[Samba] Samba/Winbind/LDAP connection issue.
Hi, I been having issue with my samba/winbind, since I update from samba 3.5 to 3.6. below is the error I am getting from my log file and the samba config file. I am running Red Hat 6.4. nmbd[2188]: [2013/03/10 13:25:14.327717, 0] nmbd/nmbd_namequery.c:108(query_name_response) Mar 10 13:25:14 c89005 nmbd[2188]: query_name_response: Multiple (2) responses received for a query on subnet x.x.x.x for name MYDOMAIN<1d>. Mar 10 13:25:14 c89005 nmbd[2188]: This response was from IP x.x.x.x, reporting an IP address of x.x.x.x. Mar 11 00:01:14 c89005 nslcd[1587]: [88ddb1] ldap_result() timed out Mar 11 05:00:19 c89005 nslcd[1587]: [9be780] ldap_result() timed out Mar 11 14:58:12 c89005 winbindd[23655]: [2013/03/11 14:58:12.385839, 0] lib/smbldap.c:697(smbldap_store_state) Mar 11 14:58:12 c89005 winbindd[23655]: PANIC: assert failed at lib/smbldap.c(697): tmp_ldap_state == smbldap_state Mar 11 14:58:12 c89005 winbindd[23655]: [2013/03/11 14:58:12.606028, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Mar 11 14:58:12 c89005 winbindd[23655]: idmap_alloc module tdb already registered! Mar 11 14:58:12 c89005 winbindd[23655]: [2013/03/11 14:58:12.606204, 0] winbindd/idmap.c:149(smb_register_idmap) Mar 11 14:58:12 c89005 winbindd[23655]: Idmap module passdb already registered! Mar 11 14:58:12 c89005 winbindd[23655]: [2013/03/11 14:58:12.606284, 0] winbindd/idmap.c:149(smb_register_idmap) Mar 11 14:58:12 c89005 winbindd[23655]: Idmap module nss already registered! Mar 11 14:58:12 c89005 winbindd[23655]: [2013/03/11 14:58:12.614752, 0] lib/smbldap.c:1153(smbldap_connect_system) Mar 11 14:58:12 c89005 winbindd[23655]: failed to bind to server ldap:// ldap.science.purdue.edu/ with dn="cn=SlapHappy,dc=science,dc=lcl" Error: Invalid credentials Mar 11 14:58:12 c89005 winbindd[23655]: #011(unknown) Mar 11 14:58:27 c89005 winbindd[23655]: [2013/03/11 14:58:27.762968, 0] winbindd/idmap.c:599(idmap_alloc_init) Mar 11 14:58:27 c89005 winbindd[23655]: ERROR: Initialization failed for alloc backend, deferred! Mar 11 14:58:27 c89005 winbindd[23655]: [2013/03/11 14:58:27.794053, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Mar 11 14:58:27 c89005 winbindd[23655]: idmap_alloc module tdb already registered! Mar 11 14:58:27 c89005 winbindd[23655]: [2013/03/11 14:58:27.794192, 0] winbindd/idmap.c:149(smb_register_idmap) Mar 11 14:58:27 c89005 winbindd[23655]: Idmap module passdb already registered! Mar 11 14:58:27 c89005 winbindd[23655]: [2013/03/11 14:58:27.794270, 0] winbindd/idmap.c:149(smb_register_idmap) Mar 11 14:58:27 c89005 winbindd[23655]: Idmap module nss already registered! Mar 11 14:58:27 c89005 winbindd[23655]: [2013/03/11 14:58:27.803810, 0] lib/smbldap.c:1153(smbldap_connect_system) Mar 11 14:58:27 c89005 winbindd[23655]: failed to bind to server ldap:// ldap.science.purdue.edu/ with dn="cn=SlapHappy,dc=science,dc=lcl" Error: Invalid credentials Mar 11 14:58:27 c89005 winbindd[23655]: #011(unknown) Mar 11 14:58:42 c89005 winbindd[23655]: [2013/03/11 14:58:42.950615, 0] winbindd/idmap.c:599(idmap_alloc_init) Mar 11 14:58:42 c89005 winbindd[23655]: ERROR: Initialization failed for alloc backend, deferred! [global] netbios name = C89005 server string = Samba Server Version %v workgroup = MYDOMAIN realm = CENTRAL.MYDOMAN.LCL security = ADS password server = * passdb backend = tdbsam client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes unix extensions = no host msdfs = yes socket options = TCP_NODELAY smb ports = 445 ##LOGS # max 1MB per log file, then rotate max log size = 1024 ## WINS domain master = no local master = no preferred master = no dns proxy = no wins server = 128.210.30.240 ## PRINTING printing = bsd printcap name = /dev/null load printers = no ## WINBIND winbind use default domain = true winbind offline logon = false winbind enum users = no winbind enum groups = no winbind nested groups = yes winbind normalize names = yes obey pam restrictions = no allow trusted domains = yes template shell = /bin/bash template homedir = /home/%D/%U ldap ssl = start tls ldap suffix = dc=science,dc=lcl ldap idmap suffix = ou=idmap ldap admin dn = cn=SlapHappy,dc=science,dc=lcl idmap uid = 5000-20 idmap gid = 5000-20 idmap backend = ldap:ldap://ldap.example.edu/ idmap config:ldap_base_dn = ou=idmap,dc=science,dc=lcl idmap config:ldap_user_dn = cn=SlapHappy,dc=science,dc=lcl idmap alloc backend = ldap idmap alloc config: ldap_url = ldap://ldap.example.edu/ idmap alloc config: ldap_base_dn = ou=idmap,dc=science,dc=lcl idmap alloc config: ldap_us
Re: [Samba] Winbind+ldap = core dump
Robin, I have the exact same problem on one of our servers. Could you share the script you wrote, the one that checks for gaps in the ldap entries? Thanks, Pim Hi, I use samba 3.0.26a on fedora 8 as a fileserver for a win 2k3 domain. This has worked fine for about 2 months without any problems. However I came to the server 3 days ago and the harddrive was 100% full. On checking I found 60gb of core dumps in the winbind folder. I did a lot of searching and couldnt find anything relevent for this release. I tried upgrading samba to 3.0.28 (fc8 supplied rpm) and this does the same. The log.winbindd-idmap log suggests to me that it has a problem with ldap and empty results, so I made a quick script to check for gaps in the ldap records and found that several uid and gid numbers were not assigned (ie there was no entry for them in ldap, even though there were entries after them). Winbind does still mostly work just fails once in about every 10 tries. I believe it fails for both samba and dovecot (pop3/imap mail server). At the moment we are generating about 10gb/hour of core dumps which a cron job is keeping cleaned up. Has anyone got any ideas on this? also is it possible to tell samba/winbind not to do core dumps? smb.conf (only shown one share as we have lots!): [global] printer admin = @"MCS+sysadmin","MCS+root","MCS+administrator" add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/false -M %u server string = Meadows log level = 1 syslog = 0 # vfs objects = extd_audit log file = /var/log/samba/%U.smbd.log max log size= 10 printing = cups update encrypted = Yes encrypt passwords = Yes preferred master = no map to guest = Bad User name