[Samba] Problems configuring Samba PDC + FDS error "No privileges assigned to SID"

Me gm4rtin at gmail.com
Fri Jan 4 20:41:41 GMT 2008 

I am having trouble getting samba-3.0.24-11 setup as a PDC with an
ldap backend using FDS on a FC6 test box.  I have installed the
1.0.4-1 version of the directory server accepting the defaults except
for the server name with out any problems.  I can query the directory
server and it is populated with the proper objects.  I am using the
instructions in the Howto:Samba documentation on the FDS Wiki site
<http://directory.fedoraproject.org/wiki/Howto:Samba>.  I am able to
perform all of the tasks without any problems until I get to the part
of the install that has me run the following command:

net groupmap list

[2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(3051)
 ldapsam_setsamgrent: LDAP search failed: No such object
[2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(3123)
 ldapsam_enum_group_mapping: Unable to open passdb

I can query the directory successfully with the following output:

ldapsearch -b dc=test,dc=com -x 'Domain*'

# extended LDIF
#
# LDAPv3
# base <dc=test,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: Domain*
#

# test.com
dn: dc=test,dc=com

# Directory Administrators, test.com
dn: cn=Directory Administrators, dc=test,dc=com

# Groups, test.com
dn: ou=Groups, dc=test,dc=com

# People, test.com
dn: ou=People, dc=test,dc=com

# Special Users, test.com
dn: ou=Special Users,dc=test,dc=com

# Accounting Managers, groups, test.com
dn: cn=Accounting Managers,ou=groups,dc=test,dc=com

# HR Managers, groups, test.com
dn: cn=HR Managers,ou=groups,dc=test,dc=com

# QA Managers, groups, test.com
dn: cn=QA Managers,ou=groups,dc=test,dc=com

# PD Managers, groups, test.com
dn: cn=PD Managers,ou=groups,dc=test,dc=com

# DOMAIN, test.com
dn: sambaDomainName=DOMAIN,dc=test,dc=com

# Domain Admins, Groups, test.com
dn: cn=Domain Admins,ou=Groups,dc=test,dc=com

# Domain Users, Groups, test.com
dn: cn=Domain Users,ou=Groups,dc=test,dc=com

# Domain Guests, Groups, test.com
dn: cn=Domain Guests,ou=Groups,dc=test,dc=com

# Domain Computers, Groups, test.com
dn: cn=Domain Computers,ou=Groups,dc=test,dc=com

# IS, Groups, test.com
dn: cn=IS,ou=Groups,dc=test,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 16
# numEntries: 15

If I start samba I get the "No privileges assigned to SID" message"  I
have attached a copy of the log below:

[2008/01/04 14:52:07, 0] smbd/server.c:main(847)
 smbd version 3.0.24-11.fc6 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2006
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
 Processing section "[homes]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
 Processing section "[is]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
 Processing section "[netlogon]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
 Processing section "[profiles]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
 Processing section "[public]"
[2008/01/04 14:52:07, 3] param/loadparm.c:lp_add_ipc(2632)
 adding IPC service
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117)
 reloading printcap cache
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223)
 reload status: ok
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117)
 reloading printcap cache
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223)
 reload status: ok
[2008/01/04 14:52:07, 2] lib/interface.c:add_interface(81)
 added interface ip=10.10.1.1 bcast=10.10.255.255 nmask=255.255.0.0
[2008/01/04 14:52:07, 3] smbd/server.c:main(877)
 loaded services
[2008/01/04 14:52:07, 3] smbd/server.c:main(892)
 Becoming a daemon.
[2008/01/04 14:52:07, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
 Registered MSG_REQ_POOL_USAGE
[2008/01/04 14:52:07, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
 Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2008/01/04 14:52:07, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
 smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
[2008/01/04 14:52:07, 2] lib/smbldap.c:smbldap_open_connection(788)
 smbldap_open_connection: connection opened
[2008/01/04 14:52:07, 3] lib/smbldap.c:smbldap_connect_system(992)
 ldap_connect_system: succesful connection to the LDAP server
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-22-1-0]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
 se_access_check: user sid is S-1-22-1-0
 se_access_check: also S-1-5-32-544
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID
[S-1-5-21-472181036-45513010-2561742549-501]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-22-2-99]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
 get_privileges: No privileges assigned to SID [S-1-22-2-2512]
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] printing/printing.c:start_background_queue(1386)
 start_background_queue: Starting background LPQ thread
[2008/01/04 14:52:07, 2] smbd/server.c:open_sockets_smbd(384)
 waiting for a connection

Here is a copy of my smb.conf:

[global]
  workgroup = DOMAIN
  security = user
  passdb backend = ldapsam:ldap://vandread.test.com
  ldap admin dn = cn=Directory Manager
  ldap suffix = dc=test,dc=com
  ldap user suffix = ou=People
  ldap machine suffix = ou=People
  ldap group suffix = ou=Group
  log file = /var/log/samba/%m.log
  log level = 3
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  os level = 33
  domain logons = yes
  domain master = yes
  local master = yes
  preferred master = yes
  wins support = yes
  logon home = \\%L\%u\profiles
  logon path = \\%L\profiles\%u
  logon drive = H:
  template shell = /bin/false
  winbind use default domain = no

  winbind nested groups = no
  enable privileges = yes

#============================ Share Definitions ==============================
[homes]
  comment = Home Directories
  browseable = no
  writable = yes

[netlogon]
  comment = Network Logon Service
  path = /var/lib/samba/netlogon
  admin users = +sysadmin
  guest ok = no
  browseable = no
  writable = no

[profiles]
  path = /var/lib/samba/profiles
  admin users = +sysadmin
  read only = no
  guest ok = no
  create mask =0600
  directory mask = 0700

Any ideas what I am doing wrong?  Thanks

More information about the samba mailing list