[Samba] Failed to setup guest info

Dean Crawford dcrawford at shaw.ca
Mon Sep 4 22:32:36 GMT 2006 

 I've been trying for the past week to get Samba and LDAP to work 
together as a PDC on my Gentoo box and allow some XP boxes to get in.

I've read and followed the how-to's (emerged and unmergred more then a 
few times)

My LDAP accounts all seem to work when I do the ssh test into them.

Changing the domain in XP fails with the "network path not found error" 
even after all the registry tweaks. While tring to work through this 
issue I discoved that smbd is not starting correctly.

Code:
thebird # tail /var/log/samba/log.smbd
[2006/08/24 20:28:01, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/08/24 20:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/24 20:28:01, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/24 20:28:01, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979)
  fetch sid from gid cache 65534 -> S-1-22-2-65534
[2006/08/24 20:28:01, 0] smbd/server.c:main(960)
  ERROR: failed to setup guest info.


I'm thinking that the failed to setup guest info needs to be the first 
thing fixed. I thought I had disabled guest accounts in my smb.conf so 
don't understand why it fails.

I have samba-3.0.23a installed. Here is my smb.conf. I don't have 
networked printers so I commented out all the printer calls.

Code:
#======================= Global Settings 
=====================================
[global]

# 1. Server Naming Options:
   workgroup = CRAWFORD_HOUSE
   netbios name = TheBird
   server string = LDAP PDC on Samba Server %v

# 2. Printing Options:
;   printcap name = cups
;   load printers = yes
;   printing = cups
;   printer admin = @adm
;   printer admin = @"Domain Admins"

# 3. Logging Options:
   time server = yes
   log file = /var/log/samba/log.%m
   max log size = 50
   log level = 3

# 4. Security and Domain Membership Options:
   hosts allow = 192.168.1. 192.168.6. 127.0.0.1
#  guest account = smbguest
#  map to guest = bad user
   security = user
;  password level = 8
;  username level = 8
  encrypt passwords = yes
;  unix password sync = Yes
  pam password change = yes
;  username map = /etc/samba/smbusers

# 5. Browser Control and Networking Options:
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   interfaces = lo eth0
   bind interfaces only = yes
;  interfaces = 192.168.12.2/24 192.168.13.2/24
   local master = yes
   os level = 65
   domain master = yes
;  preferred master = yes

# 6. Domain Control Options:
   domain logons = yes
;  logon script = %m.bat
;  logon script = %U.bat
   logon path = \\%L\profiles\%U
   logon drive = Z:
   logon home = \\%L\%U
   add user script = /usr/sbin/smbldap-useradd -m "%u"

# Scripts for LDAP backend (assumes nss_ldap is in use on the domain 
controller.
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   delete user script = /usr/sbin/userdel -r "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

# Domain groups:
# Domain groups are now configured by using the 'net groupmap' tool

# Samba Password Database configuration:
# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.
   passdb backend = ldapsam:ldap://127.0.0.1
   ldap delete dn = Yes
;  idmap uid = 10000-20000
;  idmap gid = 10000-20000

# LDAP configuration for Domain Controlling:
   ldap admin dn = cn=Manager,dc=CRAWFORD_HOUSE,dc=NET
   ldap ssl = no

# start_tls should run on 389, but samba defaults incorrectly to 636
;  ldap port = 389
   ldap suffix = dc=CRAWFORD_HOUSE,dc=NET
;  ldap server = ldap.mydomain.com

# Seperate suffixes are available for machines, users, groups, and idmap, if
   ldap machine suffix = ou=Hosts
   ldap user suffix = ou=People
   ldap group suffix = ou=Group
   ldap idmap suffix = ou=Idmap

# 7. Name Resolution Options:
# Windows Internet Name Serving Support Section:
   wins support = yes
   name resolve order = wins lmhosts host bcast

# WINS Proxy - Tells Samba to answer name resolution queries on
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
   dns proxy = no

# 8. File Naming Options:
;   preserve case = no
;   short preserve case = no
# Default case is normally upper case for all DOS files
;   default case = lower
# Be very careful with case sensitivity - it can break things!
;   case sensitive = no

#============================ Share Definitions 
==============================
[homes]
   comment = Home Directories
   path = /home/%U
   browseable = no
   valid users = %S
   read only = no
   create mask = 0664
   directory mask = 0775

# Un-comment the following and create the netlogon directory for Domain 
Logons
[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
#  guest ok = no
   path = /var/lib/samba/netlogon
   browseable = no
   write list = root

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
 [profiles]
   path = /var/lib/samba/profiles
   writable = yes
   browsable = no
   create mode = 0644
   directory mode = 0755
   guest ok = no

;[printers]
;   comment = All Printers
;   path = /var/spool/samba
;   browseable = no
# to allow user 'guest account' to print.
#   guest ok = yes
;   writable = no
;   printable = yes
    create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
;   print command = lpr-cups -P %p -o raw %s -r   # using client side 
printer drivers.
;   print command = lpr-cups -P %p %s # using cups own drivers (use 
generic PostScript on clients).
# The following two commands are the samba defaults for printing=cups
# change them only if you need different options:
;   lpq command = lpq -P %p
;   lprm command = cancel %p-%j

;[print$]
;   path = /var/lib/samba/printers
;   browseable = yes
;   read only = yes
;   write list = @adm root
#   guest ok = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
 [public]
    comment = Public Stuff
    path = /public
    public = yes
    browseable = yes
    write list = @users

testparm seems to indicate no error

Code:
thebird # testparm -v
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC

Both getent passwd and getent group show nobody listed.


When I stop samba smbd comes up with [!!]

My wife would really appreciate any help in pointing me in the correct 
direction so I can again spend time with her again.

Thanks

Dean Crawford

More information about the samba mailing list