# (Solved) noob Samba won't start

## dudestir

I've been tring for the past week to get Samba and LDAP to work together as a PDC and allow some XP boxes to get in.

I've read and followed the how-to's (emerged and unmergred more then a few times)

My LDAP accounts all seem to work when I do the ssh test into them.

Changing the domain in XP fails with the "network path not found error" even after all the registry tweaks.  While tring to work through this issue I  discoved that smbd is not starting correctly.  

```
thebird # tail /var/log/samba/log.smbd

[2006/08/24 20:28:01, 3] smbd/uid.c:push_conn_ctx(345)

  push_conn_ctx(0) : conn_ctx_stack_ndx = 0

[2006/08/24 20:28:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2006/08/24 20:28:01, 3] smbd/sec_ctx.c:pop_sec_ctx(339)

  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0

[2006/08/24 20:28:01, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979)

  fetch sid from gid cache 65534 -> S-1-22-2-65534

[2006/08/24 20:28:01, 0] smbd/server.c:main(960)

  ERROR: failed to setup guest info.

```

I'm thinking that the failed to setup guest info needs to be the first thing fixed.  I thought I had disabled guest accounts in my smb.conf so don't understand why it fails.

I have samba-3.0.23a installed.  Here is my smb.conf.  I have networked printers so I commented out all the printer calls.

```

#======================= Global Settings =====================================

[global]

# 1. Server Naming Options:

   workgroup = CRAWFORD_HOUSE

   netbios name = TheBird

   server string = LDAP PDC on Samba Server %v

# 2. Printing Options:

;   printcap name = cups

;   load printers = yes

;   printing = cups

;   printer admin = @adm

;   printer admin = @"Domain Admins"

# 3. Logging Options:

   time server = yes

   log file = /var/log/samba/log.%m

   max log size = 50

   log level = 3

# 4. Security and Domain Membership Options:

   hosts allow = 192.168.1. 192.168.6. 127.0.0.1

;  guest account = smbguest

;  map to guest = bad user

   security = user

;  password level = 8

;  username level = 8

  encrypt passwords = yes

;  unix password sync = Yes

  pam password change = yes

;  username map = /etc/samba/smbusers

# 5. Browser Control and Networking Options:

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   interfaces = lo eth0

   bind interfaces only = yes

;  interfaces = 192.168.12.2/24 192.168.13.2/24

   local master = yes

   os level = 65

   domain master = yes

;  preferred master = yes

# 6. Domain Control Options:

   domain logons = yes

;  logon script = %m.bat

;  logon script = %U.bat

   logon path = \\%L\profiles\%U

   logon drive = Z:

   logon home = \\%L\%U

   add user script = /usr/sbin/smbldap-useradd -m "%u"

# Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller.

   add user script = /usr/sbin/smbldap-useradd -m "%u"

   delete user script = /usr/sbin/userdel -r "%u"

   add machine script = /usr/sbin/smbldap-useradd -w "%u"

   add group script = /usr/sbin/smbldap-groupadd -p "%g"

   delete group script = /usr/sbin/groupdel "%g"

   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"

   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

# Domain groups:

# Domain groups are now configured by using the 'net groupmap' tool

# Samba Password Database configuration:

# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.

   passdb backend = ldapsam:ldap://127.0.0.1

   ldap delete dn = Yes

;  idmap uid = 10000-20000

;  idmap gid = 10000-20000

# LDAP configuration for Domain Controlling:

   ldap admin dn = cn=Manager,dc=CRAWFORD_HOUSE,dc=NET

   ldap ssl = no

# start_tls should run on 389, but samba defaults incorrectly to 636

;  ldap port = 389

   ldap suffix = dc=CRAWFORD_HOUSE,dc=NET

;  ldap server = ldap.mydomain.com

# Seperate suffixes are available for machines, users, groups, and idmap, if

   ldap machine suffix = ou=Hosts

   ldap user suffix = ou=People

   ldap group suffix = ou=Group

   ldap idmap suffix = ou=Idmap

# 7. Name Resolution Options:

# Windows Internet Name Serving Support Section:

   wins support = yes

   name resolve order = wins lmhosts host bcast

# WINS Proxy - Tells Samba to answer name resolution queries on

;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

   dns proxy = no

# 8. File Naming Options:

;   preserve case = no

;   short preserve case = no

# Default case is normally upper case for all DOS files

;   default case = lower

# Be very careful with case sensitivity - it can break things!

;   case sensitive = no

#============================ Share Definitions ==============================

[homes]

   comment = Home Directories

   path = /home/%U

   browseable = no

   valid users = %S

   read only = no

   create mask = 0664

   directory mask = 0775

# Un-comment the following and create the netlogon directory for Domain Logons

[netlogon]

   comment = Network Logon Service

   path = /var/lib/samba/netlogon

   guest ok = no

   path = /var/lib/samba/netlogon

   guest ok = no

   browseable = no

   write list = root

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

 [profiles]

   path = /var/lib/samba/profiles

   writable = yes

   browsable = no

   create mode = 0644

   directory mode = 0755

   guest ok = no

;[printers]

;   comment = All Printers

;   path = /var/spool/samba

;   browseable = no

# to allow user 'guest account' to print.

;   guest ok = yes

;   writable = no

;   printable = yes

    create mode = 0700

# =====================================

# print command: see above for details.

# =====================================

;   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.

;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).

# The following two commands are the samba defaults for printing=cups

# change them only if you need different options:

;   lpq command = lpq -P %p

;   lprm command = cancel %p-%j

;[print$]

;   path = /var/lib/samba/printers

;   browseable = yes

;   read only = yes

;   write list = @adm root

;   guest ok = yes

# A publicly accessible directory, but read only, except for people in

# the "staff" group

 [public]

    comment = Public Stuff

    path = /public

    public = yes

    browseable = yes

    write list = @users

```

testparm seems to indicate no error

```

thebird # testparm -v

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[netlogon]"

Processing section "[profiles]"

Processing section "[public]"

Loaded services file OK.

Server role: ROLE_DOMAIN_PDC

```

When I stop samba smbd comes up with [!!]

My wife would really appreciate any help in pointing me in the correct direction so I can again spend tim with her.

Thanks

Dean CrawfordLast edited by dudestir on Sat Sep 23, 2006 9:33 pm; edited 1 time in total

----------

## Aries-Belgium

Try to comment the guest ok parameter in your shares and try again ...

----------

## dudestir

Thanks for the quick reply.

The guests ok in both printer shares are commented out.

If got guests ok = no in the other shares.

I had previously tried setting the printer shares guests ok = no before commenting out the entire share.

Dean

----------

## dudestir

Does anyone else have any other ideas?

----------

## DawgG

just a quick idea, i've never done samba with LDAP, but don't you have to set the parameter

```
security = server
```

(yours = user) to do all the domain-stuff?

i think that's how it was done the classic "windoze nt" way

----------

## dudestir

From the Sama news group they had me try adding

winbind nested groups = no

This corrected my issue

----------

