Environment
Novell Open Enterprise Server 11 SP1 (OES11SP1)
Novell Open Enterprise Server 11 (OES11)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Novell Open Enterprise Server 11 (OES11)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSfW
Situation
Samba service in Domain Services for Windows server fails to start when there is a group with name "root".
The following error it seen the /var/log/samba/log.smbd.
[2013/05/10 14:31:07.520688, 0] auth/auth_util.c:850(make_system_session_info_from_pw)
create_local_token failed: NT_STATUS_NO_SUCH_USER
The following error it seen the /var/log/samba/log.smbd.
[2013/05/10 14:31:07.520688, 0] auth/auth_util.c:850(make_system_session_info_from_pw)
create_local_token failed: NT_STATUS_NO_SUCH_USER
Resolution
Rename the group name "root".
Also sAMAccountName attribute of this group "root" should be renamed to other than root in iManager.
To change the sAMAccountName of the group "root" use the following steps
1) Select Directory Administration-> Modify Object
2) Select the group "root"
3) Go to General->Other tab and select sAMAccountName and click on Edit button
4) Change the sAMAccountName from root to something else and click on OK button
5) Click on Apply
Also sAMAccountName attribute of this group "root" should be renamed to other than root in iManager.
To change the sAMAccountName of the group "root" use the following steps
1) Select Directory Administration-> Modify Object
2) Select the group "root"
3) Go to General->Other tab and select sAMAccountName and click on Edit button
4) Change the sAMAccountName from root to something else and click on OK button
5) Click on Apply
Cause
Samba service looks for the the SID of the user "root" when it comes up.
But when there is a group with name "root" exists in the eDirectory, the SID of the group root is sent first sometimes.
This will cached in the winbindd cache file.
Because of this the Samba request for getting the SID of the user "root" from winbindd fails and hence the Samba service fails to start.
But when there is a group with name "root" exists in the eDirectory, the SID of the group root is sent first sometimes.
This will cached in the winbindd cache file.
Because of this the Samba request for getting the SID of the user "root" from winbindd fails and hence the Samba service fails to start.
Additional Information
To get more information on the problem set the debug level to 10 in the /etc/samba/smb.conf in the section " [global]
Ex: log level = 10
max log size = 50
debug timestamp = yes
With debug level 10 the following error is seen in the /var/log/samba/log.smbd
[2013/05/13 10:37:09.409785, 10] passdb/lookup_sid.c:76(lookup_name)
lookup_name: RDM\root => domain=[RDM], name=[root]
[2013/05/13 10:37:09.409816, 10] passdb/lookup_sid.c:77(lookup_name)
lookup_name: flags = 0x073
[2013/05/13 10:37:09.410166, 1] auth/token_util.c:581(create_token_from_username)
root is a Domain Group, not a user
[2013/05/13 10:37:09.410212, 0] auth/auth_util.c:850(make_system_session_info_from_pw)
create_local_token failed: NT_STATUS_NO_SUCH_USER
[2013/05/13 10:37:09.410584, 1] smbd/server.c:1200(main)
ERROR: failed to setup system user info: NT_STATUS_NO_SUCH_USER.
Ex: log level = 10
max log size = 50
debug timestamp = yes
With debug level 10 the following error is seen in the /var/log/samba/log.smbd
[2013/05/13 10:37:09.409785, 10] passdb/lookup_sid.c:76(lookup_name)
lookup_name: RDM\root => domain=[RDM], name=[root]
[2013/05/13 10:37:09.409816, 10] passdb/lookup_sid.c:77(lookup_name)
lookup_name: flags = 0x073
[2013/05/13 10:37:09.410166, 1] auth/token_util.c:581(create_token_from_username)
root is a Domain Group, not a user
[2013/05/13 10:37:09.410212, 0] auth/auth_util.c:850(make_system_session_info_from_pw)
create_local_token failed: NT_STATUS_NO_SUCH_USER
[2013/05/13 10:37:09.410584, 1] smbd/server.c:1200(main)
ERROR: failed to setup system user info: NT_STATUS_NO_SUCH_USER.