[Samba] Problem with guest account samba 3.0.23a (smbd wont start)

stephane.purnelle at corman.be stephane.purnelle at corman.be
Fri Jul 28 08:13:58 GMT 2006 

Hi,

I test samba 3.0.23a and I used a existant LDAP tree.

But, samba 3.0.23a won't start : 
In smbd.log : 

......
[2006/07/28 09:58:14, 10] registry/reg_cachehook.c:reghook_cache_add(61)
  reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/Ports]
[2006/07/28 09:58:14, 8] lib/adt_tree.c:pathtree_add(201)
  pathtree_add: Enter
[2006/07/28 09:58:14, 10] lib/adt_tree.c:pathtree_add(268)
  pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/Ports] to tree
[2006/07/28 09:58:14, 8] lib/adt_tree.c:pathtree_add(270)
  pathtree_add: Exit
[2006/07/28 09:58:14, 10] registry/reg_cachehook.c:reghook_cache_add(61)
  reghook_cache_add: Adding key 
[/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares]
[2006/07/28 09:58:14, 8] lib/adt_tree.c:pathtree_add(201)
  pathtree_add: Enter
[2006/07/28 09:58:14, 10] lib/adt_tree.c:pathtree_add(268)
  pathtree_add: Successfully added node 
[HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree
[2006/07/28 09:58:14, 8] lib/adt_tree.c:pathtree_add(270)
  pathtree_add: Exit
[2006/07/28 09:58:14, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/07/28 09:58:14, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/07/28 09:58:14, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/07/28 09:58:14, 5] auth/auth_util.c:debug_nt_user_token(449)
  NT user token: (NULL)
[2006/07/28 09:58:14, 5] auth/auth_util.c:debug_unix_user_token(475)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/07/28 09:58:14, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [dc=corman,dc=be], filter => 
[(&(uid=root)(objectclass=sambaSamAccount))], scope => [2]
[2006/07/28 09:58:14, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396)
  ldapsam_getsampwnam: Unable to locate user [root] count=0
[2006/07/28 09:58:14, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/07/28 09:58:14, 5] 
passdb/pdb_interface.c:pdb_default_uid_to_rid(1217)
  pdb_default_uid_to_rid: Did not find user root (0)
[2006/07/28 09:58:14, 10] passdb/lookup_sid.c:uid_to_sid(1083)
  uid_to_sid: local 0 -> S-1-22-1-0
[2006/07/28 09:58:14, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2]
[2006/07/28 09:58:15, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
  ldapsam_getgroup: Did not find group
[2006/07/28 09:58:15, 10] passdb/lookup_sid.c:gid_to_sid(1127)
  gid_to_sid: local 0 -> S-1-22-2-0
[2006/07/28 09:58:15, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
  store_gid_sid_cache: gid 0 in cache -> S-1-22-2-0
[2006/07/28 09:58:15, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2]
[2006/07/28 09:58:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
  ldapsam_getgroup: Did not find group
[2006/07/28 09:58:26, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2006/07/28 09:58:35, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
  ldapsam_getgroup: Did not find group
[2006/07/28 09:58:35, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-22-1-0)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-32-544)))], 
scope => [2]
[2006/07/28 09:58:50, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: ou=groupes,dc=corman,dc=be, error: Timed out ()
[2006/07/28 09:58:50, 10] auth/auth_util.c:add_aliases(631)
  pdb_enum_alias_memberships failed: NT_STATUS_UNSUCCESSFUL
[2006/07/28 09:58:50, 10] registry/reg_db.c:regdb_open(248)
  regdb_open: incrementing refcount (1)
[2006/07/28 09:58:50, 7] registry/reg_frontend.c:regkey_open_internal(359)
  regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services]
[2006/07/28 09:58:50, 10] registry/reg_cachehook.c:reghook_cache_find(95)
  reghook_cache_find: Searching for keyname 
[/HKLM/SYSTEM/CurrentControlSet/Services]
[2006/07/28 09:58:50, 10] lib/adt_tree.c:pathtree_find(341)
  pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services]
[2006/07/28 09:58:50, 10] lib/adt_tree.c:pathtree_find(413)
  pathtree_find: Exit
[2006/07/28 09:58:50, 5] registry/reg_frontend.c:registry_access_check(59)
  registry_access_check: using root's token
[2006/07/28 09:58:50, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(907)
  fetch sid from uid cache 0 -> S-1-22-1-0
[2006/07/28 09:58:50, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979)
  fetch sid from gid cache 0 -> S-1-22-2-0
[2006/07/28 09:58:50, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2]
[2006/07/28 09:58:59, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
  ldapsam_getgroup: Did not find group
[2006/07/28 09:58:59, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2006/07/28 09:59:08, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
  ldapsam_getgroup: Did not find group
[2006/07/28 09:59:08, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-22-1-0)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-32-544)))], 
scope => [2]
[2006/07/28 09:59:23, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: ou=groupes,dc=corman,dc=be, error: Timed out ()
[2006/07/28 09:59:23, 10] auth/auth_util.c:add_aliases(631)
  pdb_enum_alias_memberships failed: NT_STATUS_UNSUCCESSFUL
[2006/07/28 09:59:23, 10] lib/util_seaccess.c:se_access_check(233)
  se_access_check: requested access 0x000f003f, for NT token with 3 
