Me
2008-Jan-04 20:42 UTC
[Samba] Problems configuring Samba PDC + FDS error "No privileges assigned to SID"
I am having trouble getting samba-3.0.24-11 setup as a PDC with an ldap backend using FDS on a FC6 test box. I have installed the 1.0.4-1 version of the directory server accepting the defaults except for the server name with out any problems. I can query the directory server and it is populated with the proper objects. I am using the instructions in the Howto:Samba documentation on the FDS Wiki site <http://directory.fedoraproject.org/wiki/Howto:Samba>. I am able to perform all of the tasks without any problems until I get to the part of the install that has me run the following command: net groupmap list [2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(3051) ldapsam_setsamgrent: LDAP search failed: No such object [2008/01/04 14:07:31, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(3123) ldapsam_enum_group_mapping: Unable to open passdb I can query the directory successfully with the following output: ldapsearch -b dc=test,dc=com -x 'Domain*' # extended LDIF # # LDAPv3 # base <dc=test,dc=com> with scope subtree # filter: (objectclass=*) # requesting: Domain* # # test.com dn: dc=test,dc=com # Directory Administrators, test.com dn: cn=Directory Administrators, dc=test,dc=com # Groups, test.com dn: ou=Groups, dc=test,dc=com # People, test.com dn: ou=People, dc=test,dc=com # Special Users, test.com dn: ou=Special Users,dc=test,dc=com # Accounting Managers, groups, test.com dn: cn=Accounting Managers,ou=groups,dc=test,dc=com # HR Managers, groups, test.com dn: cn=HR Managers,ou=groups,dc=test,dc=com # QA Managers, groups, test.com dn: cn=QA Managers,ou=groups,dc=test,dc=com # PD Managers, groups, test.com dn: cn=PD Managers,ou=groups,dc=test,dc=com # DOMAIN, test.com dn: sambaDomainName=DOMAIN,dc=test,dc=com # Domain Admins, Groups, test.com dn: cn=Domain Admins,ou=Groups,dc=test,dc=com # Domain Users, Groups, test.com dn: cn=Domain Users,ou=Groups,dc=test,dc=com # Domain Guests, Groups, test.com dn: cn=Domain Guests,ou=Groups,dc=test,dc=com # Domain Computers, Groups, test.com dn: cn=Domain Computers,ou=Groups,dc=test,dc=com # IS, Groups, test.com dn: cn=IS,ou=Groups,dc=test,dc=com # search result search: 2 result: 0 Success # numResponses: 16 # numEntries: 15 If I start samba I get the "No privileges assigned to SID" message" I have attached a copy of the log below: [2008/01/04 14:52:07, 0] smbd/server.c:main(847) smbd version 3.0.24-11.fc6 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713) Processing section "[homes]" [2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713) Processing section "[is]" [2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713) Processing section "[netlogon]" [2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713) Processing section "[profiles]" [2008/01/04 14:52:07, 2] param/loadparm.c:do_section(3713) Processing section "[public]" [2008/01/04 14:52:07, 3] param/loadparm.c:lp_add_ipc(2632) adding IPC service [2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2008/01/04 14:52:07, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/01/04 14:52:07, 2] lib/interface.c:add_interface(81) added interface ip=10.10.1.1 bcast=10.10.255.255 nmask=255.255.0.0 [2008/01/04 14:52:07, 3] smbd/server.c:main(877) loaded services [2008/01/04 14:52:07, 3] smbd/server.c:main(892) Becoming a daemon. [2008/01/04 14:52:07, 2] lib/tallocmsg.c:register_msg_pool_usage(61) Registered MSG_REQ_POOL_USAGE [2008/01/04 14:52:07, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2008/01/04 14:52:07, 2] lib/smbldap_util.c:smbldap_search_domain_info(219) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] [2008/01/04 14:52:07, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2008/01/04 14:52:07, 3] lib/smbldap.c:smbldap_connect_system(992) ldap_connect_system: succesful connection to the LDAP server [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(250) [2008/01/04 14:52:07, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-472181036-45513010-2561742549-501] [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-99] [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2008/01/04 14:52:07, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-2512] [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/01/04 14:52:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/01/04 14:52:07, 3] printing/printing.c:start_background_queue(1386) start_background_queue: Starting background LPQ thread [2008/01/04 14:52:07, 2] smbd/server.c:open_sockets_smbd(384) waiting for a connection Here is a copy of my smb.conf: [global] workgroup = DOMAIN security = user passdb backend = ldapsam:ldap://vandread.test.com ldap admin dn = cn=Directory Manager ldap suffix = dc=test,dc=com ldap user suffix = ou=People ldap machine suffix = ou=People ldap group suffix = ou=Group log file = /var/log/samba/%m.log log level = 3 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 domain logons = yes domain master = yes local master = yes preferred master = yes wins support = yes logon home = \\%L\%u\profiles logon path = \\%L\profiles\%u logon drive = H: template shell = /bin/false winbind use default domain = no winbind nested groups = no enable privileges = yes #============================ Share Definitions =============================[homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = +sysadmin guest ok = no browseable = no writable = no [profiles] path = /var/lib/samba/profiles admin users = +sysadmin read only = no guest ok = no create mask =0600 directory mask = 0700 Any ideas what I am doing wrong? Thanks
Seemingly Similar Threads
- Having problems with Samba and openLDAP Groups
- root is there in tdbsam but it says user name not there while Joining a Win Xp to a domain
- open_sockets_smbd: accept: Protocol error
- Performance problem when copy from samba server to client
- Problem joining NT4 workstation to a Samba PDC
Wisdom of the Ancients
