[Samba] login fails if smbusers is used to map domain admin to root.
Marc-andré Labonté
marc-andre.labonte at mail.mcgill.ca
Wed Jul 9 17:02:07 GMT 2008
Hi,
i am trying to map the domain administrator to root using the
smbusers file in order to be able to set file permissions from windows.
Unfortunately, while the map itself seem to succeed, the logins fails.
If i remove the relevant line in smbusers, login succeed but i lack
superuser privileges.
Here is log.smbd while trying to map administrator to root
[2008/07/09 12:50:42, 4] smbd/map_username.c:map_username(145)
Scanning username map /usr/local/samba/etc/smbusers
[2008/07/09 12:50:42, 3] smbd/map_username.c:map_username(189)
Mapped user DOMAIN\administrator to root
[2008/07/09 12:50:42, 4] lib/substitute.c:automount_server(500)
Home server: thumper
[2008/07/09 12:50:42, 4] lib/substitute.c:automount_server(500)
Home server: thumper
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/07/09 12:50:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/07/09 12:50:42, 1] auth/auth_util.c:create_token_from_username(922)
sid_to_gid(S-1-22-513) failed
[2008/07/09 12:50:42, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/sesssetup.c(550) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/07/09 12:50:42, 3] smbd/process.c:smbd_process(2027)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
Here is my smbusers file:
root = DOMAIN\administrator
And my smb.conf file:
workgroup = DOMAIN
netbios name = thumper
use kerberos keytab = yes
security = ads
encrypt passwords = yes
realm = DOMAIN
username map = /usr/local/samba/etc/smbusers
allow trusted domains = no
idmap backend = rid:DOMAIN=50000-100000000
idmap uid = 50000-100000000
idmap gid = 50000-100000000
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
What worries me is the following line in log.smbd
sid_to_gid(S-1-22-513) failed
I think this is why login is failing but i have no clue where sid
S-1-22-513 is coming from
regards
Marc-andré
More information about the samba
mailing list