resolve order = lmhosts hosts wins bcast kernel oplocks = no oplocks = no locking = no level2 oplocks = no workgroup = MCS netbios name = MCS3 wins server = 192.168.0.8 wins support = no wins proxy = no admin users = "MCS+administrator" unix extensions = no security = ADS lanman auth = yes client lanman auth = yes client plaintext auth = yes idmap uid = 1-10 idmap gid = 1-10 ldap admin dn = cn=Manager,dc=meadows,dc=derbyshire,dc=sch,dc=uk ldap idmap suffix = ou=Idmap ldap suffix = dc=meadows,dc=derbyshire,dc=sch,dc=uk idmap backend = ldap:ldap://192.168.0.1 winbind use default domain = yes winbind separator = + winbind enum groups = yes winbind enum users = yes winbind cache time = 60 dns proxy = no password server = MCS1 template homedir = /home/%G/%U template shell = /bin/false realm = MEADOWS.DERBYSHIRE.SCH.UK [info] valid users = @"MCS+staff",@"MCS+teacher",@"MCS+sysadmin" write list = @"MCS+staff",@"MCS+teacher",@"MCS+sysadmin" path = /school/datadrive force directory mode = 0777 force create mode = 0666 comment = DataDrive create mode = 0666 directory mode = 777 browseable = yes log.winbindd-idmap: winbindd: ../../../libraries/libldap/getentry.c:48: ldap_next_entry: Assertion `entry != ((void *)0)' failed. [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(41) === [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 6 in pid 29940 (3.0.28-0.fc8) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(45) === [2008/02/27 14:54:20, 0] lib/util.c:smb_panic(1655) PANIC (pid 29940): internal error [2008/02/27 14:54:20, 0] lib/util.c:log_stack_trace(1759) BACKTRACE: 19 stack frames: #0 winbindd(log_stack_trace+0x2d) [0xb7d515ad] #1 winbindd(smb_panic+0x5d) [0xb7d516dd] #2 winbindd [0xb7d3c10a] #3 [0x12d420] #4 [0x12d402] #5 /lib/libc.so.6(gsignal+0x50) [0x2f4690] #6 /lib/libc.so.6(abort+0x101) [0x2f5f91] #7 /lib/libc.so.6(__assert_fail+0xee) [0x2ed93e] #8 /usr/lib/libldap-2.3.so.0(ldap_next_entry+0x9c) [0x29d9fc] #9 winbindd [0xb7e8afa7] #10 winbindd(idmap_unixids_to_sids+0x397) [0xb7e84aa7] #11 winbindd(idmap_uid_to_sid+0x6b) [0xb7e888ab] #12 winbindd(winbindd_dual_uid2sid+0x61) [0xb7ce9fc1] #13 winbindd [0xb7ce7202] #14 winbindd [0xb7ce803f] #15 winbindd [0xb7cb9459] #16 winbindd(main+0x94d) [0xb7cb9e4d] #17 /lib/libc.so.6(__libc_start_main+0xe0) [0x2e1390] #18 winbindd [0xb7cb80f1] [2008/02/27 14:54:20, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/winbindd Thanks Robin This email has been processed by SmoothZap - www.smoothwall.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind+ldap = core dump
Robin wrote: > Hi, > I use samba 3.0.26a on fedora 8 as a fileserver for a win 2k3 domain. This > has worked fine for about 2 months without any problems. However I came to > the server 3 days ago and the harddrive was 100% full. On checking I found > 60gb of core dumps in the winbind folder. I did a lot of searching and > couldnt find anything relevent for this release. I tried upgrading samba to > 3.0.28 (fc8 supplied rpm) and this does the same. The log.winbindd-idmap > log suggests to me that it has a problem with ldap and empty results, so I > made a quick script to check for gaps in the ldap records and found that > several uid and gid numbers were not assigned (ie there was no entry for > them in ldap, even though there were entries after them). > > Winbind does still mostly work just fails once in about every 10 tries. I > believe it fails for both samba and dovecot (pop3/imap mail server). At the > moment we are generating about 10gb/hour of core dumps which a cron job is > keeping cleaned up. Has anyone got any ideas on this? also is it possible > to tell samba/winbind not to do core dumps? enable core files = No Sorry, can't help with the ldap though. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind+ldap = core dump
Hi, I use samba 3.0.26a on fedora 8 as a fileserver for a win 2k3 domain. This has worked fine for about 2 months without any problems. However I came to the server 3 days ago and the harddrive was 100% full. On checking I found 60gb of core dumps in the winbind folder. I did a lot of searching and couldnt find anything relevent for this release. I tried upgrading samba to 3.0.28 (fc8 supplied rpm) and this does the same. The log.winbindd-idmap log suggests to me that it has a problem with ldap and empty results, so I made a quick script to check for gaps in the ldap records and found that several uid and gid numbers were not assigned (ie there was no entry for them in ldap, even though there were entries after them). Winbind does still mostly work just fails once in about every 10 tries. I believe it fails for both samba and dovecot (pop3/imap mail server). At the moment we are generating about 10gb/hour of core dumps which a cron job is keeping cleaned up. Has anyone got any ideas on this? also is it possible to tell samba/winbind not to do core dumps? smb.conf (only shown one share as we have lots!): [global] printer admin = @"MCS+sysadmin","MCS+root","MCS+administrator" add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/false -M %u server string = Meadows log level = 1 syslog = 0 # vfs objects = extd_audit log file = /var/log/samba/%U.smbd.log max log size= 10 printing = cups update encrypted = Yes encrypt passwords = Yes preferred master = no map to guest = Bad User name resolve order = lmhosts hosts wins bcast kernel oplocks = no oplocks = no locking = no level2 oplocks = no workgroup = MCS netbios name = MCS3 wins server = 192.168.0.8 wins support = no wins proxy = no admin users = "MCS+administrator" unix extensions = no security = ADS lanman auth = yes client lanman auth = yes client plaintext auth = yes idmap uid = 1-10 idmap gid = 1-10 ldap admin dn = cn=Manager,dc=meadows,dc=derbyshire,dc=sch,dc=uk ldap idmap suffix = ou=Idmap ldap suffix = dc=meadows,dc=derbyshire,dc=sch,dc=uk idmap backend = ldap:ldap://192.168.0.1 winbind use default domain = yes winbind separator = + winbind enum groups = yes winbind enum users = yes winbind cache time = 60 dns proxy = no password server = MCS1 template homedir = /home/%G/%U template shell = /bin/false realm = MEADOWS.DERBYSHIRE.SCH.UK [info] valid users = @"MCS+staff",@"MCS+teacher",@"MCS+sysadmin" write list = @"MCS+staff",@"MCS+teacher",@"MCS+sysadmin" path = /school/datadrive force directory mode = 0777 force create mode = 0666 comment = DataDrive create mode = 0666 directory mode = 777 browseable = yes log.winbindd-idmap: winbindd: ../../../libraries/libldap/getentry.c:48: ldap_next_entry: Assertion `entry != ((void *)0)' failed. [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(41) === [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 6 in pid 29940 (3.0.28-0.fc8) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/02/27 14:54:20, 0] lib/fault.c:fault_report(45) === [2008/02/27 14:54:20, 0] lib/util.c:smb_panic(1655) PANIC (pid 29940): internal error [2008/02/27 14:54:20, 0] lib/util.c:log_stack_trace(1759) BACKTRACE: 19 stack frames: #0 winbindd(log_stack_trace+0x2d) [0xb7d515ad] #1 winbindd(smb_panic+0x5d) [0xb7d516dd] #2 winbindd [0xb7d3c10a] #3 [0x12d420] #4 [0x12d402] #5 /lib/libc.so.6(gsignal+0x50) [0x2f4690] #6 /lib/libc.so.6(abort+0x101) [0x2f5f91] #7 /lib/libc.so.6(__assert_fail+0xee) [0x2ed93e] #8 /usr/lib/libldap-2.3.so.0(ldap_next_entry+0x9c) [0x29d9fc] #9 winbindd [0xb7e8afa7] #10 winbindd(idmap_unixids_to_sids+0x397) [0xb7e84aa7] #11 winbindd(idmap_uid_to_sid+0x6b) [0xb7e888ab] #12 winbindd(winbindd_dual_uid2sid+0x61) [0xb7ce9fc1] #13 winbindd [0xb7ce7202] #14 winbindd [0xb7ce803f] #15 winbindd [0xb7cb9459] #16 winbindd(main+0x94d) [0xb7cb9e4d] #17 /lib/libc.so.6(__libc_start_main+0xe0) [0x2e1390] #18 winbindd [0xb7cb80f1] [2008/02/27 14:54:20, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/winbindd Thanks Robin This email has been processed by SmoothZap - www.smoothwall.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba / Winbind / LDAP - Can't access shares
Hi All, I have the following setup. Samba/LDAP PDC, Samba BDC, Samba member server, Win2K member server, 300 Win XP Client PCs. I can access the shares on the PDC from all Win XP clients. I can access the shares on the Win2K member server from all XP clients, I can't however access any of the shares on the Samba BDC or Samba member server from the XP clients. LDAP is working fine and PAM/LDAP/NSS are working fine. Getent works for users and groups on all samba servers and net groupmap list provides identical group mapping across all samba servers. I can do things like chmod user."Domain Admins" and it works. I can use setfacl and generate acls with Domain groups in them and it works but I cannot access the shares on the Samba servers from anywhere on the network. wbinfo works on the samba member server but cannot lookup users and groups when run on the PDC and BDC. OS's are Mandriva 2007 and Ubuntu Edgy. Samba version is 3.0.23d. All machines names are resolvable via nmblookup and nslookup and I've been through every document and howto I can find as well as loads of Google searches but have not managed to resolve it yet. All help gratefully received. Cheers, Jools SMB Conf's are as follows: PDC: [global] # General Options for domain workgroup = BGS netbios name = SMB5 server string = Samba Server %v log file = /var/log/samba/%m.log max log size = 50 # hosts allow = 172.20.0. 172.20.1. 172.20.2. 127. map to guest = bad user security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # unix password sync = Yes # pam password change = yes # passwd program = /usr/bin/passwd '%u' # passwd chat = *Nadmin1*UNIX*password* %n\n *Re*ype*nadmin1*UNIX*password* %n\n \ # *passwd:*all*authentication*tokens*updated*successfully* # username map = /etc/samba/smbusers include = /etc/samba/smb.conf.%m wins support = yes # wins server = 127.0.0.1 dns proxy = no dos charset = 850 unix charset = ISO8859-1 admin users = BGS\admin3 BGS\admin1 BGS\admin2 +"BGS\Domain Admins" log level = 10 # winbind separator = + # winbind enum users = yes # winbind enum groups = yes idmap uid = 1-2 idmap gid = 1-2 # winbind use default domain =yes # Tune Samba and detrmine its priority in the Domain socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # remote announce = 172.20.0.255 172.20.1.255 172.20.2.255 172.20.3.255 local master = yes domain logons = yes wins support = yes os level = 254 domain master = yes preferred master = yes name resolve order = wins lmhosts bcast # Set the paths to the various resources on the Domain domain logons = yes logon script = %G.bat logon path = \\%L\Profiles\%U # Define the interaction between smbldap tools and the server's LDAP backend # ldap password sync = yes unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *Nadmin1*password* %n\n *Retype*nadmin1*password* %n\n add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add group script = /usr/sbin/smbldap-groupadd '%g' && /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' # Allow members of Domain Admins to add machine accounts enable privileges = yes # Define ID backend structure # passdb backend = smbpasswd guest # passdb backend = tdbsam:/etc/samba/passdb.tdb passdb backend = ldapsam:ldap://localhost # In case of compatibility issues # Use the samba2 LDAP schema: # passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest idmap backend = ldap:ldap://localhost ldap admin dn = cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk # ldap ssl = start_tls #ldap port = 389 ldap suffix = dc=bordengrammar,dc=kent,dc=sch,dc=uk ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap # Example for AD-ish layout: # ldap machine suffix = cn=Computers # ldap user suffix = cn=Users # ldap group suffix = cn=Groups # ldap idmap suffix = cn=Idmap # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes veto files = /*.e
[Samba] Winbind/LDAP and Samba
Hello~ Can I configure NSS on Samba to use both LDAP and winbind together or does it have to be one or the other? We use LDAP in our unix environment but I need winbind to manage objects/accounts through active directory on my Samba member server (non-PDC), or do i? I am afraid to eliminate LDAP on this Samba server because it may break its identity resolution with the current config we have on this network and I may not be able to access it. Turning on the winbind service with defaults resolved SIDs in the ACL dialogs in Windows so I know I am going to need it. Anni Marie Evanoff Windows System Administrator CST/OIT-Portland State University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind ldap usage...
