Hi Guys,
I'm having problems getting the new idmap_adex module to work.
When using the idmap_adex plugin I get the following:
# wbinfo -n administrator
S-1-5-21-XXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500 User (1)
# wbinfo -i administrator
Could not get info for user administrator
As expected attempting to lookup user & group info via commands which use
libnss also fail.
The "administrator" account is setup with all the necessary rfc2307 attributes
and works fine with the idmap_ad plugin. The uidNumber, gidNumber, and uid
attributes have been added to the forests partial attribute set, as recommended
by then idmap_adex man page.
Idmap log throws up a couple of interesting lines (full log below):
1) "NT_STATUS_NO_LOGON_SERVERS"; although wbinfo --online-status says domain is
online and name to sid lookups work ok.
2) "could not find idmap alloc module adex"; idmap module is installed at
/usr/lib/samba/idmap/adex.so, ad.so is in the same folder.
Domain & forest functional level are both Windows Server 2003. Running
Samba/Winbind 3.3.1 on RHEL5, built from Fedora rawhide SRPM.
Here is my smb.conf
[global]
workgroup = LOCAL
disable netbios = yes
log file = /var/log/samba/%m.log
max log size = 50
ldap timeout = 10
realm = LOCAL.DOM
ldap ssl = off
security = ads
winbind use default domain = true
log level = idmap:10
winbind offline logon = true
winbind enum groups = no
winbind enum users = no
use kerberos keytab = yes
winbind refresh tickets = true
template homedir = /home/%U
idmap backend = adex
idmap uid = 100-4000000000
idmap gid = 100-4000000000
winbind nss info = adex
winbind normalize names = yes
And here is log-winbindd-idmap at debug level 10:
[2009/03/26 09:12:45, 10] winbindd/idmap_util.c:idmap_sid_to_uid(143)
idmap_sid_to_uid: sid = [S-1-5-21-XXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500],
domain = ''
[2009/03/26 09:12:45, 10] winbindd/idmap.c:idmap_backends_sid_to_unixid(763)
idmap_backend_sid_to_unixid: domain = '', sid =
[S-1-5-21-XXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500]
[2009/03/26 09:12:45, 10] winbindd/idmap.c:idmap_find_domain(465)
idmap_find_domain called for domain ''
[2009/03/26 09:12:45, 10] winbindd/idmap.c:idmap_init_default_domain(349)
idmap_init_default_domain: calling static_init_idmap
[2009/03/26 09:12:45, 5] winbindd/idmap.c:smb_register_idmap_alloc(218)
Successfully added idmap alloc backend 'ldap'
[2009/03/26 09:12:45, 5] winbindd/idmap.c:smb_register_idmap(169)
Successfully added idmap backend 'ldap'
[2009/03/26 09:12:45, 10] winbindd/idmap_tdb.c:idmap_tdb_init(1192)
calling idmap_tdb_init
[2009/03/26 09:12:45, 5] winbindd/idmap.c:smb_register_idmap_alloc(218)
Successfully added idmap alloc backend 'tdb'
[2009/03/26 09:12:45, 5] winbindd/idmap.c:smb_register_idmap(169)
Successfully added idmap backend 'tdb'
[2009/03/26 09:12:45, 5] winbindd/idmap.c:smb_register_idmap(169)
Successfully added idmap backend 'passdb'
[2009/03/26 09:12:45, 5] winbindd/idmap.c:smb_register_idmap(169)
Successfully added idmap backend 'nss'
[2009/03/26 09:12:45, 3] winbindd/idmap.c:idmap_init_default_domain(359)
idmap_init: using 'adex' as remote backend
[2009/03/26 09:12:45, 10]
winbindd/idmap_adex/likewise_cell.c:cell_do_search(382)
cell_do_search: Base = , Filter =
(objectSid=\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX\XX),
Scope = 2, GC = yes
[2009/03/26 09:12:45, 10]
winbindd/idmap_adex/likewise_cell.c:cell_connect_dn(339)
Failed! (NT_STATUS_NO_LOGON_SERVERS)
[2009/03/26 09:12:45, 1]
winbindd/idmap_adex/likewise_cell.c:cell_connect_dn(346)
LWI: Failled to connect to cell "dc=LOCAL,dc=DOM" (NT_STATUS_NO_LOGON_SERVERS)
[2009/03/26 09:12:45, 10]
winbindd/idmap_adex/domain_util.c:dc_search_domains(243)
Failed! (NT_STATUS_NO_LOGON_SERVERS)
[2009/03/26 09:12:45, 10]
winbindd/idmap_adex/provider_unified.c:search_domain(254)
Failed! (NT_STATUS_NO_LOGON_SERVERS)
[2009/03/26 09:12:45, 4]
winbindd/idmap_adex/provider_unified.c:search_domain(270)
LWI (search_domain): NT_STATUS_NO_LOGON_SERVERS
[2009/03/26 09:12:45, 10]
winbindd/idmap_adex/provider_unified.c:search_forest(523)
Failed! (NT_STATUS_NO_LOGON_SERVERS)
[2009/03/26 09:12:45, 4]
winbindd/idmap_adex/provider_unified.c:search_forest(531)
LWI (search_forest): NT_STATUS_NO_LOGON_SERVERS
[2009/03/26 09:12:45, 3]
winbindd/idmap_adex/provider_unified.c:search_cell_list(599)
LWI (search_cell_list): NT_STATUS_NO_LOGON_SERVERS
[2009/03/26 09:12:45, 10]
winbindd/idmap_adex/provider_unified.c:_ccp_get_id_from_sid(1003)
Failed! (NT_STATUS_NO_LOGON_SERVERS)
[2009/03/26 09:12:45, 10] winbindd/idmap.c:idmap_find_domain(465)
idmap_find_domain called for domain 'NULL'
[2009/03/26 09:12:45, 1] winbindd/idmap.c:idmap_alloc_init(578)
could not find idmap alloc module adex
[2009/03/26 09:12:45, 3] winbindd/idmap.c:idmap_new_mapping(693)
Could not allocate id: NT_STATUS_INVALID_PARAMETER
[2009/03/26 09:12:45, 10] winbindd/idmap_util.c:idmap_sid_to_uid(193)
idmap_new_mapping failed: NT_STATUS_INVALID_PARAMETER
Any help would be appreciated.
-ross
Ross McKerchar
Senior Systems Engineer 1
email: [email protected]
Sophos - simply secure
Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United
Kingdom.
Company Reg No 2096520. VAT Reg No GB 348 3873 20.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
