[Samba] Trouble with idmap_ldap in 3.3.6

Fri, 10 Jul 2009 21:36:44 -0700 

Hello everyone,
We've been running Samba for years, and with the exception of IDMAP, we've been very happy. Well, now we have a real need to keep this information in a shared DB, so I'm trying to set up the idmap_ldap plugin. 


  I *think* I have lookups working correctly-- at least, I can see that 
Samba is contacting the LDAP directory.  But since there's nothing 
actually *in* my directory yet, I can't be sure.



  But the real issue is that I'm having trouble getting LDAP to work as an 
allocating backend.  I'm getting some ugly stuff like this:


[2009/07/10 23:37:51,  0] winbindd/idmap.c:smb_register_idmap_alloc(201)
  idmap_alloc module tdb already registered!
[2009/07/10 23:37:51,  0] winbindd/idmap.c:smb_register_idmap(149)
  Idmap module passdb already registered!
[2009/07/10 23:37:51,  0] winbindd/idmap.c:smb_register_idmap(149)
  Idmap module nss already registered!
[2009/07/10 23:37:51,  0] winbindd/idmap.c:idmap_alloc_init(589)
  ERROR: Initialization failed for alloc backend, deferred!
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(40)
  ===============================================================
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(44)
  ===============================================================
[2009/07/10 23:38:12,  0] lib/util.c:smb_panic(1673)
  PANIC (pid 14920): internal error
[2009/07/10 23:38:12,  0] lib/util.c:log_stack_trace(1777)
  BACKTRACE: 21 stack frames:
   #0 winbindd(log_stack_trace+0x2d) [0x3581f9]
   #1 winbindd(smb_panic+0x8e) [0x35804b]
   #2 winbindd [0x341960]
   #3 winbindd [0x341971]
   #4 /lib/tls/libc.so.6 [0x74e918]
   #5 winbindd [0x62c779]
   #6 winbindd(run_events+0xdf) [0x36b645]
   #7 winbindd [0x2b8c6d]
   #8 winbindd [0x2b5eb7]
   #9 winbindd(async_request+0x20f) [0x2b5881]
   #10 winbindd(do_async+0x13c) [0x2b9301]
   #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e]
   #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7]
   #13 winbindd [0x2819b8]
   #14 winbindd [0x28251a]
   #15 winbindd [0x282368]
   #16 winbindd [0x281ce7]
   #17 winbindd [0x282c13]
   #18 winbindd(main+0xb68) [0x283a96]
   #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3]
   #20 winbindd [0x280f31]
[2009/07/10 23:38:12,  0] lib/fault.c:dump_core(231)
  dumping core in /var/log/samba/cores/winbindd


  It's entirely possible that I'm just not configuring this properly. 
I've been looking at this document 
(http://samba.org/~obnox/presentations/sambaXP-2009/sambaxp-2009-talk-obnox-slides-paper.pdf) 
for guidance, because to be honest, it's not clear which revision of 
idmap_ldap the manpage actually refers to.



  Anyway, the global section of my smb.conf follows, edited slightly. 
Can someone help me out?  Oh, and I should mention-- I did set the alloc 
secret using 'net idmap secret alloc'.  That part seems to go OK.  (BTW-- 
some of these options have accreted over the years-- some of them may no 
longer be necessary, or even helpful-- please let me know if anything 
sticks out at you)


[global]
        interfaces = eth0
        netbios name = FOZZIE-NEW
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        realm = BOSTON.EXAMPLE.NET
        security = ADS
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        idmap backend = ldap:ldap://localhost/
        idmap alloc backend = ldap
        idmap alloc config : ldap_url = ldap://localhost/
        idmap alloc config : ldap_user_dn = 
cn=Manager,dc=boston,dc=example,dc=net
        idmap alloc config : ldap_base_dn = ou=Idmap,dc=boston,dc=example,dc=net
        ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net
        ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net
        ldap suffix = dc=boston,dc=example,dc=net
        ldap ssl = off
        winbind enum users = no
        winbind enum groups = no
        workgroup = BOSTON
        os level = 20
        password server = bosdc01.boston.example.net
        preferred master = no
        winbind separator = +
        max log size = 50
        log file = /var/log/samba/log.%m
        encrypt passwords = yes
        dns proxy = no
        wins server = 192.168.0.252
        wins proxy = no
        smb ports = 139
        load printers = no
        printable = no
        printcap name = /dev/null
        # For broken MacOSX client
        max disk size = 1048576
        # make sure mode bits are always set correctly
        create mask = 770
        directory mask = 770
        # change default server identification string
        server string = ""
        # for sshd
        template shell = /bin/bash
        client use spnego = yes
        unix extensions = no

I set up my LDAP with the following LDF:

dn: dc=boston,dc=example,dc=net
objectclass: dcObject
objectclass: organization
o: BSM Boston
dc: boston
description: Posix and Samba LDAP Identity Database

dn: cn=Manager,dc=boston,dc=example,dc=net
objectclass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=Idmap,dc=boston,dc=example,dc=net
objectClass: organizationalUnit
ou: idmap


  If anyone has any ideas, I would be very grateful.  I seem to be having 
a hard time coming up with working examples using LDAP as an allocating 
backend for 3.3 on the web.


Thanks,
Dan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to