Under MOSXS 10.1, I had installed Samba 2.2.5 in its own /usr/local/samba area, and configured it to run as a PDC. Worked great. Once I upgraded to Jaguar, though, it quit working. I updated to Samba 2.2.6, but it still doesn’t work right. Some things work, but browsing & actually connecting to shared drives from Windows clients doesn’t work…I get a “PANIC: failed to set gid” error. Any ideas?
[2002/11/11 14:29:18, 3, pid=15674, effective(0, 0), real(0, 0)] smbd/uid.c:push_conn_ctx(285)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2002/11/11 14:29:18, 3, pid=15674, effective(0, 0), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(328)
setting sec ctx (0, 0) – sec_ctx_stack_ndx = 1
[2002/11/11 14:29:18, 0, pid=15674, effective(0, 205), real(0, 205)] lib/util_sec.c:assert_gid(111)
Failed to set gid privileges to (0,205) now set to (205,205) uid=(0,0)
[2002/11/11 14:29:18, 0, pid=15674, effective(0, 205), real(0, 205)] lib/util.c:smb_panic(1094)
PANIC: failed to set gid
After playing with it for awhile, I have realized that Apple has made some significant changes in their Samba integration with Jaguar, mostly for the better.
* No longer will Server Settings overwrite your customizations in /etc/smb.conf, so you don’t have to do the “sudo chflags uchg /etc/smb.conf” bit (though there’s a catch to this: once you’ve made your manual changes, you should reboot the server before running the Windows config in Server Settings, as it seems to cache the startup settings somewhere, and it *will* overwrite your customizations until you restart–at least, that’s what it does to me!).
* A separate standalone install of Samba (in /usr/local/samba, typically) does not seem to work properly, as it used to in 10.1.x. There are issues with network browsing etc. that seem to stem from the different user authentication scheme in Jaguar.
* Workgroup Manager still will not allow you to add a user with a trailing “$”. When adding a Windows host to the domain, you still must use the root username & password to authenticate.
* Machine accounts do not have to use Password Server, but any user accounts that need to logon from Windows must use Password Server authentication.
Here is the business end of my smb.conf file, for what it’s worth:
[global]
local master = YES
domain master = YES
preferred master = YES
domain logons = YES
os level = 64
security = USER
admin users = admin, joe
logon drive = U:
logon home = \\%N\Users\%u
logon path = \\%N\profiles\%u
domain admin group = admin @wheel
guest account = unknown
max smbd processes = 0
encrypt passwords = YES
print command = /usr/sbin/PrintServiceAccess printps %p %s
lpq command = /usr/sbin/PrintServiceAccess jobs %p
lprm command = /usr/sbin/PrintServiceAccess remove %p %j
lppause command = /usr/sbin/PrintServiceAccess hold %p %j
lpresume command = /usr/sbin/PrintServiceAccess release %p %j
printer admin = unknown, @staff
server string = Mac OS X Server (Samba %v)
client code page = 437
coding system = utf8
log file = /Library/Logs/WindowsServices/WindowsFileService.log
netbios name = JAGUAR
workgroup = NT-DOMAIN-NAME
wins support = NO
log level = 2
[netlogon]
path = /Shared Items/PDC/netlogon
writeable = NO
write list = ntadmin
comment = Windows netlogon
[homes]
path = /Users/%u
read only = NO
create mask = 0600
directory mask = 0700
comment = Windows user homes
[profiles]
path = /Shared Items/PDC/profiles
writeable = YES
create mask = 0600
directory mask = 0700
comment = Windows user profiles
[Users]
path = /Users
public = NO
create mask = 0644
directory mask = 0755
read only = NO
comment = macosx
Comments are closed