entries and first sid S-1-1-0.
[2006/07/28 09:59:23, 3] lib/util_seaccess.c:se_access_check(250)
[2006/07/28 09:59:23, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-7
  se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 
20019, current desired = f003f
  se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = 
f003f, current desired = d0026
[2006/07/28 09:59:23, 5] lib/util_seaccess.c:se_access_check(314)
  se_access_check: access (f003f) denied.
[2006/07/28 09:59:23, 10] registry/reg_db.c:regdb_close(279)
  regdb_close: decrementing refcount (1)
[2006/07/28 09:59:23, 0] services/services_db.c:svcctl_init_keys(420)
  init_services_keys: key lookup failed! (WERR_ACCESS_DENIED)
[2006/07/28 09:59:23, 10] registry/reg_db.c:regdb_close(279)
  regdb_close: decrementing refcount (0)
[2006/07/28 09:59:23, 10] printing/nt_printing.c:update_c_setprinter(710)
  update_c_setprinter: c_setprinter = 0
[2006/07/28 09:59:23, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/07/28 09:59:23, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/07/28 09:59:23, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/07/28 09:59:23, 5] auth/auth_util.c:debug_nt_user_token(449)
  NT user token: (NULL)
[2006/07/28 09:59:23, 5] auth/auth_util.c:debug_unix_user_token(475)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/07/28 09:59:23, 6] passdb/pdb_interface.c:pdb_getsampwsid(320)
  pdb_getsampwsid: Building guest account
[2006/07/28 09:59:23, 10] passdb/pdb_get_set.c:pdb_set_username(534)
  pdb_set_username: setting username quser, was
[2006/07/28 09:59:23, 10] passdb/pdb_get_set.c:pdb_set_fullname(603)
  pdb_set_full_name: setting full name System User, was
[2006/07/28 09:59:23, 10] passdb/pdb_get_set.c:pdb_set_domain(557)
  pdb_set_domain: setting domain SAMBA, was
[2006/07/28 09:59:23, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(gidNumber=221))], scope => [2]
[2006/07/28 09:59:24, 2] passdb/pdb_ldap.c:init_group_from_ldap(2136)
  init_group_from_ldap: Entry found for group: 221
[2006/07/28 09:59:24, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
  store_gid_sid_cache: gid 221 in cache -> 
S-1-5-21-2525780297-265556163-1256307271-513
[2006/07/28 09:59:24, 10] passdb/lookup_sid.c:gid_to_sid(1127)
  gid_to_sid: local 221 -> S-1-5-21-2525780297-265556163-1256307271-513
[2006/07/28 09:59:24, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
  store_gid_sid_cache: gid 221 in cache -> 
S-1-5-21-2525780297-265556163-1256307271-513
[2006/07/28 09:59:24, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999)
  fetch gid from cache 221 -> S-1-5-21-2525780297-265556163-1256307271-513
[2006/07/28 09:59:24, 10] passdb/pdb_get_set.c:pdb_set_group_sid(521)
  pdb_set_group_sid: setting group sid 
S-1-5-21-2525780297-265556163-1256307271-513
[2006/07/28 09:59:24, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463)
  pdb_set_user_sid: setting user sid 
S-1-5-21-2525780297-265556163-1256307271-501
[2006/07/28 09:59:24, 10] 
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
  pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-2525780297-265556163-1256307271-501 from 
rid 501
[2006/07/28 09:59:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/07/28 09:59:24, 10] lib/util_pw.c:getpwnam_alloc(76)
  Got quser from pwnam_cache
[2006/07/28 09:59:24, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=users,dc=corman,dc=be], filter => 
[(&(objectClass=sambaSamAccount)(uid=quser))], scope => [2]
[2006/07/28 09:59:24, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=posixGroup)(|(memberUid=quser)(gidNumber=221)))], scope => 
[2]
[2006/07/28 09:59:25, 5] auth/auth_util.c:make_server_info_sam(603)
  make_server_info_sam: made server info for user quser -> quser
[2006/07/28 09:59:25, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2]
[2006/07/28 09:59:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
  ldapsam_getgroup: Did not find group
[2006/07/28 09:59:34, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2006/07/28 09:59:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213)
  ldapsam_getgroup: Did not find group
[2006/07/28 09:59:42, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [ou=groupes,dc=corman,dc=be], filter => 
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2525780297-265556163-1256307271-501)(sambaSIDList=S-1-5-21-2525780297-265556163-1256307271-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)(sambaSIDList=S-1-5-21-2525780297-265556163-1256307271-514)))], 
scope => [2]
[2006/07/28 09:59:57, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: ou=groupes,dc=corman,dc=be, error: Timed out ()
[2006/07/28 09:59:57, 10] auth/auth_util.c:add_aliases(631)
  pdb_enum_alias_memberships failed: NT_STATUS_UNSUCCESSFUL
[2006/07/28 09:59:57, 10] 
auth/auth_util.c:make_new_server_info_guest(1364)
  create_local_token failed: NT_STATUS_NO_SUCH_USER
[2006/07/28 09:59:57, 0] smbd/server.c:main(960)
  ERROR: failed to setup guest info.


- What is sambaSIDList ?
- In changelog of samba 3.0.23, we can read : 
 * BUG 3905: Fix smbd startup failure caused by a failure to create an NT 
token for the guest account.

My quser account which is the quest account have SID ...

-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

More information about the samba mailing list