When I try to add root to a group using usrmgr i get this: #0 0x00007fb7a12ecf15 in waitpid () from /lib/libc.so.6 #1 0x00007fb7a1285461 in ?? () from /lib/libc.so.6 #2 0x00007fb7a2e3b225 in smb_panic (why=0x7fb7a31a9291 "internal error") at lib/util.c:1669 #3 0x00007fb7a2e1df91 in fault_report (sig=11) at lib/fault.c:46 #4 0x00007fb7a2e1dfa4 in sig_fault (sig=11) at lib/fault.c:69 #5 <signal handler called> #6 0x00007fb7a2e3305d in sid_compare (sid1=0x7fffab29f840, sid2=0x7fb7a3dde01c) at lib/util_sid.c:460 #7 0x00007fb7a2e331ae in sid_equal (sid1=0x7fffab29f840, sid2=0x7fb7a3dde01c) at lib/util_sid.c:494 #8 0x00007fb7a2dcb88e in pdb_user_in_group (mem_ctx=0x7fb7a3d33c40, account=0x7fb7a3db34e0, group_sid=0x7fffab29f840) at passdb/pdb_interface.c:757 #9 0x00007fb7a2dcbab3 in pdb_default_add_groupmem (methods=0x7fb7a3d7b010, mem_ctx=0x7fb7a3d33c40, group_rid=1015, member_rid=500) at passdb/pdb_interface.c:801 #10 0x00007fb7a2dcbb62 in pdb_add_groupmem (mem_ctx=0x7fb7a3d33c40, group_rid=1015, member_rid=500) at passdb/pdb_interface.c:823 #11 0x00007fb7a2d788a2 in _samr_AddGroupMember (p=0x7fb7a3db07c0, r=0x7fb7a3d92ed0) at rpc_server/srv_samr_nt.c:4734 #12 0x00007fb7a2d81fe9 in api_samr_AddGroupMember (p=0x7fb7a3db07c0) at librpc/gen_ndr/srv_samr.c:1832 #13 0x00007fb7a2d976ed in api_rpcTNP (p=0x7fb7a3db07c0, rpc_name=0x7fb7a3db07da "samr", api_rpc_cmds=0x7fb7a34bd020, n_cmds=68) at rpc_server/srv_pipe.c:2325 #14 0x00007fb7a2d97126 in api_pipe_request (p=0x7fb7a3db07c0) at rpc_server/srv_pipe.c:2270 #15 0x00007fb7a2d8bc7f in process_request_pdu (p=0x7fb7a3db07c0, rpc_in_p=0x7fffab29ff70) at rpc_server/srv_pipe_hnd.c:655 #16 0x00007fb7a2d8bf78 in process_complete_pdu (p=0x7fb7a3db07c0) at rpc_server/srv_pipe_hnd.c:713 #17 0x00007fb7a2d8cafa in process_incoming_data (p=0x7fb7a3db07c0, data=0x7fb7a3db6050 "\034", n=36) at rpc_server/srv_pipe_hnd.c:911 #18 0x00007fb7a2d8cea2 in write_to_internal_pipe (np_conn=0x7fb7a3db07c0, data=0x7fb7a3db6050 "\034", n=52) at rpc_server/srv_pipe_hnd.c:951 #19 0x00007fb7a2d8cdb3 in write_to_pipe (p=0x7fb7a3d76b80, data=0x7fb7a3db6040 "\005", n=52) at rpc_server/srv_pipe_hnd.c:934 #20 0x00007fb7a2b8d125 in api_fd_reply (conn=0x7fb7a3dab600, vuid=100, req=0x7fb7a3d92df0, setup=0x7fb7a3d64f60, data=0x7fb7a3db6040 "\005", params=0x0, suwcnt=2, tdscnt=52, tpscnt=0, mdrcnt=1024, mprcnt=0) at smbd/ipc.c:355 #21 0x00007fb7a2b8d47e in named_pipe (conn=0x7fb7a3dab600, vuid=100, req=0x7fb7a3d92df0, name=0x7fb7a3daaa46 "", setup=0x7fb7a3d64f60, data=0x7fb7a3db6040 "\005", params=0x0, suwcnt=2, tdscnt=52, tpscnt=0, msrcnt=0, mdrcnt=1024, mprcnt=0) at smbd/ipc.c:413 #22 0x00007fb7a2b8d89c in handle_trans (conn=0x7fb7a3dab600, req=0x7fb7a3d92df0, state=0x7fb7a3dafda0) at smbd/ipc.c:470 #23 0x00007fb7a2b8e7f5 in reply_trans (req=0x7fb7a3d92df0) at smbd/ipc.c:661 #24 0x00007fb7a2c1bb05 in switch_message (type=37 '%', req=0x7fb7a3d92df0, size=140) at smbd/process.c:1463 #25 0x00007fb7a2c1bbb1 in construct_reply (inbuf=0x7fb7a3d92d10 "", size=140, unread_bytes=0, encrypted=false) at smbd/process.c:1486 #26 0x00007fb7a2c1bff2 in process_smb (inbuf=0x7fb7a3d92d10 "", nread=140, unread_bytes=0, encrypted=false) at smbd/process.c:1562 #27 0x00007fb7a2c1d239 in smbd_process () at smbd/process.c:2054 #28 0x00007fb7a313a331 in main (argc=1, argv=0x7fffab2a0a08) at smbd/server.c:1450 Samba 3.2.6, openldap/smbk5pwd backend. Ubuntu x86_64 Root LDAP entry is like this: dn: uid=root,ou=user,dc=cs,dc=dit,dc=ie cn: root sn: root objectClass: top,person,organizationalPerson,inetOrgPerson,sambaSamAccount,posixAccount,shadowAccount gidNumber: 0 uid: root uidNumber: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomeDrive: U: sambaPrimaryGroupSID: S-1-5-21-2153973629-1361248746-2707496592-512 sambaAcctFlags: [U ] sambaSID: S-1-5-21-2153973629-1361248746-2707496592-500 loginShell: /bin/false gecos: Netbios Domain Administrator shadowLastChange: 14207 shadowMax: 60000 sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 sambaHomePath: \\pdc-test\root displayName: Domain Administrator sambaPasswordHistory:<snip> userPassword: {K5KEY} sambaPwdLastSet: 1228959375 sambaLMPassword: <snip> sambaNTPassword: <snip> homeDirectory: /root smb.conf [global] workgroup = CS-TEST netbios name = PDC-TEST security = user enable privileges = yes server string = Samba Server %v encrypt passwords = Yes ldap passwd sync = yes log level = 2 syslog = 0 log file = /var/log/samba/log time server = Yes mangling method = hash2 logon script = logon.bat logon drive = U: domain logons = Yes domain master = Yes preferred master = Yes wins support = yes name resolve order = wins lmhosts hosts bcast passdb backend = ldapsam:ldapi:// ldap admin dn = <snip> ldap suffix = dc=cs,dc=dit,dc=ie ldap group suffix = ou=group ldap user suffix = ou=user ldap machine suffix = ou=machine add user script = /opt/cs/smbldap-tools/bin/smbldap-useradd -m "%u" delete user script = /opt/cs/smbldap-tools/bin/smbldap-userdel -r "%u" add machine script = /opt/cs/smbldap-tools/bin/smbldap-useradd -t2 -w "%u" add group script = /opt/cs/smbldap-tools/bin/smbldap-groupadd -p "%g" delete group script = /opt/cs/smbldap-tools/bin/smbldap-groupdel "%g" add user to group script = /opt/cs/smbldap-tools/bin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/cs/smbldap-tools/bin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/cs/smbldap-tools/bin/smbldap-usermod -g '%g' '%u' load printers = no panic action = "/bin/sleep 90000" create mask = 0640 directory mask = 0750 nt acl support = yes printing = none ldapsam:trusted = yes logon path = username map = /opt/samba/lib/smbusers guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
Update, this only happens with ldapsam:trusted = yes Its fine with ldapsam:trusted = no
happens in 3.2.5 also
Ok, the bug doesnt happen when root Gid is set correctly to 512/513. Samba should handle this more gracefully if the gid doesnt exist in ldap when ldapsam:trusted = yes
(In reply to David Markey from comment #3) closing this old bug, this was a configuration issue and this kind of setups should all have been moved to AD DC setups these days.