[Samba] Failed to create BUILTIN\Users group! with idmap backend = ad

Rasmus Larsen rwl at env.dtu.dk
Tue Feb 19 08:13:36 GMT 2008


I'm running Samba version 3.0.28 and having trouble with the automatic creation of builtin groups on the server, I'm using the AD idmap backend. Quite often I get the following error:

[2008/02/18 14:04:25, 2] auth/auth_util.c:create_local_nt_token(941)
  create_local_nt_token: Failed to create BUILTIN\Users group!

This seems to indicate that the server is unable to create builtin accounts, it also happens for the BUILTIN\administrators group and others.

Running "net sam createbuiltingroup" returns: NT_STATUS_ACCESS_DENIED

Can anyone give me a pointer in the right direction.

Config file:
# Security Mode Setup
realm = ER.DTU.DK
workgroup = er
security = ADS
server string = "ERVOL"

# Network Binding and Optimizations
interfaces =
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# User and Group information Setup
idmap backend = ad
#winbind nss info = sfu
winbind nss info = rfc2307

# Enable msDFS, so it can be enabled on specific shares
host msdfs = yes

# Wins
#wins server =

# Simplifies the use of kerberos by populating /etc/krb5.keytab for us.
use kerberos keytab = yes

# Printing Setup, deactivates printing.
printcap name = /etc/printcap
load printers = no
printing = no

# Unix Permissions to NT Permissions setup
nt acl support = yes
dos file mode = yes
map hidden = yes

log level = 2

Rasmus Larsen

More information about the samba mailing list