Anders.Strandberg@tietoenator.com
2007-Apr-03 11:11 UTC
[Samba] Winbind 3.0.25-pre2 problems with sid2uid
Hi,
I have tested winbind in samba-3.0.25-pre2 and encountered some problems. We
have a working config with Linux samba-3.0.23d and W2k3 AD R2 rfc2307bis, but
when I switch to 3.0.25 it stopped working. I am not quite familiar with the new
configuration directives for idmap, but the old config did not work either with
3.0.25, so I tried to use the new ones.
Is there apparent errors in my config ?
BR,
Anders
Error from log.winbindd-idmap:
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
ads_sasl_spnego_bind: got server principal name = dc011$@my.domain.com
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or
directory)
ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit
kerberos_kinit_password: using [MEMORY:winbind_ccache] as ccache and config
[(null)]
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration
Tue, 03 Apr 2007 22:22:31 CEST
ads_krb5_mk_req: Ticket (dc011$@my.domain.com) in ccache
(MEMORY:winbind_ccache) is valid until: (Tue, 03 Apr 2007 22:22:31 CEST
- 1175631751)
Got KRB5 session key of length 16
Domain my.domain.com - Backend ad - default - readonly Domain laptop003 -
Backend passdb - not default - readonly Initializing idmap alloc module Opening
tdbfile /var/spool/locks/winbindd_idmap.tdb
Cache entry with key IDMAP/SID/S-1-5-21-1417001333-308236825-725345543-11251
couldn't be found Query backends to map sids->ids SID
S-1-5-21-1417001333-308236825-725345543-11251 is being handled by my.domain.com
Query ids from domain my.domain.com Current tickets expire in 36000 seconds (at
1175631751, time is now
1175595751)
==============================================================INTERNAL ERROR:
Signal 11 in pid 12974 (3.0.25pre2) Please read the Trouble-Shooting section of
the Samba3-HOWTO
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
==============================================================PANIC (pid 12974):
internal error
BACKTRACE: 24 stack frames:
#0 /usr/local/samba/3.0.25/sbin/winbindd(log_stack_trace+0x2d) [0x800cca55]
#1 /usr/local/samba/3.0.25/sbin/winbindd(smb_panic+0x86) [0x800cc8c3]
#2 /usr/local/samba/3.0.25/sbin/winbindd [0x800b84ec]
#3 /usr/local/samba/3.0.25/sbin/winbindd [0x800b84fd]
#4 [0xffffe420]
#5 /usr/local/samba/3.0.25/sbin/winbindd [0x801f6d3b]
#6 /usr/local/samba/3.0.25/sbin/winbindd(idmap_sids_to_unixids+0x3c9)
[0x801f77a7]
#7 /usr/local/samba/3.0.25/sbin/winbindd(idmap_sid_to_uid+0xa6) [0x801f9e0c]
#8 /usr/local/samba/3.0.25/sbin/winbindd(winbindd_dual_sid2uid+0x123)
[0x8006ad0c]
#9 /usr/local/samba/3.0.25/sbin/winbindd [0x800681d3] #10
/usr/local/samba/3.0.25/sbin/winbindd [0x80069bf5]
#11 /usr/local/samba/3.0.25/sbin/winbindd [0x80067da4]
#12 /usr/local/samba/3.0.25/sbin/winbindd(async_request+0x17c) [0x80067945]
#13 /usr/local/samba/3.0.25/sbin/winbindd [0x80069e71]
#14 /usr/local/samba/3.0.25/sbin/winbindd(winbindd_sid2uid_async+0x83)
[0x8006abdf]
#15 /usr/local/samba/3.0.25/sbin/winbindd [0x80041063]
#16 /usr/local/samba/3.0.25/sbin/winbindd [0x8006dd3a]
#17 /usr/local/samba/3.0.25/sbin/winbindd [0x80069d37]
#18 /usr/local/samba/3.0.25/sbin/winbindd [0x80067d5e]
#19 /usr/local/samba/3.0.25/sbin/winbindd [0x8003edec] #20
/usr/local/samba/3.0.25/sbin/winbindd [0x8003fb55]
#21 /usr/local/samba/3.0.25/sbin/winbindd(main+0x725) [0x800405e6]
#22 /lib/libc.so.6(__libc_start_main+0xdc) [0xb7bfc87c]
#23 /usr/local/samba/3.0.25/sbin/winbindd [0x8003e491] dumping core in
/var/log/cores/winbindd Could not receive async reply Could not trigger sid2uid
Could not query uid for user MY\testuser1
Config:
[global]
workgroup = MY
realm = my.domain.com
security = ADS
auth methods = winbind
allow trusted domains = No
password server = dc011.my.domain.com dc012.my.domain.com *
name resolve order = host
socket options = SO_RMYSEADDR TCP_NODELAY
os level = 0
preferred master = No
socket address = 10.21.24.141
idmap domains = my.domain.com
idmap uid = 300-200000
idmap gid = 15-200000
template homedir = /home/%u
winbind cache time = 600
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config my.domain.com:range = 300-200000
idmap config my.domain.com:backend = ad
idmap config my.domain.com:default = yes
include = /env/samba/lib/smb.include.shares
_________________________________________________________________________________
Anders Strandberg, TietoEnator Processing & Network AB
E-mail: Anders.Strandberg@tietoenator.com | Voice: +46 920 452 037
Internet: http://www.tietoenator.com/ | Fax: +46 920 452 906
Laboratoriegr?nd 11, Box 50006, S-973 21 Lule?, Sweden | Mobile: +46 70 345
3285
Anders.Strandberg@tietoenator.com wrote:> I have tested winbind in samba-3.0.25-pre2 and encountered some problems. We have a working config with Linux samba-3.0.23d and W2k3 AD R2 rfc2307bis, but when I switch to 3.0.25 it stopped working. I am not quite familiar with the new configuration directives for idmap, but the old config did not work either with 3.0.25, so I tried to use the new ones. > > Is there apparent errors in my config ?> winbind nss info = rfc2307Hi, Same sort of problem here. Is there any documentation available for: "New plug-in interface for the "winbind nss info" parameter" ? I've got the new IDMAP configuration working (wbinfo works) but nss info (using sfu35) is not working with the old configuration anymore. -- Heikki M