Eric Evans
2007-Aug-27 19:41 UTC
[Samba] Lots of "Failed to create" error messages after upgrading to 2.0.25c
Hello, I recently upgraded from Samba 3.0.22 to 3.0.25c on Solaris, and after doing so I noticed a sudden proliferation of new error messages in the Samba log, such as: [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/08/27 15:36:03, 2] auth/auth_util.c:create_local_nt_token(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2007/08/27 15:36:03, 2] auth/auth_util.c:create_local_nt_token(941) create_local_nt_token: Failed to create BUILTIN\Users group! [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/08/27 15:36:03, 2] auth/auth_util.c:create_local_nt_token(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users Can anyone tell me what is going on here, and how it can be fixed? Thanks a lot, EJ
Gerald (Jerry) Carter
2007-Aug-27 22:30 UTC
[Samba] Lots of "Failed to create" error messages after upgrading to 2.0.25c
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Evans wrote:> Hello, > > I recently upgraded from Samba 3.0.22 to 3.0.25c on Solaris, and after doing > so I noticed a sudden proliferation of new error messages in the Samba log, > such as: > > [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old resources. > [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators...> Can anyone tell me what is going on here, and how it can be fixed?What log level are you using? These should happen around level 2 IIRC. The first one is just for information and the second is normal if you are not running winbindd. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG01BIIR7qMdg1EfYRAkjnAKDoRXKnDWt03k/ry9FpFsOnkRgI4QCg5Vba 8FhbvH25o+qQyB5w/K3s04Y=sPa+ -----END PGP SIGNATURE-----
Gerald (Jerry) Carter
2007-Aug-28 14:18 UTC
[Samba] Lots of "Failed to create" error messages after upgrading to 2.0.25c
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Evans wrote:> Hello Jerry et al, > > So why is the idmap configuration option needed in our configuration? > It was not needed in 3.0.22, so why does it suddenly become > necessary in 3.0.25c?Simply put, the default value for 'winbind nested groups' change in 3.0.23. Therefore, in order to support the NT4 local group model in winbindd, you have to have an idmap backend. Just like a Windows client add 'Domain Admins' to the local Administrators group, smbd attempts to do the same. You still get a local Administrators group without winbindd's nested groups. You just cannot manipulate the membership. Running a production server at level 2 is a little odd IMO. Generally log level = 1 is considered best practice. If you want level 2 (and run winbindd without an idmap backend), then you will have to live with the messages for now. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG1C6FIR7qMdg1EfYRAi7YAKCxLTvsb26j7aX7iZ0DqINkp4v3OQCfV1Vr 75NQ9fXSWVutoM2/MIT7pLw=uo57 -----END PGP SIGNATURE-----
Gerald (Jerry) Carter
2007-Aug-28 15:16 UTC
[Samba] Lots of "Failed to create" error messages after upgrading to 2.0.25c
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Evans wrote:> What I find to be problematic about this is that all of > the Samba documentation on idmap backend that I have been > able to find discusses the idmap backend option within the > context of a system using LDAP.That's hard to believe considering teh default is to use a local tdb.> We are not using LDAP. So I haven't been able to figure > out what would be an appropriate setting for the idmap backend > option in our case. We have a very simple setup with our > Samba server operating as a PDC to authenticate domain > logins, just a single server, a single domain, not > using LDAP, not using AD. Can anyone recommend what > would be an appropriate idmap backend setting to use > for such a system?In your case, unless you need support for ntlm_auth or pam_winbind.so, don't run winbindd in this case. You'll loose nested group support but it appears you don't really care about that. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG1Dw7IR7qMdg1EfYRAuCRAJ4+aj+MkLfwZFZsMh+uAJi5jklWwQCfazTl q+1NLMwwdPVuEaKeJcxH++8=OPYI -----END PGP SIGNATURE-----