On Thu, May 11, 2006 at 05:35:38PM -0500, Matt Sellers wrote: > hi all > > For anybody using Winbind with an ldap backend, just wondering how much CPU > usage you see on systems.I have a dual PIII-1Ghz with 1GB of ram with > ldap entities for ~1400 users and when winbind needs to source ldap to find > an object it takes quite a bit of time. Once these results are cached > locally, the participating clients are quick and fast, but waiting on this > ldap server makes some operations sluggish... > > Anyway to speed the searches up on ldap? I guess you already took care to set the correct indexes on your LDAP server? Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpI6deaZGN9B.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind ldap usage...
hi all For anybody using Winbind with an ldap backend, just wondering how much CPU usage you see on systems.I have a dual PIII-1Ghz with 1GB of ram with ldap entities for ~1400 users and when winbind needs to source ldap to find an object it takes quite a bit of time. Once these results are cached locally, the participating clients are quick and fast, but waiting on this ldap server makes some operations sluggish... Anyway to speed the searches up on ldap? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + ldap uid/gid consistency woes.
Matt Sellers wrote: > Hello all... > > Im trying to fix a idmap setup with winbind where the idmaps are > stored in openldap. We have had this system working before, but it > managed to break :-) All systems running Samba (3.0.13 on FC2) > ... > This seems like a cache consistency problem between the systems so can > anybody give me a good idea of how to troubleshoot this? Ive tried > greping the tdb files looking for clues and using tdbtool but I dont > think im getting myself anywhere. All suggestions appreciated. when using 'idmap backend = ldap', winbindd_idmap.tdb should be a permanent cache file only. You should be able to remove those and winbindd will repopulate it from the directory server. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind + ldap uid/gid consistency woes.
Hello all... Im trying to fix a idmap setup with winbind where the idmaps are stored in openldap. We have had this system working before, but it managed to break :-) All systems running Samba (3.0.13 on FC2) Problem: group id's and uid's (specificly uid's) are inconsistent between clients (our two test clients). Both machines are using idmap backend to talk to our ldap server and retrieve idmaps. Again: this *has* worked in the past. example: server... [EMAIL PROTECTED] root]$ id uid=10222(username) gid=10001(domain users) groups=10001(domain users) client #1 [EMAIL PROTECTED] log]$ id uid=10222(username) gid=10001(domain users) groups=10001(domain users) client #2 ... [EMAIL PROTECTED] home]$ id uid=14046(wbtester) gid=1(domain users) groups=1(domain users) HowTO??? This seems like a cache consistency problem between the systems so can anybody give me a good idea of how to troubleshoot this? Ive tried greping the tdb files looking for clues and using tdbtool but I dont think im getting myself anywhere. All suggestions appreciated. -matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] winbind / ldap
> - Winbind isn't needed any more. don't we need winbind to MAP SIDs to UIDs, if the server is a DOMAIN MEMBER Server ??? cause the idmap backend parameter in smb.conf is for winbind i thought greez [EMAIL PROTECTED] schrieb: Hello! I have an AD domain configured with this : 1 - win2k server with AD and NIS server for Windows (from SFU http://www.microsoft.com/windows/SFU) 2- a linux debian sarge box with samba3.0.4 and lib_nss-ldap With SFU, AD Schema is changed and Unix Information such as UID GID home an Shell can be set on each User. Linux can access user database either with - ypbind (nis client) : the simpliest but Some security holes - libnss_ldap : better but difficult to opperate with AD I have succeded with almost all default Debian package I have tried with RedHat without success. - Samba is in ADS security mode and member of domain. - Winbind isn't needed any more. -> -Message d'origine- -> De : [EMAIL PROTECTED] -> [mailto:[EMAIL PROTECTED] -> rg] De la part de Manfred Odenstein -> Envoyé : jeudi 12 août 2004 13:16 -> À : [EMAIL PROTECTED] -> Objet : Re: [Samba] winbind / ldap -> -> -> its on -> http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#ch 6-ldifadd Am Donnerstag, 12. August 2004 11:19 schrieb Hamish: Hello Im not sure how to ask the question i need, but let me try: Background: SuSE 9.0 Samba from rpms: samba 3.0.3pre2-SuSE Role: domain member server (winbind) I am having a lot of trouble upgrading samba and I'm thinking of moving to another server. I have found that if I move the winbindd_idmap.tdb across, the AD / UID mappings are saved but would like to know: a) Is this safe? (is there anything that will bomb out a few months down the line?) b) can this be done with LDAP instead (I know close to nothing of LDAP, I have assumed it is for use as a PDC, but could it be used to store UID mappings as well? How 'interesting' would this be to set up?) Thanks, H -- "Matrix - more than a vision" ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] winbind / ldap
Hello! I have an AD domain configured with this : 1 - win2k server with AD and NIS server for Windows (from SFU http://www.microsoft.com/windows/SFU) 2- a linux debian sarge box with samba3.0.4 and lib_nss-ldap With SFU, AD Schema is changed and Unix Information such as UID GID home an Shell can be set on each User. Linux can access user database either with - ypbind (nis client) : the simpliest but Some security holes - libnss_ldap : better but difficult to opperate with AD I have succeded with almost all default Debian package I have tried with RedHat without success. - Samba is in ADS security mode and member of domain. - Winbind isn't needed any more. -> -Message d'origine- -> De : [EMAIL PROTECTED] -> [mailto:[EMAIL PROTECTED] -> rg] De la part de Manfred Odenstein -> Envoyé : jeudi 12 août 2004 13:16 -> À : [EMAIL PROTECTED] -> Objet : Re: [Samba] winbind / ldap -> -> -> its on -> http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#ch 6-ldifadd Am Donnerstag, 12. August 2004 11:19 schrieb Hamish: > Hello > Im not sure how to ask the question i need, but let me try: > > Background: > SuSE 9.0 > Samba from rpms: samba 3.0.3pre2-SuSE > Role: domain member server (winbind) > > I am having a lot of trouble upgrading samba and I'm thinking of > moving to another server. I have found that if I move the > winbindd_idmap.tdb across, the AD / UID mappings are saved but would > like to know: > a) Is this safe? (is there anything that will bomb out a few months down > the line?) > b) can this be done with LDAP instead (I know close to nothing of LDAP, > I have assumed it is for use as a PDC, but could it be used to store UID > mappings as well? How 'interesting' would this be to set up?) > > Thanks, > H -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind / ldap
