Created attachment 14873 [details] patch for v4-9 This was observed when users upgraded from Samba 4.7 to 4.9. LDAP bind account lacks write privileges, and an alias for S-1-5-32-546 does not exist. Since the account cannot be created, samba fails to start. [2019/02/25 12:25:47.767435, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<redacted>))] [2019/02/25 12:25:47.817732, 3] ../source3/lib/smbldap.c:632(smbldap_start_tls) StartTLS issued: using a TLS connection [2019/02/25 12:25:47.817788, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/25 12:25:47.827892, 3] ../source3/lib/smbldap.c:1069(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2019/02/25 12:25:47.979475, 3] ../source3/lib/util_procid.c:54(pid_to_procid) pid_to_procid: messaging_dgm_get_unique failed: No such file or directory [2019/02/25 12:25:47.982172, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<redacted>))] [2019/02/25 12:25:47.990562, 3] ../source3/lib/smbldap.c:632(smbldap_start_tls) StartTLS issued: using a TLS connection [2019/02/25 12:25:47.990626, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/25 12:25:47.996891, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<redacted>))] [2019/02/25 12:25:48.005126, 3] ../source3/lib/smbldap.c:632(smbldap_start_tls) StartTLS issued: using a TLS connection [2019/02/25 12:25:48.005218, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/25 12:25:48.005653, 3] ../source3/lib/smbldap.c:1069(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2019/02/25 12:25:48.021043, 3] ../source3/lib/smbldap.c:1069(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2019/02/25 12:25:48.036973, 3] ../source3/lib/smbldap.c:632(smbldap_start_tls) StartTLS issued: using a TLS connection [2019/02/25 12:25:48.037043, 2] ../source3/lib/smbldap.c:847(smbldap_open_connection) smbldap_open_connection: connection opened [2019/02/25 12:25:48.051993, 3] ../source3/lib/smbldap.c:1069(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2019/02/25 12:25:48.052787, 2] ../source3/passdb/pdb_ldap.c:2386(init_group_from_ldap) init_group_from_ldap: Entry found for group: 90000005 [2019/02/25 12:25:48.053792, 2] ../source3/passdb/pdb_ldap.c:2386(init_group_from_ldap) init_group_from_ldap: Entry found for group: 90000006 [2019/02/25 12:25:48.107401, 3] ../source3/passdb/pdb_ldap.c:5210(ldapsam_gid_to_sid) ERROR: Got 0 entries for gid 90000016, expected one [2019/02/25 12:25:48.108434, 0] ../source3/groupdb/mapping.c:863(pdb_create_builtin_alias) pdb_create_builtin_alias: Could not add group mapping entry for alias 546 (NT_STATUS_ACCESS_DENIED) [2019/02/25 12:25:48.108496, 2] ../source3/auth/token_util.c:774(finalize_local_nt_token) Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind allocate gids? [2019/02/25 12:25:48.108529, 3] ../source3/auth/token_util.c:412(create_local_nt_token_from_info3) Failed to finalize nt token [2019/02/25 12:25:48.108557, 0] ../source3/auth/auth_util.c:1382(make_new_session_info_guest) create_local_token failed: NT_STATUS_ACCESS_DENIED [2019/02/25 12:25:48.108590, 0] ../source3/smbd/server.c:2000(main) ERROR: failed to setup guest info. I believe behavior change was introduced here: https://github.com/samba-team/samba/commit/0b261dc4e3f2d04131e1ff76a017aaee6e38e7b1 Minimal patch to fix behavior in my test environment is attached.
Hai, yes, this looks like an older bug. but we need some extra info first, like: Did you upgrade to 4.8 before you upgraded to 4.9? - OS ? - Old samba version = 4.7.? - New Samba Version = 4.9.4 OS packages of samba or from sources compiled? And last, can you show the smb.conf. You can anonimize where needed.