Problem: samba is not starting

Knowledge Base Community
, , ,
#1

Problem:

samba is not starting
The log.smbd shows:

[2023/10/10 01:03:53.614834, 0, pid=15534] …/…/source3/smbd/server.c:1746(main)
smbd version 4.18.3-Univention started.
Copyright Andrew Tridgell and the Samba Team 1992-2023
[2023/10/10 01:03:54.015835, 0, pid=15534] …/…/source3/auth/auth_util.c:1423(make_new_session_info_guest)
create_local_token failed: LDAP_ENTRY_ALREADY_EXISTS
[2023/10/10 01:03:54.015902, 0, pid=15534] …/…/source3/smbd/server.c:2017(main)
ERROR: failed to setup guest info.
[2023/10/10 07:27:01.333374, 0, pid=93156] …/…/source3/smbd/server.c:1746(main)
smbd version 4.18.3-Univention started.
Copyright Andrew Tridgell and the Samba Team 1992-2023

Investigation:

We have to check the buildin group Guests

dn: CN=Guests,CN=Builtin,DC=schein,DC=de
objectClass: top
objectClass: group
cn: Guests
description: Guests have the same access as members of the Users group by defa
 ult, except for the Guest account which is further restricted
instanceType: 4
whenCreated: 20181221121228.0Z
uSNCreated: 3566
name: Guests
objectGUID: 030a1807-6ac2-474e-8a4b-9310763b8be5
objectSid: S-1-5-32-546
sAMAccountName: Guests
systemFlags: -1946157056
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=schein,DC=de
isCriticalSystemObject: TRUE
groupType: -2147483646
sAMAccountType: 268435456
whenChanged: 20191218125619.0Z
member: CN=Domain Guests,CN=Groups,DC=schein,DC=de 
member: CN=Guest,CN=Users,DC=schein,DC=de 
uSNChanged: 13431
distinguishedName: CN=Guests,CN=Builtin,DC=schein,DC=de

Solution:

The problem are the attributes:

groupType: -2147483646
sAMAccountType: 268435456

The grouptype has to be adjusted, only:

cat grouptypechange.ldif
dn: cn=Guests,cn=Builtin,dc=schein,dc=de
replace: univentionGroupType
univentionGroupType: -2147483643

ldapmodify -D "cn=admin,$(ucr get ldap/base)" -y /etc/ldap.secret -f grouptypechange.ldif

You may get a reject from the connector:

11.10.2023 14:54:05.413 LDAP        (PROCESS): sync AD > UCS: [         group] [    modify] 'cn=guests,cn=builtin,dc=schein,dc=de'
11.10.2023 14:54:05.432 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
11.10.2023 14:54:05.432 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 1483, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 1213, in modify_in_ucs
    res = ucs_object.modify(serverctrls=serverctrls, response=response)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1348, in _modify
    self._ldap_pre_modify()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/groups/group.py", line 491, in _ldap_pre_modify
    self.check_ad_group_type_change()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/groups/group.py", line 862, in check_ad_group_type_change
    raise univention.admin.uexceptions.adGroupTypeChangeLocalToAny
univention.admin.uexceptions.adGroupTypeChangeLocalToAny: The AD group type can not be changed from type local to any other type.

Then you have to adjust it in samba with ldbedit

ldbedit --controls="provision:0" --controls="relax:0" -H /var/lib/samba/private/sam.ldb cn=guests

Change grouptype -2147483646 to -2147483643

2 Likes
#2
Mastodon