Thanks, I will have a read and let you know, any idea if there is a way to import/export idmaps? H Manfred Odenstein wrote: its on http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#ch6-ldifadd Am Donnerstag, 12. August 2004 11:19 schrieb Hamish: Hello Im not sure how to ask the question i need, but let me try: Background: SuSE 9.0 Samba from rpms: samba 3.0.3pre2-SuSE Role: domain member server (winbind) I am having a lot of trouble upgrading samba and I'm thinking of moving to another server. I have found that if I move the winbindd_idmap.tdb across, the AD / UID mappings are saved but would like to know: a) Is this safe? (is there anything that will bomb out a few months down the line?) b) can this be done with LDAP instead (I know close to nothing of LDAP, I have assumed it is for use as a PDC, but could it be used to store UID mappings as well? How 'interesting' would this be to set up?) Thanks, H -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind / ldap
its on http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#ch6-ldifadd Am Donnerstag, 12. August 2004 11:19 schrieb Hamish: > Hello > Im not sure how to ask the question i need, but let me try: > > Background: > SuSE 9.0 > Samba from rpms: samba 3.0.3pre2-SuSE > Role: domain member server (winbind) > > I am having a lot of trouble upgrading samba and I'm thinking of moving > to another server. I have found that if I move the winbindd_idmap.tdb > across, the AD / UID mappings are saved but would like to know: > a) Is this safe? (is there anything that will bomb out a few months down > the line?) > b) can this be done with LDAP instead (I know close to nothing of LDAP, > I have assumed it is for use as a PDC, but could it be used to store UID > mappings as well? How 'interesting' would this be to set up?) > > Thanks, > H -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind / ldap
Hello, LDAP could also be used store id maps, but I don't know how to migrate from a winbindd_idmap.tdb to the ldap idmap container regards odi Am Donnerstag, 12. August 2004 11:19 schrieb Hamish: > Hello > Im not sure how to ask the question i need, but let me try: > > Background: > SuSE 9.0 > Samba from rpms: samba 3.0.3pre2-SuSE > Role: domain member server (winbind) > > I am having a lot of trouble upgrading samba and I'm thinking of moving > to another server. I have found that if I move the winbindd_idmap.tdb > across, the AD / UID mappings are saved but would like to know: > a) Is this safe? (is there anything that will bomb out a few months down > the line?) > b) can this be done with LDAP instead (I know close to nothing of LDAP, > I have assumed it is for use as a PDC, but could it be used to store UID > mappings as well? How 'interesting' would this be to set up?) > > Thanks, > H -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind / ldap
Hello Im not sure how to ask the question i need, but let me try: Background: SuSE 9.0 Samba from rpms: samba 3.0.3pre2-SuSE Role: domain member server (winbind) I am having a lot of trouble upgrading samba and I'm thinking of moving to another server. I have found that if I move the winbindd_idmap.tdb across, the AD / UID mappings are saved but would like to know: a) Is this safe? (is there anything that will bomb out a few months down the line?) b) can this be done with LDAP instead (I know close to nothing of LDAP, I have assumed it is for use as a PDC, but could it be used to store UID mappings as well? How 'interesting' would this be to set up?) Thanks, H -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind + LDAP Backend
I'm trying to set up Winbind to store all the UID's in a local LDAP database, but am having some trouble. I think I got most of it set up, but when I run "getent passwd", I get several hundred errors like this: [2004/07/13 11:59:03, 3] sam/idmap_ldap.c:ldap_get_id_from_sid(588) ldap_get_id_from_sid: Failure looking up idmap entry (No such object) [2004/07/13 11:59:03, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-789336058-1935655697-854245398-1260 [2004/07/13 11:59:03, 1] nsswitch/winbindd_user.c:winbindd_getpwent(563) could not lookup domain user jml402 [2004/07/13 11:59:03, 3] sam/idmap_ldap.c:ldap_get_id_from_sid(588) ldap_get_id_from_sid: Failure looking up idmap entry (No such object) [2004/07/13 11:59:03, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-789336058-1935655697-854245398-1516 [2004/07/13 11:59:03, 1] nsswitch/winbindd_user.c:winbindd_getpwent(563) could not lookup domain user adw154 [2004/07/13 11:59:03, 3] sam/idmap_ldap.c:ldap_get_id_from_sid(588) ldap_get_id_from_sid: Failure looking up idmap entry (No such object) [2004/07/13 11:59:03, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for sid S-1-5-21-789336058-1935655697-854245398-1762 [2004/07/13 11:59:03, 1] nsswitch/winbindd_user.c:winbindd_getpwent(563) could not lookup domain user emb198 I don't know anything at all about LDAP, but it looks like the idmap objectclass doesn't exist... I've tried to find an example ldif file to add it, but apparently my attempts at adding it myself haven't worked. I'm probably missing something very small, but can't figure out what it is... Shannon Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind ldap idmap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all There's this situation: W2k ADS (no changes are allowed to the schema, so no Posix Data to be saved there) All users are managed via ADS and are only to be managed there (no separate manualy managed Database for ID Mapping) 2 Un*x servers runing samba 3.x with winbind being used as Fileservers. With the filebased winbind idmap the same user could be assigned two different Unix UID's on each server which is what we want to avoid. I've read what I could find about LDAP idmap and unfortunately that was not very much (if somebody know a good how-to or docs to that topic, please point me there) So I have one maib question: - - Do you have to specify the idmap on the ldap server or is it generated on the fly like with the file based map? Regards - -- Benoît Panizzon, <[EMAIL PROTECTED]> - ImproWare AG, UNIXSP & ISP Phone: +41 61 826 93 00 Zurlindenstrasse 29Fax: +41 61 826 93 01 CH-4133 Pratteln Net: http://www.imp.ch/ - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA6SKPCVq2G/yL7/ARApiUAJ0ZX1rxIuPeJ06nOupSj4mZ0wN49QCfahGN V8CzFzLRZIn3J0TcYZ0VPL4= =5teO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind/LDAP Backend question
On Jun 24, 2004, at 4:09 PM, Paul Gienger wrote: To do that part you issue a smbpasswd -w on the command line of your samba box to set the bind password to associate with the ldap admin dn. Thanks; I forgot about this step. However, the machine still won't authenticate... there's a really long pause, and eventually it rejects the correct login password. I checked the system logs, but since this goes through pam, it may be out of samba's hands Have you tried storing your winbind idmap on an openldap (or other ldap) server? You could either manually pull the SIDs from the windows directory and then sync them with uids with a script, or you could change the uid stored in the idmap database to match the uid manually as the users connect. I suppose you could store that in your AD server as well, no real reason you couldn't. This wouldn't be reinventing the wheel quite as much and samba will work out of the box with that idmap data. Although I'm not a big fan of openldap, this was suggested. Unfortunately, due to decisions made out of my hands, AD was chosen as the single database to hold all of our login and user information. -Nik -- // Nik Reiman || [EMAIL PROTECTED] || http://www.aboleo.net \\ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind/LDAP Backend question
