Jacek Kowalski
2007-Oct-04 06:22 UTC
[Samba] Failed to create Administrators, Failed to create Users
Hi,
Since I install Samba 3.0.23d on my Centos5 with kernel 2.6.18-8.1.10.el5 #1 SMP
I've the following messages in my logfile:
Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0]
auth/auth_util.c:create_builtin_administrators(785)
Oct 3 16:45:22 smbd[6174]: create_builtin_administrators: Failed to create
Administrators
Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0]
auth/auth_util.c:create_builtin_users(751)
Oct 3 16:45:22 smbd[6174]: create_builtin_users: Failed to create Users
Version of krb5 is 1.5-29
This is my smb.conf:
[global]
netbios name = SERVER
workgroup = DOMAIN
realm = DOMAIN.NET
security = ADS
password server = server.domain.net
winbind separator = +
allow trusted domains = No
idmap backend = idmap_rid:INFORNET=1000-65000
idmap uid = 1000-65000
idmap gid = 1000-65000
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
log file = /var/log/samba/%I.log
log level = 3
max log size = 500
smb ports = 139
guest account = guest
encrypt passwords = yes
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 664
directory mask = 0775
[source1]
path = /home/source1
public = yes
valid users = @DOMAIN+group1
read list = @DOMAIN+group1
write list = @DOMAIN+group1
force group = group1
writable = yes
printable = no
browseable = yes
create mask = 0665
force directory mode = 0775
guest ok = yes
Anybody knows how to fix it?
Regards
Jaco
yvan
2007-Oct-05 10:38 UTC
[Samba] Failed to create Administrators, Failed to create Users
Hi, I have the same config as you. And the same problem. I'm trying to fix it since days now, without success. It seems linked to winbind and the IDMAP RID backend. It's working successfully, but I hate those messages in the log files. I have 2 samba servers running the same versions (samba 3.0.24 running on Debian 4.0r1). One samba was installed 2 years ago and it is working, and the 2nd one has been installed this year and I've got these error messages. I have seen differences in the GROUP MAPPING. Have a look at this command : tdbdump /var/lib/samba/group_mapping.tdb and as well : net groupmap list verbose The differences between my 2 servers are linked to group memberships, and now I'm trying to figure out if I can fix things with this command : net groupmap memberships But it seems that the BUILTIN\ groups can't be created on systems running Winbind only (as ROLE_DOMAIN_MEMBER) I'm going back to this ... regards Yvan Broccard Jacek Kowalski a ?crit :> Hi, > > Since I install Samba 3.0.23d on my Centos5 with kernel > 2.6.18-8.1.10.el5 #1 SMP I've the following messages in my logfile: > > Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0] > auth/auth_util.c:create_builtin_administrators(785) Oct 3 16:45:22 > smbd[6174]: create_builtin_administrators: Failed to create > Administrators Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0] > auth/auth_util.c:create_builtin_users(751) Oct 3 16:45:22 > smbd[6174]: create_builtin_users: Failed to create Users > Version of krb5 is 1.5-29 > This is my smb.conf: > > [global] > netbios name = SERVER > workgroup = DOMAIN > realm = DOMAIN.NET > security = ADS > password server = server.domain.net > winbind separator = + > allow trusted domains = No > idmap backend = idmap_rid:INFORNET=1000-65000 > idmap uid = 1000-65000 > idmap gid = 1000-65000 > template shell = /bin/bash > winbind use default domain = Yes > winbind enum users = No > winbind enum groups = No > winbind nested groups = Yes > log file = /var/log/samba/%I.log > log level = 3 > max log size = 500 > smb ports = 139 > guest account = guest > encrypt passwords = yes > username map = /etc/samba/smbusers > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > > [homes] > comment = Home Directories > browseable = no > writable = yes > create mask = 664 > directory mask = 0775 > > [source1] > path = /home/source1 > public = yes > valid users = @DOMAIN+group1 > read list = @DOMAIN+group1 > write list = @DOMAIN+group1 > force group = group1 > writable = yes > printable = no > browseable = yes > create mask = 0665 > force directory mode = 0775 > guest ok = yes > > > Anybody knows how to fix it? > > Regards > Jaco > > >
yvan
2007-Oct-09 11:31 UTC
[Samba] Failed to create Administrators, Failed to create Users
Hey ! I finally managed to get rid of those messages "Failed to create Administrators" and "Failed to create Users" in the logfile. It seems there is a small bug with winbind when it is used with the "idmap backend = rid:DOMAIN=100000-200000". With such a configuration, winbind can't create any BUILTIN group (Administrators, Users, Guests, Operators, ...), even if you try to force it with : net sam createbuiltingroup What I've done is to reset conf.conf to the standard "idmap backend = tdc", restart samba and winbind, issue the command : net sam createbuiltingroup successfully. Then you can see the mappings with "net groupmap list verbose". Last, set winbind back to "idmap backend = rid ..." like it was before. Restart samba and winbind, and pooof ! Error messages are gone !!! It took me a long time to discover that! Regards Yvan Broccard Jacek Kowalski a ?crit :> Hi, > > Since I install Samba 3.0.23d on my Centos5 with kernel > 2.6.18-8.1.10.el5 #1 SMP I've the following messages in my logfile: > > Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0] > auth/auth_util.c:create_builtin_administrators(785) Oct 3 16:45:22 > smbd[6174]: create_builtin_administrators: Failed to create > Administrators Oct 3 16:45:22 smbd[6174]: [2007/10/03 16:45:22, 0] > auth/auth_util.c:create_builtin_users(751) Oct 3 16:45:22 > smbd[6174]: create_builtin_users: Failed to create Users > Version of krb5 is 1.5-29 > This is my smb.conf: > > [global] > netbios name = SERVER > workgroup = DOMAIN > realm = DOMAIN.NET > security = ADS > password server = server.domain.net > winbind separator = + > allow trusted domains = No > idmap backend = idmap_rid:INFORNET=1000-65000 > idmap uid = 1000-65000 > idmap gid = 1000-65000 > template shell = /bin/bash > winbind use default domain = Yes > winbind enum users = No > winbind enum groups = No > winbind nested groups = Yes > log file = /var/log/samba/%I.log > log level = 3 > max log size = 500 > smb ports = 139 > guest account = guest > encrypt passwords = yes > username map = /etc/samba/smbusers > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > > [homes] > comment = Home Directories > browseable = no > writable = yes > create mask = 664 > directory mask = 0775 > > [source1] > path = /home/source1 > public = yes > valid users = @DOMAIN+group1 > read list = @DOMAIN+group1 > write list = @DOMAIN+group1 > force group = group1 > writable = yes > printable = no > browseable = yes > create mask = 0665 > force directory mode = 0775 > guest ok = yes > > > Anybody knows how to fix it? > > Regards > Jaco > > >