[Samba] Failed to setup guest info
Dean Crawford
dcrawford at shaw.ca
Mon Sep 4 22:32:36 GMT 2006
I've been trying for the past week to get Samba and LDAP to work
together as a PDC on my Gentoo box and allow some XP boxes to get in.
I've read and followed the how-to's (emerged and unmergred more then a
few times)
My LDAP accounts all seem to work when I do the ssh test into them.
Changing the domain in XP fails with the "network path not found error"
even after all the registry tweaks. While tring to work through this
issue I discoved that smbd is not starting correctly.
Code:
thebird # tail /var/log/samba/log.smbd
[2006/08/24 20:28:01, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/08/24 20:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/24 20:28:01, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/24 20:28:01, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979)
fetch sid from gid cache 65534 -> S-1-22-2-65534
[2006/08/24 20:28:01, 0] smbd/server.c:main(960)
ERROR: failed to setup guest info.
I'm thinking that the failed to setup guest info needs to be the first
thing fixed. I thought I had disabled guest accounts in my smb.conf so
don't understand why it fails.
I have samba-3.0.23a installed. Here is my smb.conf. I don't have
networked printers so I commented out all the printer calls.
Code:
#======================= Global Settings
=====================================
[global]
# 1. Server Naming Options:
workgroup = CRAWFORD_HOUSE
netbios name = TheBird
server string = LDAP PDC on Samba Server %v
# 2. Printing Options:
; printcap name = cups
; load printers = yes
; printing = cups
; printer admin = @adm
; printer admin = @"Domain Admins"
# 3. Logging Options:
time server = yes
log file = /var/log/samba/log.%m
max log size = 50
log level = 3
# 4. Security and Domain Membership Options:
hosts allow = 192.168.1. 192.168.6. 127.0.0.1
# guest account = smbguest
# map to guest = bad user
security = user
; password level = 8
; username level = 8
encrypt passwords = yes
; unix password sync = Yes
pam password change = yes
; username map = /etc/samba/smbusers
# 5. Browser Control and Networking Options:
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes
; interfaces = 192.168.12.2/24 192.168.13.2/24
local master = yes
os level = 65
domain master = yes
; preferred master = yes
# 6. Domain Control Options:
domain logons = yes
; logon script = %m.bat
; logon script = %U.bat
logon path = \\%L\profiles\%U
logon drive = Z:
logon home = \\%L\%U
add user script = /usr/sbin/smbldap-useradd -m "%u"
# Scripts for LDAP backend (assumes nss_ldap is in use on the domain
controller.
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/userdel -r "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
# Domain groups:
# Domain groups are now configured by using the 'net groupmap' tool
# Samba Password Database configuration:
# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.
passdb backend = ldapsam:ldap://127.0.0.1
ldap delete dn = Yes
; idmap uid = 10000-20000
; idmap gid = 10000-20000
# LDAP configuration for Domain Controlling:
ldap admin dn = cn=Manager,dc=CRAWFORD_HOUSE,dc=NET
ldap ssl = no
# start_tls should run on 389, but samba defaults incorrectly to 636
; ldap port = 389
ldap suffix = dc=CRAWFORD_HOUSE,dc=NET
; ldap server = ldap.mydomain.com
# Seperate suffixes are available for machines, users, groups, and idmap, if
ldap machine suffix = ou=Hosts
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
# 7. Name Resolution Options:
# Windows Internet Name Serving Support Section:
wins support = yes
name resolve order = wins lmhosts host bcast
# WINS Proxy - Tells Samba to answer name resolution queries on
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
dns proxy = no
# 8. File Naming Options:
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
path = /home/%U
browseable = no
valid users = %S
read only = no
create mask = 0664
directory mask = 0775
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
# guest ok = no
path = /var/lib/samba/netlogon
browseable = no
write list = root
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[profiles]
path = /var/lib/samba/profiles
writable = yes
browsable = no
create mode = 0644
directory mode = 0755
guest ok = no
;[printers]
; comment = All Printers
; path = /var/spool/samba
; browseable = no
# to allow user 'guest account' to print.
# guest ok = yes
; writable = no
; printable = yes
create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
; print command = lpr-cups -P %p -o raw %s -r # using client side
printer drivers.
; print command = lpr-cups -P %p %s # using cups own drivers (use
generic PostScript on clients).
# The following two commands are the samba defaults for printing=cups
# change them only if you need different options:
; lpq command = lpq -P %p
; lprm command = cancel %p-%j
;[print$]
; path = /var/lib/samba/printers
; browseable = yes
; read only = yes
; write list = @adm root
# guest ok = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
[public]
comment = Public Stuff
path = /public
public = yes
browseable = yes
write list = @users
testparm seems to indicate no error
Code:
thebird # testparm -v
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Both getent passwd and getent group show nobody listed.
When I stop samba smbd comes up with [!!]
My wife would really appreciate any help in pointing me in the correct
direction so I can again spend time with her again.
Thanks
Dean Crawford
More information about the samba
mailing list