Nik Reiman wrote: Hello, Recently, I've spent the last few days trying to get some unix client boxes to authenticate logins via winbind, so all of our unix system accounts can be maintained from active directory. So far, everything is working, and users can authenticate into the system, but they are assigned random uid/gid values, based on the smb.conf as well as the internal winbind_idmap.tdb file. Anyways, since users' home directories are in NFS, the uid/gid need to be uniform across the network, which is where ldap comes in. So, we added a set of schema to active directory in windows, and now every user has two new fields, uidNumber and gidNumber. The only thing I need to do now is somehow get samba to get this information out of the AD via LDAP, and use it rather than letting samba make its own uid table. I set up samba with all the relevant details of how to contact our AD server with LDAP (I should note that I can browse the uidNumber and gidNumber fields from a command line in unix with the ldapsearch tool). However, for whatever reason, samba can't seem to authenticate this way, and no information gets dumped to the error logs. Here's the smb.conf I've been working with: [global] workgroup = WORKGROUP security = DOMAIN log level = 10 log file = /var/adm/samba.log local master = No domain master = No wins server = leviathan ldap server = zurg ldap suffix = dc=example,dc=com ldap user suffix = ou=Employees ldap group suffix = ou=Groups ldap filter = (uidNumber=%u) ldap admin dn = cn=Administrator,cn=Users,dc=example,dc=com ldap ssl = no idmap backend = ldap:ldap://zurg idmap uid = 1000-2000 idmap gid = 600-1000 template primary group = employee template homedir = /home/%U template shell = /bin/bash winbind use default domain = Yes Here, zurg is our AD server (running windows 2003 server). The only thing that I can think of that might be bad is that it won't allow anonymous binds... yet I haven't seen any place to put in a bind password for LDAP. Does anyone know how I might be able to get this up and running? To do that part you issue a smbpasswd -w on the command line of your samba box to set the bind password to associate with the ldap admin dn. Have you tried storing your winbind idmap on an openldap (or other ldap) server? You could either manually pull the SIDs from the windows directory and then sync them with uids with a script, or you could change the uid stored in the idmap database to match the uid manually as the users connect. I suppose you could store that in your AD server as well, no real reason you couldn't. This wouldn't be reinventing the wheel quite as much and samba will work out of the box with that idmap data. Thanks, Nik -- // Nik Reiman || [EMAIL PROTECTED] || http://www.aboleo.net \\ -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind/LDAP Backend question
Hello, Recently, I've spent the last few days trying to get some unix client boxes to authenticate logins via winbind, so all of our unix system accounts can be maintained from active directory. So far, everything is working, and users can authenticate into the system, but they are assigned random uid/gid values, based on the smb.conf as well as the internal winbind_idmap.tdb file. Anyways, since users' home directories are in NFS, the uid/gid need to be uniform across the network, which is where ldap comes in. So, we added a set of schema to active directory in windows, and now every user has two new fields, uidNumber and gidNumber. The only thing I need to do now is somehow get samba to get this information out of the AD via LDAP, and use it rather than letting samba make its own uid table. I set up samba with all the relevant details of how to contact our AD server with LDAP (I should note that I can browse the uidNumber and gidNumber fields from a command line in unix with the ldapsearch tool). However, for whatever reason, samba can't seem to authenticate this way, and no information gets dumped to the error logs. Here's the smb.conf I've been working with: [global] workgroup = WORKGROUP security = DOMAIN log level = 10 log file = /var/adm/samba.log local master = No domain master = No wins server = leviathan ldap server = zurg ldap suffix = dc=example,dc=com ldap user suffix = ou=Employees ldap group suffix = ou=Groups ldap filter = (uidNumber=%u) ldap admin dn = cn=Administrator,cn=Users,dc=example,dc=com ldap ssl = no idmap backend = ldap:ldap://zurg idmap uid = 1000-2000 idmap gid = 600-1000 template primary group = employee template homedir = /home/%U template shell = /bin/bash winbind use default domain = Yes Here, zurg is our AD server (running windows 2003 server). The only thing that I can think of that might be bad is that it won't allow anonymous binds... yet I haven't seen any place to put in a bind password for LDAP. Does anyone know how I might be able to get this up and running? Thanks, Nik -- // Nik Reiman || [EMAIL PROTECTED] || http://www.aboleo.net \\ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind + LDAP Idmap backend finally running!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bernd Waldboth wrote: | After many hours of trial and error I finally managed to get my Winbind | server with Ldap Idmap backend up and running. I even had to go through | parts of the sources but finally I found out what the reason was why my | LDAP db never was updated. | | The problem was that at some point the uid/gid to sid mapping function | referred to the "ldap idmap suffix" and at other times to "ldap group | suffix" entries in the smb.conf (the exact name of the function is | ldap_get_id_from_sid). | | The solution was to point both "ldap idmap suffix" and "ldap group | suffix" (and to be sure also "ldap user suffix" and "ldap machine | suffix") in the smb.conf to the desired idmap ou. I don't know if this | was the desired behavior or not. | | Another thing I found out was that I had to remove the "ldap suffix" | entry. | | I hope I could help someone with the same problem. Would you mind trying the patch got bug #680 at https://bugzilla.samba.org/ and amke sure it doesn't break things for you? I'm about to change something here but I want to get some testing on it first. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qsU2IR7qMdg1EfYRAiI0AKC1km4v78bSwzQPE6Rko++rYKqaEgCfY2me LPLqkHyHIZDTAEef87LZh2g= =9DoO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind + LDAP Idmap backend finally running!
