Samba service fail to start in Domain Services for Windows server with group named root.

  • 7012404
  • 13-May-2013
  • 29-May-2013

Environment

Novell Open Enterprise Server 11 SP1 (OES11SP1)
Novell Open Enterprise Server 11 (OES11)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSfW

Situation

Samba service in Domain Services for Windows server fails to start when there is a group with name "root".
The following error it seen the /var/log/samba/log.smbd.
[2013/05/10 14:31:07.520688,  0] auth/auth_util.c:850(make_system_session_info_from_pw)
  create_local_token failed: NT_STATUS_NO_SUCH_USER



Resolution

Rename the group name "root".
Also sAMAccountName attribute of this group "root" should be renamed to other than root in iManager.
To change the sAMAccountName of the group "root" use the following steps
1) Select Directory Administration-> Modify Object
2) Select the group "root"
3) Go to General->Other tab and select sAMAccountName and click on Edit button
4) Change the sAMAccountName from root to something else and click on OK button
5) Click on Apply


Cause

Samba service looks for the the SID of the user "root" when it comes up.
But when there is a group with name "root" exists in the eDirectory, the SID of the group root is sent first sometimes.
This will cached in the winbindd cache file.
Because of this the Samba request for getting the SID of the user "root" from winbindd fails and hence the Samba service fails to start.



Additional Information

To get more information on the problem set the debug level to 10 in the /etc/samba/smb.conf in the section " [global]

Ex:  log level = 10
        max log size = 50
        debug timestamp = yes
With debug level 10 the following error is seen in the /var/log/samba/log.smbd
[2013/05/13 10:37:09.409785, 10] passdb/lookup_sid.c:76(lookup_name)
  lookup_name: RDM\root => domain=[RDM], name=[root]
[2013/05/13 10:37:09.409816, 10] passdb/lookup_sid.c:77(lookup_name)
  lookup_name: flags = 0x073
[2013/05/13 10:37:09.410166,  1] auth/token_util.c:581(create_token_from_username)
  root is a Domain Group, not a user
[2013/05/13 10:37:09.410212,  0] auth/auth_util.c:850(make_system_session_info_from_pw)
  create_local_token failed: NT_STATUS_NO_SUCH_USER
[2013/05/13 10:37:09.410584,  1] smbd/server.c:1200(main)
  ERROR: failed to setup system user info: NT_STATUS_NO_SUCH_USER.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.