i'm using samba 3.0.0 Beta 3 with LDAPv3 and --with-ldapsam users (unix+samba) are authenticated against ldap (nsswitch)
since Beta3 we have to use winbindd, to map UID/GID correctly to RID v.v.
IDMAP's are stored in LDAP (no .tdb-file)
starting winbind give's me the following error
************ winbindd ************
#~ winbindd -FS
-- snip --
winbindd version 3.0.0beta1 started. set_server_role: role = ROLE_DOMAIN_PDC added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Netbios name list:- my_netbios_names[0]="LINUX" added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Opening cache file at /var/lib/samba/locks/gencache.tdb namecache_enable: enabling netbios namecache, timeout 660 seconds Successfully added idmap backend 'winbind' Successfully added idmap backend 'ldap' Successfully added idmap backend 'tdb' =============================================================== INTERNAL ERROR: Signal 11 in pid 21347 (3.0.0beta1) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== smb_panic: clobber_region() last called from [idmap_init(123)] PANIC: internal error BACKTRACE: 9 stack frames: #0 winbindd(smb_panic+0x229) [0x80bd4e7] #1 winbindd [0x80a93c1] #2 winbindd [0x80a9419] #3 /lib/libc.so.6 [0x402365c8] #4 winbindd(safe_strcpy_fn+0xa2) [0x80b3d68] #5 winbindd(idmap_init+0x1ee) [0x81585ec] #6 winbindd(main+0x346) [0x806cf3f] #7 /lib/libc.so.6(__libc_start_main+0xce) [0x402228ae] #8 winbindd(chroot+0x31) [0x806b621]
Aborted
-- snip --
Is it a primary/known bug? using pdbedit ID's are insert in ldap if i use
idmap backend = ldap instead of idmap backend = ldap:ldap://localhost/
i get no errors with winbindd but timeouts with ldap-server it finds no dn (dn= (null)), although it's given in smb.conf !!!!!!!!!
-- snip --
winbindd version 3.0.0beta1 started.
Copyright The Samba Team 2000-2003
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
doing parameter passdb backend = ldapsam:ldap://localhost:389
doing parameter ldap suffix = dc=eva,dc=mpg,dc=de
doing parameter ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de
doing parameter ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
doing parameter ldap machine suffix = ou=machines
doing parameter ldap user suffix = ou=users
doing parameter idmap backend = ldap
doing parameter ldap idmap suffix = ou=idmap,dc=eva,dc=mpg,dc=de
doing parameter idmap uid = 1000-5000
doing parameter idmap gid = 1000-5000
doing parameter interfaces = eth0 lo
doing parameter bind interfaces only = yes
doing parameter load printers = yes
doing parameter log file = /var/lib/samba/log.%m
doing parameter max log size = 50
doing parameter security = user
doing parameter encrypt passwords = yes
doing parameter socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
doing parameter local master = yes
doing parameter os level = 33
doing parameter domain master = yes
doing parameter domain logons = yes
doing parameter wins support = yes
doing parameter dns proxy = no
Processing section "[foedisch]"
doing parameter comment = Home Directories
doing parameter browseable = yes
doing parameter writable = yes
doing parameter path = /home/foedisch
Processing section "[printers]"
doing parameter comment = All Printers
doing parameter path = /usr/spool/samba
doing parameter browseable = no
doing parameter guest ok = no
doing parameter writable = no
doing parameter printable = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
adding IPC service
adding IPC service
set_server_role: role = ROLE_DOMAIN_PDC
added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Netbios name list:-
my_netbios_names[0]="LINUX"
added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Opening cache file at /var/lib/samba/locks/gencache.tdb
namecache_enable: enabling netbios namecache, timeout 660 seconds
Successfully added idmap backend 'winbind'
Successfully added idmap backend 'ldap'
Successfully added idmap backend 'tdb'
idmap_init: using 'ldap' as remote backend
ldap_idmap_open_connection:
ldap_idmap_open_connection: connection opened
ldap_idmap_connect_system: Binding to ldap server as "cn=manager,dc=eva,dc=mpg,dc=de"
failed to bind to server with dn= (null) Error: Can't contact LDAP server
(null)
Connection to LDAP Server failed for the 1 try!
....
