Matthew Tanksley
2008-Sep-16 23:51 UTC
[Samba] Unable to Create a LocalGroup, NT_STATUS_ACCESS_DENIED
I'm getting following response below to the command 'net sam createlocalgroup demo -d 3': [2008/09/16 16:03:46, 3] param/loadparm.c:lp_load(5065) lp_load: refreshing parameters [2008/09/16 16:03:46, 3] param/loadparm.c:init_globals(1445) Initialising global parameters [2008/09/16 16:03:46, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2008/09/16 16:03:46, 3] param/loadparm.c:do_section(3804) Processing section "[global]" [2008/09/16 16:03:46, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/winbind.conf" [2008/09/16 16:03:46, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf" [2008/09/16 16:03:46, 2] lib/interface.c:add_interface(81) added interface ip=10.1.130.249 bcast=10.1.130.255 nmask=255.255.255.0 [2008/09/16 16:03:46, 3] groupdb/mapping.c:pdb_default_create_alias(464) Could not get a gid out of winbind Creating demo failed with NT_STATUS_ACCESS_DENIED [2008/09/16 16:03:46, 2] utils/net.c:main(1075) return code = -1 I can't seem to find any real solutions to this problem, although I have seen other users with similar posts. Here's the relevant sections from my smb.conf file: [global] server string security = ads workgroup = DOMAIN realm = DOMAIN.COM encrypt passwords = yes os level = 1 local master = no domain master = no preferred master = no dns proxy = no allow trusted domains = no restrict anonymous = 2 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes log level = 3 admin users = root, Administrator socket options = TCP_NODELAY IPTOS_LOWDELAY Here's the relevant stuff from winbind.conf idmap domains = DOMAIN idmap config DOMAIN: default = yes idmap config DOMAIN: backend = rid idmap config DOMAIN: range = 1000-20000 winbind use default domain = yes winbind separator = + winbind enum users = yes winbind enum groups = yes winbind nested groups = yes template shell = /bin/bash template homedir = /home/%U I've also noticed this in my logs whenever smb and winbind are restarted: nmbd[2065]: [2008/09/16 16:30:12, 0] nmbd/nmbd.c:terminate(68) nmbd[2065]: Got SIGTERM: going down... smbd[2384]: [2008/09/16 16:30:12, 0] smbd/server.c:main(986) smbd[2384]: standard input is not a socket, assuming -D option nmbd[2387]: [2008/09/16 16:30:12, 0] nmbd/nmbd.c:main(752) nmbd[2387]: standard input is not a socket, assuming -D option smbd[2385]: [2008/09/16 16:30:12, 0] auth/auth_util.c:create_builtin_administrators(844) smbd[2385]: create_builtin_administrators: Failed to create Administrators smbd[2385]: [2008/09/16 16:30:12, 0] auth/auth_util.c:create_builtin_users(810) smbd[2385]: create_builtin_users: Failed to create Users smbd[2385]: [2008/09/16 16:30:12, 0] auth/auth_util.c:create_builtin_administrators(844) smbd[2385]: create_builtin_administrators: Failed to create Administrators smbd[2385]: [2008/09/16 16:30:12, 0] auth/auth_util.c:create_builtin_users(810) smbd[2385]: create_builtin_users: Failed to create Users winbindd[2410]: [2008/09/16 16:31:23, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2230) winbindd[2410]: initialize_winbindd_cache: clearing cache and re-creating with version number 1 I'm trying to setup nested groups. I would like to have a local group on my Linux box that contains the members of an AD group as some of its members. I am running CentOS 5.2 and have used 3.0.28 that comes with it, and have also tried with 3.0.32 provided by SerNet both have produced the same errors. Any help someone could provide would be much appreciated. M@ ________________________________ Confidentiality Notice: This communication (including any attachments) may contain privileged or confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this communication and/or shred the materials and any attachments and are hereby notified that any disclosure, copying, or distribution of this communication, or the taking of any action based on it, is strictly prohibited.
Maybe Matching Threads
Wisdom of the Ancients
