search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.45k stars 13.65k forks source link

Samba fails to start with error: failed to setup guest info #95796

Open mrschyte opened 4 years ago

mrschyte commented 4 years ago

Describe the bug I'm trying to integrate my NixOS setup with an ad server. I've set up samba the following way using the sssd guide at https://sssd.io/docs/users/ad_provider.html:

/etc/nixos/configuration.nix:
  services.samba = {
    enable = true;
    securityType = "ads";
    extraConfig = "
      realm = AD.EXAMPLE.COM
      workgroup = EXAMPLE
      kerberos method = secrets and keytab
      client signing = yes                       
      client use spnego = yes
    '';
  };

When applying the config samba fails with the following error:

Aug 19 10:34:45 adtest smbd[14905]: [2020/08/19 10:34:45.931379,  0] ../../source3 auth/auth_util.c:1384(make_new_session_info_guest)
Aug 19 10:34:45 adtest smbd[14905]:   create_local_token failed: NT_STATUS_INVALID_PARAMETER_MIX
Aug 19 10:34:45 adtest smbd[14905]: [2020/08/19 10:34:45.931442,  0] ../../source3/smbd/server.c:2034(main)
Aug 19 10:34:45 adtest smbd[14905]:   ERROR: failed to setup guest info.
Aug 19 10:34:45 adtest systemd[1]: samba-smbd.service: Main process exited, code=exited, status=255/EXCEPTION
Aug 19 10:34:45 adtest systemd[1]: samba-smbd.service: Failed with result 'exit-code'.
Aug 19 10:34:45 adtest systemd[1]: Failed to start Samba Service Daemon smbd.

Note the error message ERROR: failed to setup guest info.

To Reproduce Enable the samba service with the above configuration.

Expected behavior The Samba service should start without an error.

Additional context I've found the following RedHat ticket (https://bugzilla.redhat.com/show_bug.cgi?id=1648399), which recommends running the following command to fix the issue:

net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin

After running nix-shell -p samba4Full --command 'net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin' and rebuilding the config with nixos-rebuild switch Samba starts up fine.

IMHO the Samba package should verify the existence of the guest account and automatically add it via the above command if missing.

Notify maintainers

@aneeshusa

Metadata Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

 - system: `"x86_64-linux"`
 - host os: `Linux 5.4.58, NixOS, 20.03.2806.cb1996818ed (Markhor)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.6`
 - channels(root): `"nixos-20.03.2806.cb1996818ed"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
 - samba4Full
# a list of nixos modules affected by the problem
module:
 - services.samba
bbigras commented 3 years ago

I ran into this today. I had to use nogroup instead of nobody with the net groupmap add command.

stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info