Don Meyer
2007-May-04 20:50 UTC
[Samba] Possible problem w/ 'idmap restore' under 3.0.25rc3
Folks,
Maybe it's me, or my systems, but I've found that idmap restore
simply doesn't work under samba-3.0.25rc3.
When I try to import the idmap.dump file I create from one of my
older systems into a fresh 3.0.25rc3 installation, I get a huge
stream of errors along the line of "could not set mapping of
(UID|GID) to sid xxxxx". This happened whether I was using
idmap_tdb or idmap_ldap. The same idmap.dump file restores
successfully on my other 3.0.23 & 3.0.24 systems.
I went further and used "getent passwd" to populate the system's
idmap from the AD (while using idmap_tdb, BTW), and then ran the 'net
idmap dump' command, which generated a file that looked fairly
identical in structure to the idmap.dump file I got from the previous
version. Following this, I tried to 'net idmap restore' the idmap
dump file I had just created, and received the same long string of
errors. Thus, I suspect there is something not quite right in the
'net idmap restore' functionality...
Cheers,
-D
Don Meyer <dlmeyer@uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759
On Fri, 2007-05-04 at 14:36 -0500, Don Meyer wrote:> Folks, > > Maybe it's me, or my systems, but I've found that idmap restore > simply doesn't work under samba-3.0.25rc3. > > When I try to import the idmap.dump file I create from one of my > older systems into a fresh 3.0.25rc3 installation, I get a huge > stream of errors along the line of "could not set mapping of > (UID|GID) to sid xxxxx". This happened whether I was using > idmap_tdb or idmap_ldap. The same idmap.dump file restores > successfully on my other 3.0.23 & 3.0.24 systems. > > I went further and used "getent passwd" to populate the system's > idmap from the AD (while using idmap_tdb, BTW), and then ran the 'net > idmap dump' command, which generated a file that looked fairly > identical in structure to the idmap.dump file I got from the previous > version. Following this, I tried to 'net idmap restore' the idmap > dump file I had just created, and received the same long string of > errors. Thus, I suspect there is something not quite right in the > 'net idmap restore' functionality...Can you please send me the output with the errors at debug level 10 (just add -d10 to the command)? I will try to fix this in time for 3.0.25 final if possible. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: idra@samba.org http://samba.org
On Fri, 2007-05-04 at 14:36 -0500, Don Meyer wrote:> Folks, > > Maybe it's me, or my systems, but I've found that idmap restore > simply doesn't work under samba-3.0.25rc3.True, 1 line fix here: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c?rev=22677&r1=22675&r2=22677 Sorry for the problem, this slipped through during recent patches to fix the sid checking layer violation and the idmap offline code. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: idra@samba.org http://samba.org
Don Meyer
2007-May-12 01:32 UTC
[Samba] Possible problem w/ 'idmap restore' under 3.0.25rc3 (the sequel)
At 11:22 AM 5/11/2007, Don Meyer wrote:>At 07:17 AM 5/11/2007, simo wrote: >> > Afterward, testing the UID mappings that should have been established >> > (by 'getent passwd {username}' results in allocation of a new number. >> >>I need to know what error you get, I have no errors in storing the IDs, >>They get created in ldap for me. >>Maybe you can get to the real error the server returns? >> >> > ... >> > So, the previous patch fixes TDB mode, but that particular problem >> > appears to still exist under LDAP mode. >> > >> > If there is any additional info you need (or tests to run) to help >> > diagnose this problem, I'd be glad to try to get it for you. >> >>Need to know why the ldap server refuses to create the entries. >>I can't repro this. > > >Not being able to reproduce on your end is a good sign -- the >problem may be on my end. I was testing with "half-patched" rc3 >code while I'm away at a redhat conference. Jerry has shown me the >proper way to build fresh RPMs from the SVN tree with *all* the >patches -- I'll plan on building fresh from this and also tearing >down and starting the LDAP fresh, so I can get clean results later >this afternoon/evening. We'll see if that makes the difference...OK, this problem was definitely on my end. I rebuilt fresh packages from SVN, reinstalled & reinitialized the LDAP server, and everything worked just fine this time. FWIW, I think I may have mistakenly copied in one of the smb.conf variants that was set up for a master-replica LDAP system when my replica is not replicating. I made sure to use the master-only variant this time, and everything is just fine. Sorry for the false alarm. -D Don Meyer <dlmeyer@uiuc.edu> Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety." -- Benjamin Franklin, 1759