After many hours of trial and error I finally managed to get my Winbind server with Ldap Idmap backend up and running. I even had to go through parts of the sources but finally I found out what the reason was why my LDAP db never was updated. The problem was that at some point the uid/gid to sid mapping function referred to the "ldap idmap suffix" and at other times to "ldap group suffix" entries in the smb.conf (the exact name of the function is ldap_get_id_from_sid). The solution was to point both "ldap idmap suffix" and "ldap group suffix" (and to be sure also "ldap user suffix" and "ldap machine suffix") in the smb.conf to the desired idmap ou. I don't know if this was the desired behavior or not. Another thing I found out was that I had to remove the "ldap suffix" entry. I hope I could help someone with the same problem. sugo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] Winbind ldap samba 3 BDC getent passwd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-marc pouchoulon wrote: | What is the role of winbindd_privileged/pipe ? To prevent non-root users from accessing certain winbindd functions. | I have a few problem with redhat 9 , unlinked with samba | does winbind work on other site with RH 9 ? Yes. Works here. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFZyIR7qMdg1EfYRAi3nAKDkGsZQ1wE/vXMG7CN5DX3kBhj3cgCfStmq gL9QLoDAIbHlPPVYPDcPZmI= =GqFC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : [Samba] Winbind ldap samba 3 BDC getent passwd
Bonjour, On Samba3 rpm, redhat 9 I decided to do a strace on a 'getent passwd' command and have a look. (Wbinfo -u and wbinfo -g works ) I can see a time out. connect(5, {sa_family=AF_UNIX, path="/var/cache/samba/winbindd_privileged/pipe"}, 110) = 0 close(4)= 0 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) ls -al /var/cache/samba/winbindd_privileged/pipe srwxrwxrwx1 root root0 oct 13 13:37 /var/cache/samba/winbindd_privileged/pipe What is the role of winbindd_privileged/pipe ? I have a few problem with redhat 9 , unlinked with samba , does winbind work on other site with RH 9 ? thanks Jean-Marc Whole trace : read(3, "", 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=62909, ...}) = 0 old_mmap(NULL, 62909, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40279000 close(4)= 0 open("/lib/libnss_winbind.so.2", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\20"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=13828, ...}) = 0 old_mmap(NULL, 22236, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40295000 old_mmap(0x40298000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x3000) = 0x40298000 old_mmap(0x40299000, 5852, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40299000 close(4)= 0 munmap(0x40279000, 62909) = 0 getpid()= 2069 getpid()= 2069 getpid()= 2069 lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0 lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 4 fcntl64(4, F_GETFD) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_UNIX, path="/tmp/.winbindd/pipe"}, 110) = 0 getpid()= 2069 getpid()= 2069 select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) write(4, " \6\0\0\0\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(4, "\24\5\0\0\1\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 getpid()= 2069 getpid()= 2069 select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) write(4, " \6\0\0(\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(4, "9\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 read(4, "/var/cache/samba/winbindd_privil"..., 37) = 37 lstat64("/var/cache/samba/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 lstat64("/var/cache/samba/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 5 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 connect(5, {sa_family=AF_UNIX, path="/var/cache/samba/winbindd_privileged/pipe"}, 110) = 0 close(4)= 0 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) write(5, " \6\0\0\6\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(5, "\24\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 getpid()= 2069 getpid()= 2069 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) write(5, " \6\0\0\10\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(5, "\24\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 close(3)= 0 munmap(0x40024000, 4096)= 0 getpid()= 2069 getpid()= 2069 select(6, [5], NULL, NULL, {0, 0}) = 0 (Timeout) write(5, " \6\0\0\7\0\0\0\25\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(5, "\24\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 munmap(0x40025000, 4096)= 0 exit_group(0) -----Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de jean-marc pouchoulon Envoyé : jeudi 2 octobre 2003 9:15 À : 'Gerald (Jerry) Carter' Cc : [EMAIL PROTECTED] Objet : RE : [Samba] Winbind ldap samba 3 BDC getent passwd answerdon't retrieve domain users,can't login on the domain with users that are not on /ect/passwd + typoerror ? Hi , I've just upgraded to the last samba rpm on a redhat 9 and I have a new problem on winbind wbinfo -u and wbinfo -g this
Re: [Samba] Winbind ldap samba 3 BDC getent passwd answer don''t....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-marc pouchoulon wrote: | I've just upgraded to the last samba rpm on a redhat | 9 and I have a new problem on winbind | wbinfo -u and wbinfo -g this time don't return user or group. | getent passwd don't return the users but I think this time | If I use idmap backend = ldapsam:ldap://ip_address This is a typo in the docs. | cli_pipe: return critical error. Error was Call | timed out: server did not respond after 1 milliseconds | created /tmp/reply_\PIPE\samr_1.5.prs | store_cache_seqnum: success [DOMAIN][4294967295 @ 1065074850] | refresh_sequence_number: DOMAIN seq number is now -1 I need to know more about your setup. ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/faIEIR7qMdg1EfYRArxeAKDvN6J+e30pcVG3rTpee/2NJnBmSQCg7Sy+ C6hr5ntoYg4/5DcwHxSBEoc= =xVZh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ?
