment = All Printers
> ; path = /var/spool/samba
> ; browseable = no
> # to allow user 'guest account' to print.
> # guest ok = yes
> ; writable = no
> ; printable = yes
> create mode = 0700
> # =====================================
> # print command: see above for details.
> # =====================================
> ; print command = lpr-cups -P %p -o raw %s -r # using client side
> printer drivers.
> ; print command = lpr-cups -P %p %s # using cups own drivers (use
> generic PostScript on clients).
> # The following two commands are the samba defaults for printing=cups
> # change them only if you need different options:
> ; lpq command = lpq -P %p
> ; lprm command = cancel %p-%j
>
> ;[print$]
> ; path = /var/lib/samba/printers
> ; browseable = yes
> ; read only = yes
> ; write list = @adm root
> # guest ok = yes
>
> # A publicly accessible directory, but read only, except for people in
> # the "staff" group
> [public]
> comment = Public Stuff
> path = /public
> public = yes
> browseable = yes
> write list = @users
>
> testparm seems to indicate no error
>
> Code:
> thebird # testparm -v
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Processing section "[public]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
>
> Both getent passwd and getent group show nobody listed.
>
>
> When I stop samba smbd comes up with [!!]
>
> My wife would really appreciate any help in pointing me in the correct
> direction so I can again spend time with her again.
>
> Thanks
>
> Dean Crawford
More information about the samba
mailing list