[Fedora-directory-users] Problems configuring Samba PDC + FDS error "No privileges assigned to SID"

Me gm4rtin at gmail.com
Fri Jan 4 20:37:32 UTC 2008 

I am having trouble getting samba-3.0.24-11 setup as a PDC with an
ldap backend using FDS on a FC6 test box.  I have installed the
1.0.4-1 version of the directory server accepting the defaults except
for the server name with out any problems.  I can query the directory
server and it is populated with the proper objects.  I am using the
instructions in the Howto:Samba documentation on the FDS Wiki site
<http://directory.fedoraproject.org/wiki/Howto:Samba>.  I am able to
perform all of the tasks without any problems until I get to the part
of the install that has me run the following command:

net groupmap list

[2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(3051)
  ldapsam_setsamgrent: LDAP search failed: No such object
[2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(3123)
  ldapsam_enum_group_mapping: Unable to open passdb

I can query the directory successfully with the following output:

ldapsearch -b dc=test,dc=com -x 'Domain*'

# extended LDIF
#
# LDAPv3
# base <dc=test,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: Domain*
#

# test.com
dn: dc=test,dc=com

# Directory Administrators, test.com
dn: cn=Directory Administrators, dc=test,dc=com

# Groups, test.com
dn: ou=Groups, dc=test,dc=com

# People, test.com
dn: ou=People, dc=test,dc=com

# Special Users, test.com
dn: ou=Special Users,dc=test,dc=com

# Accounting Managers, groups, test.com
dn: cn=Accounting Managers,ou=groups,dc=test,dc=com

# HR Managers, groups, test.com
dn: cn=HR Managers,ou=groups,dc=test,dc=com

# QA Managers, groups, test.com
dn: cn=QA Managers,ou=groups,dc=test,dc=com

# PD Managers, groups, test.com
dn: cn=PD Managers,ou=groups,dc=test,dc=com

# DOMAIN, test.com
dn: sambaDomainName=DOMAIN,dc=test,dc=com

# Domain Admins, Groups, test.com
dn: cn=Domain Admins,ou=Groups,dc=test,dc=com

# Domain Users, Groups, test.com
dn: cn=Domain Users,ou=Groups,dc=test,dc=com

# Domain Guests, Groups, test.com
dn: cn=Domain Guests,ou=Groups,dc=test,dc=com

# Domain Computers, Groups, test.com
dn: cn=Domain Computers,ou=Groups,dc=test,dc=com

# IS, Groups, test.com
dn: cn=IS,ou=Groups,dc=test,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 16
# numEntries: 15

If I start samba I get the "No privileges assigned to SID" message"  I
have attached a copy of the log below:

[2008/01/04 14:52:07, 0] smbd/server.c:main(847)
  smbd version 3.0.24-11.fc6 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
  Processing section "[homes]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
  Processing section "[is]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
  Processing section "[netlogon]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
  Processing section "[profiles]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
  Processing section "[public]"
[2008/01/04 14:52:07, 3] param/loadparm.c:lp_add_ipc(2632)
  adding IPC service
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223)
  reload status: ok
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223)
  reload status: ok
[2008/01/04 14:52:07, 2] lib/interface.c:add_interface(81)
  added interface ip=10.10.1.1 bcast=10.10.255.255 nmask=255.255.0.0
[2008/01/04 14:52:07, 3] smbd/server.c:main(877)
  loaded services
[2008/01/04 14:52:07, 3] smbd/server.c:main(892)
  Becoming a daemon.
[2008/01/04 14:52:07, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
  Registered MSG_REQ_POOL_USAGE
[2008/01/04 14:52:07, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2008/01/04 14:52:07, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
  smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
[2008/01/04 14:52:07, 2] lib/smbldap.c:smbldap_open_connection(788)
  smbldap_open_connection: connection opened
[2008/01/04 14:52:07, 3] lib/smbldap.c:smbldap_connect_system(992)
  ldap_connect_system: succesful connection to the LDAP server
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-1-0]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-22-1-0
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-472181036-45513010-2561742549-501]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-2-99]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-2-2512]
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] printing/printing.c:start_background_queue(1386)
  start_background_queue: Starting background LPQ thread
[2008/01/04 14:52:07, 2] smbd/server.c:open_sockets_smbd(384)
  waiting for a connection

Here is a copy of my smb.conf:

[global]
   workgroup = DOMAIN
   security = user
   passdb backend = ldapsam:ldap://vandread.test.com
   ldap admin dn = cn=Directory Manager
   ldap suffix = dc=test,dc=com
   ldap user suffix = ou=People
   ldap machine suffix = ou=People
   ldap group suffix = ou=Group
   log file = /var/log/samba/%m.log
   log level = 3
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   os level = 33
   domain logons = yes
   domain master = yes
   local master = yes
   preferred master = yes
   wins support = yes
   logon home = \\%L\%u\profiles
   logon path = \\%L\profiles\%u
   logon drive = H:
   template shell = /bin/false
   winbind use default domain = no

   winbind nested groups = no
   enable privileges = yes

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   admin users = +sysadmin
   guest ok = no
   browseable = no
   writable = no

[profiles]
   path = /var/lib/samba/profiles
   admin users = +sysadmin
   read only = no
   guest ok = no
   create mask =0600
   directory mask = 0700

Any ideas what I am doing wrong?  Thanks

More information about the Fedora-directory-users mailing list