winbindd_getpwnam(124) winbindd_getpwnam: lookup for \toto failed [2003/10/02 08:08:49, 10] nsswitch/winbindd.c:client_write(502) client_write: wrote 1300 bytes. [2003/10/02 08:08:49, 10] nsswitch/winbindd.c:winbind_client_read(455) client_read: read 1568 bytes. Need 0 more for a full request. [2003/10/02 08:08:49, 10] nsswitch/winbindd.c:process_request(305) process_request: request fn GETPWNAM [2003/10/02 08:08:49, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112) [ 1945]: getpwnam toto [2003/10/02 08:08:49, 5] nsswitch/winbindd_acct.c:wb_getpwnam(392) wb_getpwnam: Did not find user (toto) [2003/10/02 08:08:49, 5] nsswitch/winbindd_user.c:winbindd_getpwnam(124) winbindd_getpwnam: lookup for \toto failed [2003/10/02 08:08:49, 10] nsswitch/winbindd.c:client_write(502) client_write: wrote 1300 bytes. [2003/10/02 08:09:01, 5] lib/smbldap.c:smbldap_close(856) The connection to the LDAP server was closed [2003/10/02 08:09:01, 5] sam/idmap_ldap.c:ldap_idmap_close(982) The connection to the LDAP server was closed [2003/10/02 08:09:01, 10] nsswitch/winbindd.c:winbind_client_read(455) client_read: read 0 bytes. Need 1568 more for a full request. [2003/10/02 08:09:01, 5] nsswitch/winbindd.c:winbind_client_read(462) read failed on sock 9, pid 1914: EOF -Message d'origine- De : Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Envoyé : mercredi 1 octobre 2003 0:32 À : jean-marc pouchoulon Cc : [EMAIL PROTECTED] Objet : Re: [Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-marc pouchoulon wrote: | Helo, | | On redhat 9 - samba 3 stable - Using the rpm from 24 september. | I try to configure a bdc. | | Smb.conf is : | | idmap backend = ldap:ldap://ip_address | ldap idmap suffix = ou=personnes,ou=ac-ville,ou=educ | winbind uid = 1-2 | winbind gid = 1-2 | # allow enumeration of winbind users and groups | winbind enum users = yes | winbind enum groups = yes | # give winbind users a real shell (only needed if they have | telnet access) | template shell = /bin/bash | | | wbinfo -u and -g are working. | | Nsswitch.conf is : | | passwd: files winbind | shadow: files | group: files winbind | | | But getent passwd and getent group did give back only the users | located in /etc/passwd and /etc/group There's a buh in the RPM for RedHat 9 that doesn't create the symlink to /lib/libnss_winbind.so.2. I'll build new RPMS this week. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/egRJIR7qMdg1EfYRAk6EAJ4w2/VrMvtQJu2elsAD9nL/LlnUXwCgwnfP Rv8CN3cCW0vOtxjw70kC0Ls= =gCnF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-marc pouchoulon wrote: | Helo, | | On redhat 9 - samba 3 stable - Using the rpm from 24 september. | I try to configure a bdc. | | Smb.conf is : | | idmap backend = ldap:ldap://ip_address | ldap idmap suffix = ou=personnes,ou=ac-ville,ou=educ | winbind uid = 1-2 | winbind gid = 1-2 | # allow enumeration of winbind users and groups | winbind enum users = yes | winbind enum groups = yes | # give winbind users a real shell (only needed if they have | telnet access) | template shell = /bin/bash | | | wbinfo -u and -g are working. | | Nsswitch.conf is : | | passwd: files winbind | shadow: files | group: files winbind | | | But getent passwd and getent group did give back only the users | located in /etc/passwd and /etc/group There's a buh in the RPM for RedHat 9 that doesn't create the symlink to /lib/libnss_winbind.so.2. I'll build new RPMS this week. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/egRJIR7qMdg1EfYRAk6EAJ4w2/VrMvtQJu2elsAD9nL/LlnUXwCgwnfP Rv8CN3cCW0vOtxjw70kC0Ls= =gCnF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ?
Helo, On redhat 9 - samba 3 stable - Using the rpm from 24 september. I try to configure a bdc. Smb.conf is : idmap backend = ldap:ldap://ip_address ldap idmap suffix = ou=personnes,ou=ac-ville,ou=educ winbind uid = 1-2 winbind gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template shell = /bin/bash wbinfo -u and -g are working. Nsswitch.conf is : passwd: files winbind shadow: files group: files winbind But getent passwd and getent group did give back only the users located in /etc/passwd and /etc/group On login with a user that don't have local entry I have init_sam_from_ldap: Entry found for user: test1 [2003/09/25 11:30:41, 1] auth/auth_util.c:make_server_info_sam(818) User test1 in passdb, but getpwnam() fails! [2003/09/25 11:30:41, 0] auth/auth_sam.c:check_sam_security(459) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2003/09/25 11:30:41, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [test1] -> [test1] FAILED with error NT_STATUS_N O_SUCH_USER [2003/09/25 11 Do I must create the user in local ? I want to use winbind to avoid it. Any help would be greatly appreciated. Ps Maybe , there is a typo error on the "Samba Project Documentation". P69 idmapbackend = ldapsam:ldap://slave-ldap.quenya.org If use ldapsam instead of ldap I have [2003/09/25 13:25:25, 0] sam/idmap.c:idmap_init(136) idmap_init: could not load remote backend 'ldapsam'. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba