Re: [Samba] Samba 3.6 problems with idmap rid
Ever since upgrade to 3.6, wbinfo -u working but wbinfo -i hitting WBC_ERR_DOMAIN_NOT_FOUND has been a headache, seems winbind always fails to get the domain info for individual idmap the VERY FIRST TIME you start it after upgrade or join a domain. Most of times I manage to solve it by using: smb.conf idmap config * : range = 1-2 idmap config * : backend = tdb idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : range = 10-20 idmap config MYDOMAIN : backend = rid smb.conf If above snip doesn't work, try your luck with changing idmap config * options back to old-style idmap uid/gid = + idmap backend = tdb while keeping your domain-specific options new-style, ought to solve it. My observation is, it's like you have to give winbind/idmap a kick start and once you get wbinfo -i working, you can again change back to idmap config * (otherwise testparm will complain). Regards -David 2012/1/16 Jakov Sosic jakov.so...@srce.hr Hi! I am using mainly Samba 3.5 on CentOS, and I was very pleased with idmap_rid backend for SID-to-RID mappings. But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6. Problem is, things are changed and are not working as expected... Here is my config on RHEL Samba 3.5: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No password server = someserver.windomain.local log file = /var/log/samba/log.%m load printers = No local master = No domain master = No idmap backend = idmap_rid:WINDOMAIN=1-4 idmap uid = 1-4 idmap gid = 1-4 winbind use default domain = Yes cups options = raw And it works like a charm. On a version 3.6: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No username map = /etc/opt/csw/samba/smbusers syslog = 0 log file = /var/opt/csw/samba/log/%m.log max log size = 500 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No local master = No domain master = No winbind use default domain = Yes idmap config * : range = 1-4 idmap config * : backend = rid : WINDOMAIN=1-4 Now, on a 3.6 I have the following problem: # net ads testjoin Join is OK # net rpc testjoin Join to 'WINDOMAIN' is OK # net getlocalsid SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001 # wbinfo -u | grep jakov.sosic jakov.sosic # wbinfo -i jakov.sosic failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user jakov.sosic Where am I wrong? Why can't I get rid mappings for domain users? -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 problems with idmap rid
On 01/16/2012 09:15 AM, David Roid wrote: Ever since upgrade to 3.6, wbinfo -u working but wbinfo -i hitting WBC_ERR_DOMAIN_NOT_FOUND has been a headache, seems winbind always fails to get the domain info for individual idmap the VERY FIRST TIME you start it after upgrade or join a domain. Most of times I manage to solve it by using: smb.conf idmap config * : range = 1-2 idmap config * : backend = tdb idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : range = 10-20 idmap config MYDOMAIN : backend = rid smb.conf If above snip doesn't work, try your luck with changing idmap config * options back to old-style idmap uid/gid = + idmap backend = tdb while keeping your domain-specific options new-style, ought to solve it. My observation is, it's like you have to give winbind/idmap a kick start and once you get wbinfo -i working, you can again change back to idmap config * (otherwise testparm will complain). Yeah I tried that but then identity mapping is very strange. For instance, first user I ask for with wbinfo -i username gets UID 10001, second gets 10002, third 10003 - and that's nowhere near the behaviour of autorid in 3.5 :-/ -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 problems with idmap rid
Hi! I am using mainly Samba 3.5 on CentOS, and I was very pleased with idmap_rid backend for SID-to-RID mappings. But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6. Problem is, things are changed and are not working as expected... Here is my config on RHEL Samba 3.5: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No password server = someserver.windomain.local log file = /var/log/samba/log.%m load printers = No local master = No domain master = No idmap backend = idmap_rid:WINDOMAIN=1-4 idmap uid = 1-4 idmap gid = 1-4 winbind use default domain = Yes cups options = raw And it works like a charm. On a version 3.6: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No username map = /etc/opt/csw/samba/smbusers syslog = 0 log file = /var/opt/csw/samba/log/%m.log max log size = 500 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No local master = No domain master = No winbind use default domain = Yes idmap config * : range = 1-4 idmap config * : backend = rid : WINDOMAIN=1-4 Now, on a 3.6 I have the following problem: # net ads testjoin Join is OK # net rpc testjoin Join to 'WINDOMAIN' is OK # net getlocalsid SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001 # wbinfo -u | grep jakov.sosic jakov.sosic # wbinfo -i jakov.sosic failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user jakov.sosic Where am I wrong? Why can't I get rid mappings for domain users? -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 problems with idmap rid
On 01/15/2012 12:35 PM, Jakov Sosic wrote: Hi! I am using mainly Samba 3.5 on CentOS, and I was very pleased with idmap_rid backend for SID-to-RID mappings. But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6. Problem is, things are changed and are not working as expected... Here is my config on RHEL Samba 3.5: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No password server = someserver.windomain.local log file = /var/log/samba/log.%m load printers = No local master = No domain master = No idmap backend = idmap_rid:WINDOMAIN=1-4 idmap uid = 1-4 idmap gid = 1-4 winbind use default domain = Yes cups options = raw And it works like a charm. On a version 3.6: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No username map = /etc/opt/csw/samba/smbusers syslog = 0 log file = /var/opt/csw/samba/log/%m.log max log size = 500 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No local master = No domain master = No winbind use default domain = Yes idmap config * : range = 1-4 idmap config * : backend = rid : WINDOMAIN=1-4 Now, on a 3.6 I have the following problem: # net ads testjoin Join is OK # net rpc testjoin Join to 'WINDOMAIN' is OK # net getlocalsid SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001 # wbinfo -u | grep jakov.sosic jakov.sosic # wbinfo -i jakov.sosic failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user jakov.sosic Where am I wrong? Why can't I get rid mappings for domain users? Jakov, That looks similar to what Robert LeBlanc posted with Samba Bug 8676 (Debian Bug 652679). Compare his findings to what you see. https://bugzilla.samba.org/show_bug.cgi?id=8676 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 On my test systems using RID, I see similar, but not identical symptoms to his HASH backend. For me, a reboot will restore connectivity until I need to restart Samba or winbind. Then nothing but another reboot will get winbind working again. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 problems with idmap rid
On 01/15/2012 07:59 PM, Dale Schroeder wrote: Jakov, That looks similar to what Robert LeBlanc posted with Samba Bug 8676 (Debian Bug 652679). Compare his findings to what you see. https://bugzilla.samba.org/show_bug.cgi?id=8676 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 On my test systems using RID, I see similar, but not identical symptoms to his HASH backend. For me, a reboot will restore connectivity until I need to restart Samba or winbind. Then nothing but another reboot will get winbind working again. On Solaris 10u10 and OpenCSW last Samba package (3.6.1) even reboot doesn't help :-/ -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
