[Samba] Issue when migrating samba domain server to new hardware and samba version

Mike Davis moof84 at temple.edu
Tue Aug 7 15:43:54 GMT 2007 



I’m setting up our new server that will handle file 
storage.  The new system is redhat running samba 3.0.23c.

We currently have this same service running on DEC server 
running version 3.0.20 without any issues.

Here is the smb.conf for both…


[global]

passdb backend = ldapsam:ldap://xxxxxxxxx

ldap suffix = dc=temple,dc=edu

name resolve order = wins bcast hosts

ldap machine suffix = ou=Computers

ldap user suffix = ou=People

ldap admin dn = xxxxx

ldap ssl = start tls

workgroup = ACSLABS

wins server = xxxx


server string = "TUfiles"

security = domain 

#log file = /var/log/samba.log

log level = 5



Now I think something is messed up with the primary group 
sids…

 

Attempting to register passdb backend ldapsam

Successfully added passdb backend 'ldapsam'

Attempting to register passdb backend ldapsam_compat

Successfully added passdb backend 'ldapsam_compat'

Attempting to register passdb backend NDS_ldapsam

Successfully added passdb backend 'NDS_ldapsam'

Attempting to register passdb backend NDS_ldapsam_compat

Successfully added passdb backend 'NDS_ldapsam_compat'

Attempting to register passdb backend smbpasswd

Successfully added passdb backend 'smbpasswd'

Attempting to register passdb backend tdbsam

Successfully added passdb backend 'tdbsam'

Attempting to find an passdb backend to match 
ldapsam:ldap://xxxxxxxx/ (ldapsam)

Found pdb backend ldapsam

smbldap_search_domain_info: Searching for:[(&
(objectClass=sambaDomain)(sambaDomainName=MYBACKPACK-BE))]

smbldap_search_ext: base => [dc=temple,dc=edu], filter => [(&
(objectClass=sambaDomain)(sambaDomainName=MYBACKPACK-BE))], 
scope => [2]

The connection to the LDAP server was closed

smbldap_open_connection: connection opened

ldap_connect_system: succesful connection to the LDAP server

The LDAP server is succesfully connected

pdb backend ldapsam:ldap://xxxxxxxxx/ has a valid init

Netbios name list:-

my_netbios_names[0]="MYBACKPACK-BE"

Attempting to find an passdb backend to match 
ldapsam:ldap://xxxxxxxxxx/ (ldapsam)

Found pdb backend ldapsam

smbldap_search_domain_info: Searching for:[(&
(objectClass=sambaDomain)(sambaDomainName=MYBACKPACK-BE))]

smbldap_search_ext: base => [dc=temple,dc=edu], filter => [(&
(objectClass=sambaDomain)(sambaDomainName=MYBACKPACK-BE))], 
scope => [2]

The connection to the LDAP server was closed

smbldap_open_connection: connection opened

ldap_connect_system: succesful connection to the LDAP server

The LDAP server is succesfully connected

pdb backend ldapsam:ldap://xxxxxxx/ has a valid init

smbldap_search_ext: base => [dc=temple,dc=edu], filter => [(&
(uid=nobody)(objectclass=sambaSamAccount))], scope => [2]

init_sam_from_ldap: Entry found for user: nobody

Home server: mybackpack-be

Home server: mybackpack-be

Opening cache file at /var/cache/samba/login_cache.tdb

Unix username:        nobody

NT username:          nobody

Account Flags:        [U          ]

User SID:             S-1-5-21-1671181371-3057104424-
2529773789-501

smbldap_search_ext: base => [dc=temple,dc=edu], filter => [(&
(objectClass=sambaGroupMapping)(gidNumber=99))], scope => [2]

ldapsam_getgroup: Did not find group

Primary Group SID:    S-1-5-21-424765346-3208026686-
854402210-513

Full Name:            Nobody

Home Directory:       \\mybackpack-be\nobody

HomeDir Drive:        

Logon Script:         

Profile Path:         \\mybackpack-be\nobody\profile

Domain:               MYBACKPACK-BE

Account desc:         

Workstations:         

Munged dial:          

Logon time:           0

Logoff time:          Mon, 18 Jan 2038 22:14:07 EST

Kickoff time:         Mon, 18 Jan 2038 22:14:07 EST

Password last set:    Wed, 01 Aug 2007 14:39:16 EDT

Password can change:  Wed, 01 Aug 2007 14:39:16 EDT

Password must change: Mon, 18 Jan 2038 22:14:07 EST

Last bad password   : 0

Bad password count  : 0

Logon hours         : 
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

 

 

This os what I see in the logs during startup.. only a 
snippet

 

[2007/08/06 12:25:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2

[2007/08/06 12:25:03, 5] auth/auth_util.c:debug_nt_user_token
(448)

  NT user token: (NULL)

[2007/08/06 12:25:03, 5] 
auth/auth_util.c:debug_unix_user_token(474)

  UNIX token of user 0

  Primary group is 0 and contains 0 supplementary groups

[2007/08/06 12:25:03, 5] lib/smbldap.c:smbldap_search_ext
(1179)

  smbldap_search_ext: base => [dc=temple,dc=edu], filter => 
[(&(sambaSID=S-1-5-21-424765346-3208026686-854402210-513)
(objectclass=sambaSamAccount))], scope => [2]

[2007/08/06 12:25:03, 4] 
passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)

  ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-
424765346-3208026686-854402210-513] count=0

[2007/08/06 12:25:03, 5] lib/smbldap.c:smbldap_search_ext
(1179)

  smbldap_search_ext: base => [dc=temple,dc=edu], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-
424765346-3208026686-854402210-513))], scope => [2]

[2007/08/06 12:25:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup
(2213)

  ldapsam_getgroup: Did not find group

[2007/08/06 12:25:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)

  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1

[2007/08/06 12:25:03, 5] 
passdb/pdb_interface.c:lookup_global_sam_rid(1540)

  Can't find a unix id for an unmapped group

[2007/08/06 12:25:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)

  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0

[2007/08/06 12:25:03, 0] 
passdb/passdb.c:lookup_global_sam_name(598)

  User nobody with invalid SID S-1-5-21-1671181371-
3057104424-2529773789-501 in passdb

[2007/08/06 12:25:03, 5] lib/smbldap.c:smbldap_search_ext
(1179)

  smbldap_search_ext: base => [dc=temple,dc=edu], filter => 
[(&(objectClass=sambaGroupMapping)(gidNumber=99))], scope => 
[2]

[2007/08/06 12:25:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup
(2213)

  ldapsam_getgroup: Did not find group

[2007/08/06 12:25:03, 5] lib/smbldap.c:smbldap_search_ext
(1179)

  smbldap_search_ext: base => [dc=temple,dc=edu], filter => 
[(&(objectClass=sambaGroupMapping)(gidNumber=999))], scope 
=> [2]

[2007/08/06 12:25:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup
(2213)

  ldapsam_getgroup: Did not find group

[2007/08/06 12:25:03, 5] lib/smbldap.c:smbldap_search_ext
(1179)

  smbldap_search_ext: base => [dc=temple,dc=edu], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], 
scope => [2]

[2007/08/06 12:25:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup
(2213)

  ldapsam_getgroup: Did not find group

[2007/08/06 12:25:03, 5] lib/smbldap.c:smbldap_search_ext
(1179)

  smbldap_search_ext: base => [dc=temple,dc=edu], filter => 
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], 
scope => [2]

[2007/08/06 12:25:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup
(2213)

  ldapsam_getgroup: Did not find group

[2007/08/06 12:25:03, 5] lib/smbldap.c:smbldap_search_ext
(1179)

  smbldap_search_ext: base => [dc=temple,dc=edu], filter => 
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|
(sambaSIDList=S-1-22-1-99)(sambaSIDList=S-1-22-2-99)
(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-
1-5-32-546)(sambaSIDList=S-1-22-2-999)))], scope => [2]

[2007/08/06 12:25:04, 0] smbd/server.c:main(960)

  ERROR: failed to setup guest info.

 Did something change in the code or am I forgetting to do 
something?

More information about the samba mailing list