Connection to LDAP Server failed for the 8 try!
ldap_idmap_search: LDAP server is down!
The connection to the LDAP server was closed
ldap_idmap_open_connection: (null)
ldap_idmap_open_connection: connection opened
ldap_idmap_connect_system: Binding to ldap server (null) as "cn=manager,dc=eva,dc=mpg,dc=de"
ldap_idmap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
ldap_set_mapping: Failed to create mapping from S-1-5-21-1042031166-387543594-2118856591-501 to 65534 [uidNumber]
Trying to load: ldapsam:ldap://localhost:389
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost:389 (ldapsam)
Found pdb backend ldapsam
Enabling non-unix account ranges
pdb backend ldapsam:ldap://localhost:389 has a valid init
ldapsam_open_connection: ldap://localhost:389
ldapsam_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost:389 as "cn=manager,dc=eva,dc=mpg,dc=de"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
ldapsam_setsampwent: 3 entries in the base!
Entry found for group: 500
get_single_attribute: [description] = [<does not exist>]
Entry found for group: 501
get_single_attribute: [description] = [<does not exist>]
Entry found for group: 0
get_single_attribute: [description] = [<does not exist>]
ldap_idmap_open: already connected to the LDAP server
ldap_set_mapping: Failed to create mapping from S-1-5-21-1042031166-387543594-2118856591-2001 to 500 [gidNumber]
ldap_idmap_open: already connected to the LDAP server
ldap_set_mapping: Failed to create mapping from S-1-5-21-1042031166-387543594-2118856591-2003 to 501 [gidNumber]
ldap_idmap_open: already connected to the LDAP server
ldap_set_mapping: Failed to create mapping from S-1-5-21-1042031166-387543594-2118856591-1001 to 0 [gidNumber]
-- EOF --
could somebody help me or give me hints?
thx very much
micha
************ smb.conf ************
-- snip --
[global]
workgroup = testevan netbios name = linux
server string = Samba Server
log level = 10
passdb backend = ldapsam:ldap://localhost:389
ldap suffix = dc=eva,dc=mpg,dc=de ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap machine suffix = ou=machines ldap user suffix = ou=users
idmap backend = ldap:ldap://localhost/ ldap idmap suffix = ou=idmap,dc=eva,dc=mpg,dc=de
# default=1000 # algorithmic rid base = 1000
idmap uid = 1000-5000 idmap gid = 1000-5000
-- snip --
************ ldap-content ************
# extended LDIF # # LDAPv3 # base <> with scope sub # filter: (objectclass=*) # requesting: ALL #
# eva.mpg.de dn: dc=eva,dc=mpg,dc=de objectClass: organization o: MPIEVA
# users, eva.mpg.de dn: ou=users,dc=eva,dc=mpg,dc=de objectClass: organizationalUnit ou: users
# idmap, eva.mpg.de dn: ou=idmap,dc=eva,dc=mpg,dc=de objectClass: organizationalUnit ou: idmap
# users, users, eva.mpg.de dn: cn=users,ou=users,dc=eva,dc=mpg,dc=de objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 500 cn: users sambaSID: S-1-5-21-1042031166-387543594-2118856591-2001 sambaGroupType: 2 displayName: Benutzer
# foedisch, users, eva.mpg.de dn: cn=foedisch,ou=users,dc=eva,dc=mpg,dc=de objectClass: person objectClass: posixAccount sn: foedisch cn: foedisch uid: foedisch uidNumber: 502 gidNumber: 500 homeDirectory: /home/foedisch loginShell: /bin/bash userPassword:
# 65534, idmap, eva.mpg.de dn: uidNumber=65534,ou=idmap,dc=eva,dc=mpg,dc=de objectClass: sambaIdmapEntry uidNumber: 65534 sambaSID: S-1-5-21-1042031166-387543594-2118856591-501
# 500, idmap, eva.mpg.de dn: gidNumber=500,ou=idmap,dc=eva,dc=mpg,dc=de objectClass: