Bug 6055 - Failed to create BUILTIN\Administrators group!
Failed to create BUILTIN\Administrators group!
Status: NEW
Product: Samba 3.2
Classification: Unclassified
Component: Winbind
3.2.7
Sparc Solaris
: P3 major
: ---
Assigned To: Michael Adam
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-19 07:18 UTC by Alexandr
Modified: 2009-07-09 03:59 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandr 2009-01-19 07:18:23 UTC
Can't use samba 3.2.7 on SPARC Solaris 10



[2009/01/19 15:54:09,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [amiasnikov] -> [amiasnikov] -> [USR\amiasnikov] succeeded
[2009/01/19 15:54:09,  2] auth/token_util.c:create_local_nt_token(387)
  WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind allocate gids?
[2009/01/19 15:54:09,  2] auth/token_util.c:create_local_nt_token(415)
  WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2009/01/19 15:54:09,  0] lib/util.c:smb_panic(1663)
  PANIC (pid 20680): sys_setgroups failed
[2009/01/19 15:54:09,  0] lib/util.c:log_stack_trace(1817)
  unable to produce a stack trace on this platform
[2009/01/19 15:54:09,  0] lib/fault.c:dump_core(201)
  dumping core in /var/log/samba/cores/smbd


Authentication with squid works fine, but file sharing is not working.


Configuration:
security = ads
password server = 10.x.x.x
realm = USR.DOMAIN
workgroup = USR

client use spnego = yes
server string =
os level = 10


domain master = no
preferred master = no
domain logons = no

ntlm auth = no
lanman auth = no
client NTLMv2 auth = yes

wins support = no
wins proxy = no

winbind enum groups = yes
winbind enum users = yes
winbind cache time = 3600
winbind use default domain = Yes
winbind nested groups = yes

allow trusted domains =  yes
#idmap uid = 2000-100000000
#idmap gid = 2000-100000000

idmap backend      = rid
idmap base_rid     = 1000
idmap range        = 2000-100000000



#idmap backend = rid:"USR=2000-100000000"
nt acl support = yes

========
This configuration works fine with samba 3.0.28a on my system.
Comment 1 Alexandr 2009-07-09 03:59:20 UTC
Set maximum groups to 32

By default the Solaris kernel only allows a user to be a member of 32 groups. If you do not set this the default maximum will be 16 and if a user is over this amount he or she will be denied access to all share points. Unfortunately nesting groups does not cut down on this number since the system will still see the user as a member of each nested group. CAUTION - This will create NFS server incompatibilities.

Edit /etc/system and make sure there are no spaces after the = sign and everything is spelled correctly.

set ngroups_max=32

Note -If you make a mistake and your system fails to boot just boot interactively and point to /dev/null when it asks for the location of your /etc/system file.