[Fedora-directory-users] Problems configuring Samba PDC + FDS error "No privileges assigned to SID"
Me
gm4rtin at gmail.com
Fri Jan 4 20:37:32 UTC 2008
I am having trouble getting samba-3.0.24-11 setup as a PDC with an
ldap backend using FDS on a FC6 test box. I have installed the
1.0.4-1 version of the directory server accepting the defaults except
for the server name with out any problems. I can query the directory
server and it is populated with the proper objects. I am using the
instructions in the Howto:Samba documentation on the FDS Wiki site
<http://directory.fedoraproject.org/wiki/Howto:Samba>. I am able to
perform all of the tasks without any problems until I get to the part
of the install that has me run the following command:
net groupmap list
[2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(3051)
ldapsam_setsamgrent: LDAP search failed: No such object
[2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(3123)
ldapsam_enum_group_mapping: Unable to open passdb
I can query the directory successfully with the following output:
ldapsearch -b dc=test,dc=com -x 'Domain*'
# extended LDIF
#
# LDAPv3
# base <dc=test,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: Domain*
#
# test.com
dn: dc=test,dc=com
# Directory Administrators, test.com
dn: cn=Directory Administrators, dc=test,dc=com
# Groups, test.com
dn: ou=Groups, dc=test,dc=com
# People, test.com
dn: ou=People, dc=test,dc=com
# Special Users, test.com
dn: ou=Special Users,dc=test,dc=com
# Accounting Managers, groups, test.com
dn: cn=Accounting Managers,ou=groups,dc=test,dc=com
# HR Managers, groups, test.com
dn: cn=HR Managers,ou=groups,dc=test,dc=com
# QA Managers, groups, test.com
dn: cn=QA Managers,ou=groups,dc=test,dc=com
# PD Managers, groups, test.com
dn: cn=PD Managers,ou=groups,dc=test,dc=com
# DOMAIN, test.com
dn: sambaDomainName=DOMAIN,dc=test,dc=com
# Domain Admins, Groups, test.com
dn: cn=Domain Admins,ou=Groups,dc=test,dc=com
# Domain Users, Groups, test.com
dn: cn=Domain Users,ou=Groups,dc=test,dc=com
# Domain Guests, Groups, test.com
dn: cn=Domain Guests,ou=Groups,dc=test,dc=com
# Domain Computers, Groups, test.com
dn: cn=Domain Computers,ou=Groups,dc=test,dc=com
# IS, Groups, test.com
dn: cn=IS,ou=Groups,dc=test,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 16
# numEntries: 15
If I start samba I get the "No privileges assigned to SID" message" I
have attached a copy of the log below:
[2008/01/04 14:52:07, 0] smbd/server.c:main(847)
smbd version 3.0.24-11.fc6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
Processing section "[homes]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
Processing section "[is]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
Processing section "[netlogon]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
Processing section "[profiles]"
[2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713)
Processing section "[public]"
[2008/01/04 14:52:07, 3] param/loadparm.c:lp_add_ipc(2632)
adding IPC service
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117)
reloading printcap cache
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223)
reload status: ok
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117)
reloading printcap cache
[2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223)
reload status: ok
[2008/01/04 14:52:07, 2] lib/interface.c:add_interface(81)
added interface ip=10.10.1.1 bcast=10.10.255.255 nmask=255.255.0.0
[2008/01/04 14:52:07, 3] smbd/server.c:main(877)
loaded services
[2008/01/04 14:52:07, 3] smbd/server.c:main(892)
Becoming a daemon.
[2008/01/04 14:52:07, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
Registered MSG_REQ_POOL_USAGE
[2008/01/04 14:52:07, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2008/01/04 14:52:07, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
[2008/01/04 14:52:07, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2008/01/04 14:52:07, 3] lib/smbldap.c:smbldap_connect_system(992)
ldap_connect_system: succesful connection to the LDAP server
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-1-0]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250)
[2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-472181036-45513010-2561742549-501]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-99]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-2512]
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/04 14:52:07, 3] printing/printing.c:start_background_queue(1386)
start_background_queue: Starting background LPQ thread
[2008/01/04 14:52:07, 2] smbd/server.c:open_sockets_smbd(384)
waiting for a connection
Here is a copy of my smb.conf:
[global]
workgroup = DOMAIN
security = user
passdb backend = ldapsam:ldap://vandread.test.com
ldap admin dn = cn=Directory Manager
ldap suffix = dc=test,dc=com
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap group suffix = ou=Group
log file = /var/log/samba/%m.log
log level = 3
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 33
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins support = yes
logon home = \\%L\%u\profiles
logon path = \\%L\profiles\%u
logon drive = H:
template shell = /bin/false
winbind use default domain = no
winbind nested groups = no
enable privileges = yes
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = +sysadmin
guest ok = no
browseable = no
writable = no
[profiles]
path = /var/lib/samba/profiles
admin users = +sysadmin
read only = no
guest ok = no
create mask =0600
directory mask = 0700
Any ideas what I am doing wrong? Thanks
More information about the Fedora-directory-users
mailing list