[Samba] Builtin group mapping problem with latest from git

Ian Puleston ipuleston at SonicWALL.com
Fri Nov 20 12:47:45 MST 2009


I'm trying to run the latest samba from git for the first time in order
to finalize a patch to submit for a bug that I've been working on. I'm
running Fedora 11 and everything is tested and working on that with
samba 3.4.2. I got the latest version from git (3.6.0) ran configure and
make OK, and installed it. The built smbd and winbindd run fine, but
trying to access the machine from a Windows domain PC logged in as the
domain administrator fails with a logon failure, and this logged:

check_ntlm_password:  Checking password for unmapped user
[SD80]\[Administrator]@[IANSERVER] with the new password interface
check_ntlm_password:  mapped user is: [SD80]\[Administrator]@[IANSERVER]
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX)

My group mappings, as reported when running samba 3.4.2 are:

# net groupmap list
Administrators (S-1-5-32-544) -> BUILTIN+administrators
Users (S-1-5-32-545) -> BUILTIN+users
# net groupmap listmem S-1-5-32-545

But when the new winbindd is running those are reported as:

# net groupmap list
Administrators (S-1-5-32-544) -> 616
Users (S-1-5-32-545) -> 605

So I tried to re-create the mappings with the new version from git
installed, but it would not accept "BUILTIN+administrators" as a group:

# net sam list builtin
# net groupmap add ntgroup=Administrators sid=S-1-5-32-544
Can't lookup UNIX group BUILTIN+administrators

Adding in "type=builtin" did not help.

Is this something that has changed, or is something broken here?


More information about the samba mailing list