[samba] ldapsam:trusted = yes kills smbd

Daniel Wilson daniel.wilson at sunderland.ac.uk
Thu Sep 29 22:16:03 GMT 2005 

ok i have now changed the sambaSID on the user nobody to be <gloabl-
sam-sid>-501

it now finds the user nobody but still says it can't find the primary 
group:
for the user nobody, here are my ldap entries:

# nobody, People, Staff, Itacs, sunderland.ac.uk
dn: uid=nobody,ou=People,ou=Staff,ou=Itacs,dc=sunderland,dc=ac,dc=uk
sambaSID: S-1-5-21-82148923-2461359520-1342846908-501
cn: nobody
uid: nobody
gidNumber: 65533
sambaPrimaryGroupSID: S-1-0-0 (which i understand is nobody on windows)
description: UNI-STAFF samba guest domain account
gecos: UNI-STAFF samba guest domain account
loginShell: /bin/false
sambaAcctFlags: [NU         ]
sambaPwdMustChange: 2147483647
sambaPwdCanChange: 0
sambaKickoffTime: 2147483647
sambaLogoffTime: 2147483647
sambaLogonTime: 0
sambaPwdLastSet: 0
homeDirectory: /dev/null
uidNumber: 999
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: top
objectClass: person
sn: nobody

no my nobody group is:

# nobody, groups, Filestore, sunderland.ac.uk
dn: cn=nobody,ou=groups,ou=Filestore,dc=sunderland,dc=ac,dc=uk
sambaGroupType: 2
description: Domain Unix group
displayName: nobody
sambaSID: S-1-0-0
cn: nobody
gidNumber: 65533
memberUid: nobody
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping


here is the output:

Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search: base => [dc=sunderland,dc=ac,dc=uk], filter => [(&
(sambaSID=S-1-5-21-82148923-2461359520-1342846908-501)
(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: nobody
pdb_set_username: setting username nobody, was
pdb_set_domain: setting domain UNI-STAFF, was
pdb_set_nt_username: setting nt username nobody, was
pdb_set_user_sid_from_string: setting user sid S-1-5-21-82148923-
2461359520-1342846908-501
pdb_set_user_sid: setting user sid S-1-5-21-82148923-2461359520-
1342846908-501
pdb_set_group_sid_from_string: setting group sid S-1-0-0
pdb_set_group_sid: setting group sid S-1-0-0
smbldap_get_single_attribute: [displayName] = [<does not exist>]
pdb_set_full_name: setting full name nobody, was
smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>]
pdb_set_dir_drive: setting dir drive , was NULL
smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>]
pdb_set_homedir: setting home dir , was
smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>]
pdb_set_logon_script: setting logon script , was
smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>]
pdb_set_profile_path: setting profile path , was
smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not 
exist>]
smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>]
grant_privilege: S-1-1-0
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-544
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-548
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-549
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-550
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-551
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
account_policy_get: password history:0
smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not 
exist>]
smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not 
exist>]
smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>]
Opening cache file at /usr/local/uni-staff//var/locks/login_cache.tdb
Looking up login cache for user nobody
No cache entry found
No cache entry, bad count = 0, bad time = 0
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
smbldap_search: base => 
[ou=groups,ou=filestore,dc=sunderland,dc=ac,dc=uk], filter => [(&
(objectClass=posixGroup)(|(memberUid=nobody)(gidNumber=65533)))], 
scope => [2]
primary group of [nobody] not found
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_user_groups_from_local_sam failed
attempting to free (and zero) a server_info structure
attempting to free (and zero) a server_info structure

its now 23:10 localtime, would love to get this fixed for the start of 
business day tomorrow! :)

Cheers

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Wilson
Systems Administrator

IT & Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT

Tel: 0191 515 2695

This e-mail contains information which is confidential and may be 
privileged and is for the exclusive use of the recipient. 
It is the responsibility of the recipient to ensure that this message 
and its attachments are virus free. 
Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the University, unless otherwise 
specifically
stated. 

----- Original Message -----
From: Jeremy Allison <jra at samba.org>
Date: Thursday, September 29, 2005 10:44 pm
Subject: Re: [samba] ldapsam:trusted = yes kills smbd

> On Thu, Sep 29, 2005 at 10:43:26PM +0100, Daniel Wilson wrote:
> > Successfully added passdb backend 'guest'
> > Attempting to find an passdb backend to match 
> > ldapsam:ldap://vila.sunderland.ac.uk (ldapsam)
> > Found pdb backend ldapsam
> > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UNI-
> STAFF))]> 
> > Breakpoint 1, 0x00000000005daa33 in smbldap_search ()
> > (gdb)
> > (gdb)
> > (gdb) n
> > Single stepping until exit from function smbldap_search,
> > which has no line number information.
> > smbldap_search: base => [dc=sunderland,dc=ac,dc=uk], filter => [(&
> > (objectClass=sambaDomain)(sambaDomainName=UNI-STAFF))], scope => 
[2]
> > The connection to the LDAP server was closed
> > smbldap_open_connection: ldap://vila.sunderland.ac.uk
> > smbldap_open_connection: connection opened
> > ldap_connect_system: Binding to ldap server 
> > ldap://vila.sunderland.ac.uk as "cn=Directory Manager"
> > ldap_connect_system: succesful connection to the LDAP server
> > ldap_connect_system: LDAP server does not support paged results
> > (gdb) n
> > Single stepping until exit from function pdb_getsampwsid,
> > which has no line number information.
> > 0x00000000005b5306 in make_new_server_info_guest ()
> > (gdb) n
> > Single stepping until exit from function 
make_new_server_info_guest,
> > which has no line number information.
> > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> > [Thread debugging using libthread_db enabled]
> > [New Thread 182909114432 (LWP 8489)]
> > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> > push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> > NT user token: (NULL)
> > UNIX token of user 0
> > Primary group is 0 and contains 0 supplementary groups
> > [Switching to Thread 182909114432 (LWP 8489)]
> > 
> > Breakpoint 1, 0x00000000005daa33 in smbldap_search ()
> > (gdb) n
> > Single stepping until exit from function smbldap_search,
> > which has no line number information.
> > smbldap_search: base => 
> > [ou=groups,ou=filestore,dc=sunderland,dc=ac,dc=uk], filter => [(&
> > 
> (objectClass=posixGroup)(|(memberUid=nobody)(gidNumber=65533)))], 
> > scope => [2]
> > 0x0000000000559503 in ldapsam_enum_group_memberships ()
> > (gdb) n
> > Single stepping until exit from function 
> > Single stepping until exit from function 
make_new_server_info_guest,
> > which has no line number information.
> > 0x00000000005b547d in init_guest_info ()
> > (gdb) n
> > Single stepping until exit from function init_guest_info,
> > which has no line number information.
> > 0x00000000005dd880 in main ()
> > (gdb) n
> > Single stepping until exit from function main,
> > which has no line number information.
> 
> Ok, you're exiting from main() here :
> 
>        if (!init_guest_info())
>                return -1;
> 
> which is an immediate termination. You seem to be connecting
> to the LDAP server but it's failing to look up a guest user
> when looking there.
> 
> This :
> 
>        if (!pdb_getsampwsid(sampass, &guest_sid)) {
>                unbecome_root();
>                return NT_STATUS_NO_SUCH_USER;
>        }
> 
> is failing - it's looking for a user with sid :
> 
> <global-sam-sid>-0x000001F5
> 
> where global-sam-sid is the domain sid of your domain.
> Looks like you don't have this user set up on your ldap
> server.
> 
> Jeremy.
> 
>

More information about the samba mailing list