sambaIdmapEntry gidNumber: 500 sambaSID: S-1-5-21-1042031166-387543594-2118856591-2001
# foedisch, users, eva.mpg.de dn: uid=foedisch,ou=users,dc=eva,dc=mpg,dc=de uid: foedisch sambaSID: S-1-5-21-1042031166-387543594-2118856591-501 sambaPrimaryGroupSID: S-1-5-21-1042031166-387543594-2118856591-2001 displayName: foedisch sambaPwdCanChange: 1062577426 sambaPwdMustChange: 1064391826 sambaLMPassword: 624AAC413795CDC1FF17365FAF1FFE89 sambaNTPassword: 3B1B47E42E0463276E3DED6CEF349F93 sambaPwdLastSet: 1062577426 sambaAcctFlags: [U ] objectClass: sambaSamAccount objectClass: account
# machines, eva.mpg.de dn: ou=machines,dc=eva,dc=mpg,dc=de objectClass: organizationalUnit ou: machines
# machines, machines, eva.mpg.de dn: cn=machines,ou=machines,dc=eva,dc=mpg,dc=de objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 501 cn: machines sambaSID: S-1-5-21-1042031166-387543594-2118856591-2003 sambaGroupType: 2 displayName: machines
# winxp$, users, eva.mpg.de dn: cn=winxp$,ou=users,dc=eva,dc=mpg,dc=de objectClass: posixAccount objectClass: person cn: winxp$ uid: winxp$ sn: winxp$ uidNumber: 504 gidNumber: 501 homeDirectory: / loginShell: /bin/false userPassword:: e01ENX1GdGVrL0tkRUxkbzYyVHlhY21XWDVBPT0=
# 501, idmap, eva.mpg.de dn: gidNumber=501,ou=idmap,dc=eva,dc=mpg,dc=de objectClass: sambaIdmapEntry gidNumber: 501 sambaSID: S-1-5-21-1042031166-387543594-2118856591-2003
# winxp$, machines, eva.mpg.de dn: uid=winxp$,ou=machines,dc=eva,dc=mpg,dc=de uid: winxp$ sambaSID: S-1-5-21-1042031166-387543594-2118856591-2008 sambaPrimaryGroupSID: S-1-5-21-1042031166-387543594-2118856591-515 displayName: winxp$ sambaPwdCanChange: 1062579763 sambaPwdMustChange: 1064394163 sambaLMPassword: 7C3EF25FA3779D64AAD3B435B51404EE sambaNTPassword: 1A49257017CFEA65452A8927CE010BD3 sambaPwdLastSet: 1062579763 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account
# root_group, users, eva.mpg.de dn: cn=root_group,ou=users,dc=eva,dc=mpg,dc=de objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 0 cn: root sambaSID: S-1-5-21-1042031166-387543594-2118856591-1001 sambaGroupType: 2 displayName: Administratoren
# root, users, eva.mpg.de dn: cn=root,ou=users,dc=eva,dc=mpg,dc=de objectClass: posixAccount objectClass: person cn: root uid: root sn: root uidNumber: 0 gidNumber: 0 homeDirectory: / loginShell: /bin/bash userPassword:: e01ENX1sVS8wS0pjK1laWm9zdFU2em5URm9BPT0=
# 0, idmap, eva.mpg.de dn: gidNumber=0,ou=idmap,dc=eva,dc=mpg,dc=de objectClass: sambaIdmapEntry gidNumber: 0 sambaSID: S-1-5-21-1042031166-387543594-2118856591-1001
# root, users, eva.mpg.de dn: uid=root,ou=users,dc=eva,dc=mpg,dc=de uid: root sambaSID: S-1-5-21-1042031166-387543594-2118856591-1000 sambaPrimaryGroupSID: S-1-5-21-1042031166-387543594-2118856591-1001 displayName: root sambaPwdCanChange: 1062580385 sambaPwdMustChange: 1064394785 sambaLMPassword: 15CAAC75F60F56F99E1AE3CC3AC1887E sambaNTPassword: B8C11A1F0254E63D654CBB0C28C3F1DF sambaPwdLastSet: 1062580385 sambaAcctFlags: [U ] objectClass: sambaSamAccount objectClass: account
# search result search: 2 result: 0 Success
# numResponses: 18 # numEntries: 17
don't try to crack these pwd, they're just fake ;) servers are in a vm-ware host-only network
--
"Matrix - more than a vision"
************************************************** Michael Gasch Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig
Germany **************************************************
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
