What kind of your security parameter using?..try to set security = ADS at smb.conf Or you can just configure idmap uid and gid like this : idmap uid =10000-500000
idmap gid = 10000-500000 not specify your idmap backend, correct me if i'm wrong :-) Best Regards, Aldyth M On Wed, Jun 8, 2011 at 10:02 PM, Adrian Berlin <g...@rock.com> wrote: > Hello, > > I have problem with idmap configuration. I would like to use LDAP as > backend for idmap in Samba+ADS environment, but i have following errors > in log.winbindd-idmap: > > [2011/06/08 16:57:54.805575, 0] > > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module ldap already > > registered! > [2011/06/08 16:57:54.805618, 0] > > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module tdb already > > registered! > [2011/06/08 16:57:54.805645, 0] > > winbindd/idmap.c:149(smb_register_idmap) > Idmap module passdb already > > registered! > [2011/06/08 16:57:54.805671, 0] > > winbindd/idmap.c:149(smb_register_idmap) > Idmap module nss already > > registered! > [2011/06/08 16:57:54.806552, 1] > > winbindd/idmap_ldap.c:193(verify_idpool) > Unable to verify the idpool, cannot continue > > initialization! > [2011/06/08 16:57:54.806642, 0] > > winbindd/idmap.c:589(idmap_alloc_init) > ERROR: Initialization failed for alloc backend, > > deferred! > [2011/06/08 16:57:54.844163, 0] > > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module ldap already > > registered! > [2011/06/08 16:57:54.844226, 0] > > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module tdb already > > registered! > [2011/06/08 16:57:54.844254, 0] > > winbindd/idmap.c:149(smb_register_idmap) > Idmap module passdb already > > registered! > [2011/06/08 16:57:54.844280, 0] > > winbindd/idmap.c:149(smb_register_idmap) > Idmap module nss already > > registered! > [2011/06/08 16:57:54.845341, 1] > > winbindd/idmap_ldap.c:193(verify_idpool) > Unable to verify the idpool, cannot continue > > initialization! > [2011/06/08 16:57:54.845380, 0] > > winbindd/idmap.c:589(idmap_alloc_init) > ERROR: Initialization failed for alloc backend, > > deferred! > [2011/06/08 16:57:54.846287, 0] > > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module ldap already > > registered! > [2011/06/08 16:57:54.846326, 0] > > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module tdb already > > registered! > [2011/06/08 16:57:54.846353, 0] > > winbindd/idmap.c:149(smb_register_idmap) > Idmap module passdb already > > registered! > [2011/06/08 16:57:54.846380, 0] > > winbindd/idmap.c:149(smb_register_idmap) > Idmap module nss already > > registered! > [2011/06/08 16:57:54.847374, 1] > > winbindd/idmap_ldap.c:193(verify_idpool) > Unable to verify the idpool, cannot continue > > initialization! > [2011/06/08 16:57:54.847409, 0] > > winbindd/idmap.c:589(idmap_alloc_init) > ERROR: Initialization failed for alloc backend, deferred! > > LDAP database is up and running. > > slapcat: > > dn: dc=server,dc=nas > objectClass: dcObject > objectClass: organization > dc: server > o: server > structuralObjectClass: organization > entryUUID: 6401d0ac-262b-1030-84d2-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000000#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: cn=admin,dc=server,dc=nas > objectClass: organizationalRole > objectClass: simpleSecurityObject > cn: admin > userPassword:: c2VjcmV0 > description: LDAP administrator > structuralObjectClass: organizationalRole > entryUUID: 64127830-262b-1030-84d3-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000001#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: ou=People,dc=server,dc=nas > ou: People > objectClass: top > objectClass: organizationalUnit > structuralObjectClass: organizationalUnit > entryUUID: 642ad5ec-262b-1030-84d4-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000002#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: ou=ChapPeople,dc=server,dc=nas > ou: ChapPeople > objectClass: top > objectClass: organizationalUnit > structuralObjectClass: organizationalUnit > entryUUID: 642f6b7a-262b-1030-84d5-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000003#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: ou=Groups,dc=server,dc=nas > ou: Groups > objectClass: top > objectClass: organizationalUnit > structuralObjectClass: organizationalUnit > entryUUID: 64357e34-262b-1030-84d6-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000004#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: ou=Computers,dc=server,dc=nas > ou: Computers > objectClass: top > objectClass: organizationalUnit > structuralObjectClass: organizationalUnit > entryUUID: 643a116a-262b-1030-84d7-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000005#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: ou=idmap,dc=server,dc=nas > objectClass: organizationalUnit > objectClass: top > objectClass: sambaUnixIdPool > ou: idmap > description: idmap > uidNumber: 10000 > gidNumber: 10000 > structuralObjectClass: organizationalUnit > entryUUID: 643ea9dc-262b-1030-84d8-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000006#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: sambaDomainName=DSS,dc=server,dc=nas > sambaDomainName: DSS > sambaSID: S-1-5-21-2206515185-2896615622-3143254707 > sambaAlgorithmicRidBase: 1000 > objectClass: sambaDomain > sambaNextUserRid: 1000 > sambaMinPwdLength: 5 > sambaPwdHistoryLength: 0 > sambaLogonToChgPwd: 0 > sambaMaxPwdAge: -1 > sambaMinPwdAge: 0 > sambaLockoutDuration: 30 > sambaLockoutObservationWindow: 30 > sambaLockoutThreshold: 0 > sambaForceLogoff: -1 > sambaRefuseMachinePwdChange: 0 > structuralObjectClass: sambaDomain > entryUUID: 6470ac16-262b-1030-84d9-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000007#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > dn: cn=users,ou=Groups,dc=server,dc=nas > objectClass: posixGroup > objectClass: top > objectClass: sambaGroupMapping > gidNumber: 101 > cn: users > description: DefaulGroup > sambaSID: S-1-5-21-2206515185-2896615622-3143254707-1203 > sambaGroupType: 2 > displayName: users > structuralObjectClass: posixGroup > entryUUID: 6475a05e-262b-1030-84da-1370b5f1fe61 > creatorsName: cn=admin,dc=server,dc=nas > createTimestamp: 20110608145736Z > entryCSN: 20110608145736Z#000008#00#000000 > modifiersName: cn=admin,dc=server,dc=nas > modifyTimestamp: 20110608145736Z > > cat /etc/samba/smb.conf > ... > ldap admin dn= > > "cn=admin,dc=server,dc=nas" > ldap suffix= > > "dc=server,dc=nas" > #ldap server= > > 127.0.0.1 > ldap idmap suffix = > > "ou=idmap" > passdb backend = > ldapsam:ldap://127.0.0.1:389 > > idmap backend = > ldap:ldap://127.0.0.1:389 > > idmap uid = > > 10000-500000 > idmap gid = 10000-500000 > ... > > Samba successfully connect to ADS domain but idmapings aren't writen to > LDAP database. > > Best Regards > > -- > You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of > Storage! > > > http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748&STATUS=MAIN > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba