Bug 6055 - Failed to create BUILTIN\Administrators group!
Summary: Failed to create BUILTIN\Administrators group!
Status: RESOLVED DUPLICATE of bug 5982
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.7
Hardware: Sparc Solaris
: P3 major
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-19 07:18 UTC by Alexandr
Modified: 2018-03-27 23:06 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandr 2009-01-19 07:18:23 UTC 
Can't use samba 3.2.7 on SPARC Solaris 10



[2009/01/19 15:54:09,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [amiasnikov] -> [amiasnikov] -> [USR\amiasnikov] succeeded
[2009/01/19 15:54:09,  2] auth/token_util.c:create_local_nt_token(387)
  WARNING: Failed to create BUILTIN\Administrators group!  Can Winbind allocate gids?
[2009/01/19 15:54:09,  2] auth/token_util.c:create_local_nt_token(415)
  WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2009/01/19 15:54:09,  0] lib/util.c:smb_panic(1663)
  PANIC (pid 20680): sys_setgroups failed
[2009/01/19 15:54:09,  0] lib/util.c:log_stack_trace(1817)
  unable to produce a stack trace on this platform
[2009/01/19 15:54:09,  0] lib/fault.c:dump_core(201)
  dumping core in /var/log/samba/cores/smbd


Authentication with squid works fine, but file sharing is not working.


Configuration:
security = ads
password server = 10.x.x.x
realm = USR.DOMAIN
workgroup = USR

client use spnego = yes
server string =
os level = 10


domain master = no
preferred master = no
domain logons = no

ntlm auth = no
lanman auth = no
client NTLMv2 auth = yes

wins support = no
wins proxy = no

winbind enum groups = yes
winbind enum users = yes
winbind cache time = 3600
winbind use default domain = Yes
winbind nested groups = yes

allow trusted domains =  yes
#idmap uid = 2000-100000000
#idmap gid = 2000-100000000

idmap backend      = rid
idmap base_rid     = 1000
idmap range        = 2000-100000000



#idmap backend = rid:"USR=2000-100000000"
nt acl support = yes

========
This configuration works fine with samba 3.0.28a on my system.
Comment 1 Alexandr 2009-07-09 03:59:20 UTC 
Set maximum groups to 32

By default the Solaris kernel only allows a user to be a member of 32 groups. If you do not set this the default maximum will be 16 and if a user is over this amount he or she will be denied access to all share points. Unfortunately nesting groups does not cut down on this number since the system will still see the user as a member of each nested group. CAUTION - This will create NFS server incompatibilities.

Edit /etc/system and make sure there are no spaces after the = sign and everything is spelled correctly.

set ngroups_max=32

Note -If you make a mistake and your system fails to boot just boot interactively and point to /dev/null when it asks for the location of your /etc/system file.
Comment 2 Björn Jacke 2018-03-27 23:06:48 UTC 

*** This bug has been marked as a duplicate of bug 5982 ***