samba - Apr 2009 - nss_wins: create_builtin_users: Failed to create Users

Hi All,

I am getting the following error in /var/log/messages
when an XP Pro client enters the network:

nss_wins[8369]: [2009/04/06 15:17:23, 0] 
auth/auth_util.c:create_builtin_users(810)

Apr  6 15:17:23 rn1 nss_wins[8369]:
create_builtin_users: Failed to create Users


I have been told in the past to add "idmap uid" and
"idmap gid" to my smb.conf and I have (no symptom change).

Anyone know how to stop/cure this error message?

Many thanks,
-T

Two file (smb.conf, nsswitch.conf):

~~~~~~~~ testparm -s | more ~~~~~~~~~~~~~~~~
[global]
         workgroup = FOO
         netbios name = SERVER
         server string = Samba Server
         interfaces = eth0, 127.0.0.1
         null passwords = Yes
         passdb backend = tdbsam
         guest account = pcguest
         passwd program = /usr/bin/passwd %u
         passwd chat = *New*UNIX*password* %n\n 
*ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
         username map = /etc/samba/smbusers
         unix password sync = Yes
         syslog = 2
         log file = /var/log/samba/samba-log.%m
         max log size = 50
         name resolve order = host wins
         deadtime = 20160
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         printcap name = /etc/printcap
         add user script = /usr/sbin/useradd -m -G users '%u'
         delete user script = /usr/sbin/userdel -r '%u'
         add group script = /usr/sbin/groupadd '%g'
         delete group script = /usr/sbin/groupdel '%g'
         add user to group script = /usr/sbin/usermod -A '%g'
'%u'
         add machine script = /usr/sbin/useradd -s /bin/false -d 
/var/lib/nobody '%u'
         logon script = scripts\logon.bat
         logon path          logon drive = X:
         domain logons = Yes
         os level = 65
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         lock directory = /var/lock/samba
         idmap uid = 500-700
         idmap gid = 100-300
         comment = Samba (NetBIOS) Server on rn1.FOO.local
         hosts allow = 192.168.255., 127.0.0.
         hosts deny = ALL
         printing = bsd
         print command = lpr -r -P'%p' %s
         lpq command = lpq -P'%p'
         lprm command = lprm -P'%p' %j
         strict locking = No
         volume = CentOS, %v
         wide links = No


~~~~~~~~~~~~~~~~~~/etc/nsswitch.conf~~~~~~~~~~~~~~~~~~~~
passwd:     files winbind
shadow:     files winbind
group:      files winbind
hosts:      files wins dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   nisplus
publickey:  nisplus
automount:  files nisplus
aliases:    files nisplus

MargoAndTodd wrote:
> Hi All,
> 
> I am getting the following error in /var/log/messages
> when an XP Pro client enters the network:
> 
> nss_wins[8369]: [2009/04/06 15:17:23, 0] 
> auth/auth_util.c:create_builtin_users(810)
> 
> Apr  6 15:17:23 rn1 nss_wins[8369]:
> create_builtin_users: Failed to create Users
> 
> 
> I have been told in the past to add "idmap uid" and
> "idmap gid" to my smb.conf and I have (no symptom change).
> 
> Anyone know how to stop/cure this error message?
> 
> Many thanks,
> -T
To answer my own question, I severely misunderstood what
"man smb.conf" was saying about "idmap uid" and
"idmap uid".  I was trying to match them up with
my current user numbers and group numbers.

Placing my idmaps in this range cured the error
message.

         idmap uid = 15000-20000
         idmap gid = 15000-20000

-T

> To answer my own question, I severely misunderstood what
> "man smb.conf" was saying about "idmap uid" and
> "idmap uid". ?I was trying to match them up with
> my current user numbers and group numbers.
>
> Placing my idmaps in this range cured the error
> message.
>
> ? ? ? ?idmap uid = 15000-20000
> ? ? ? ?idmap gid = 15000-20000
>
>
I was going to mention that your ids looked unusually low but I was
too busy at the day job and I hoped someone who understood the full
implications of that would chime in..

John

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd,
> I am getting the following error in /var/log/messages
> when an XP Pro client enters the network:
> 
> nss_wins[8369]: [2009/04/06 15:17:23, 0]
> auth/auth_util.c:create_builtin_users(810)
> 
> Apr  6 15:17:23 rn1 nss_wins[8369]:
> create_builtin_users: Failed to create Users
This is a case of sharing code between things in Samba.
The error messages originates normally from
the user token creation where smbd attempts to create the
BUILTIN\Administrators and BUILTIN\Users groups (only
possible if the system is configured to support "winbind
nested groups").  This is to mimic the adding of Domain
Admins to the local Administrators group that happens
on Windows hosts when they join a domain (or when you
run dcpromo to create a domain controller).

nss_wins does not use tokens (or has no need to I should say)
and so really shouldn't be executing that code.  But because
of the the amount of shared code in Samba, you will see
situations like this form time to time.

Bottom line is that you can ignore the message from nss_wins.
I think you have already discussed supported "winbind nested
groups" using the idmap_uid and idmap_gid options.  So I
won't go into that.

Hope this helps to explain things some.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ2zq+IR7qMdg1EfYRApT+AKCmIIGaoTiLEx/rYuyLRZcxgX+92ACdGoxt
svrJcquOXx1rrz+SUFE2NgA=rXgj
-----END PGP SIGNATURE-----