thr3ads.net - samba - [Samba] Problem with IDMAP+LDAP+WINBIND [Jun 2011]

If this information is useful, please help other people find it:
Share via:

Adrian Berlin

2011-Jun-08 15:02 UTC

[Samba] Problem with IDMAP+LDAP+WINBIND

Hello,

I have problem with idmap configuration. I would like to use LDAP as
backend for idmap in Samba+ADS environment, but i have following errors
in log.winbindd-idmap:

[2011/06/08 16:57:54.805575,? 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)?????????????????????????????????????????????????????????????????????????????????
? idmap_alloc module ldap already
registered!???????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.805618,? 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)?????????????????????????????????????????????????????????????????????????????????
? idmap_alloc module tdb already
registered!????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.805645,? 0]
winbindd/idmap.c:149(smb_register_idmap)???????????????????????????????????????????????????????????????????????????????????????
? Idmap module passdb already
registered!???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.805671,? 0]
winbindd/idmap.c:149(smb_register_idmap)???????????????????????????????????????????????????????????????????????????????????????
? Idmap module nss already
registered!??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.806552,? 1]
winbindd/idmap_ldap.c:193(verify_idpool)???????????????????????????????????????????????????????????????????????????????????????
? Unable to verify the idpool, cannot continue
initialization!??????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.806642,? 0]
winbindd/idmap.c:589(idmap_alloc_init)?????????????????????????????????????????????????????????????????????????????????????????
? ERROR: Initialization failed for alloc backend,
deferred!?????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.844163,? 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)?????????????????????????????????????????????????????????????????????????????????
? idmap_alloc module ldap already
registered!???????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.844226,? 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)?????????????????????????????????????????????????????????????????????????????????
? idmap_alloc module tdb already
registered!????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.844254,? 0]
winbindd/idmap.c:149(smb_register_idmap)???????????????????????????????????????????????????????????????????????????????????????
? Idmap module passdb already
registered!???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.844280,? 0]
winbindd/idmap.c:149(smb_register_idmap)???????????????????????????????????????????????????????????????????????????????????????
? Idmap module nss already
registered!??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.845341,? 1]
winbindd/idmap_ldap.c:193(verify_idpool)???????????????????????????????????????????????????????????????????????????????????????
? Unable to verify the idpool, cannot continue
initialization!??????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.845380,? 0]
winbindd/idmap.c:589(idmap_alloc_init)?????????????????????????????????????????????????????????????????????????????????????????
? ERROR: Initialization failed for alloc backend,
deferred!?????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.846287,? 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)?????????????????????????????????????????????????????????????????????????????????
? idmap_alloc module ldap already
registered!???????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.846326,? 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)?????????????????????????????????????????????????????????????????????????????????
? idmap_alloc module tdb already
registered!????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.846353,? 0]
winbindd/idmap.c:149(smb_register_idmap)???????????????????????????????????????????????????????????????????????????????????????
? Idmap module passdb already
registered!???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.846380,? 0]
winbindd/idmap.c:149(smb_register_idmap)???????????????????????????????????????????????????????????????????????????????????????
? Idmap module nss already
registered!??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.847374,? 1]
winbindd/idmap_ldap.c:193(verify_idpool)???????????????????????????????????????????????????????????????????????????????????????
? Unable to verify the idpool, cannot continue
initialization!??????????????????????????????????????????????????????????????????????????????????????????????????
[2011/06/08 16:57:54.847409,? 0]
winbindd/idmap.c:589(idmap_alloc_init)?????????????????????????????????????????????????????????????????????????????????????????
? ERROR: Initialization failed for alloc backend, deferred!

LDAP database is up and running.

slapcat:

dn: dc=server,dc=nas
objectClass: dcObject
objectClass: organization
dc: server
o: server
structuralObjectClass: organization
entryUUID: 6401d0ac-262b-1030-84d2-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000000#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: cn=admin,dc=server,dc=nas
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
userPassword:: c2VjcmV0
description: LDAP administrator
structuralObjectClass: organizationalRole
entryUUID: 64127830-262b-1030-84d3-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000001#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: ou=People,dc=server,dc=nas
ou: People
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 642ad5ec-262b-1030-84d4-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000002#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: ou=ChapPeople,dc=server,dc=nas
ou: ChapPeople
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 642f6b7a-262b-1030-84d5-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000003#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: ou=Groups,dc=server,dc=nas
ou: Groups
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 64357e34-262b-1030-84d6-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000004#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: ou=Computers,dc=server,dc=nas
ou: Computers
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 643a116a-262b-1030-84d7-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000005#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: ou=idmap,dc=server,dc=nas
objectClass: organizationalUnit
objectClass: top
objectClass: sambaUnixIdPool
ou: idmap
description: idmap
uidNumber: 10000
gidNumber: 10000
structuralObjectClass: organizationalUnit
entryUUID: 643ea9dc-262b-1030-84d8-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000006#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: sambaDomainName=DSS,dc=server,dc=nas
sambaDomainName: DSS
sambaSID: S-1-5-21-2206515185-2896615622-3143254707
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
structuralObjectClass: sambaDomain
entryUUID: 6470ac16-262b-1030-84d9-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000007#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

dn: cn=users,ou=Groups,dc=server,dc=nas
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
gidNumber: 101
cn: users
description: DefaulGroup
sambaSID: S-1-5-21-2206515185-2896615622-3143254707-1203
sambaGroupType: 2
displayName: users
structuralObjectClass: posixGroup
entryUUID: 6475a05e-262b-1030-84da-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000008#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z

cat /etc/samba/smb.conf
...
ldap admin
dn"cn=admin,dc=server,dc=nas"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
ldap
suffix"dc=server,dc=nas"?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
#ldap
server127.0.0.1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
ldap idmap suffix
"ou=idmap"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
passdb backend
ldapsam:ldap://127.0.0.1:389???????????????????????????????????????????????????????????????????????????????????????????????????????????????????
idmap backend
ldap:ldap://127.0.0.1:389???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
idmap uid
10000-500000????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
idmap gid = 10000-500000
...

Samba successfully connect to ADS domain but idmapings aren't writen to
LDAP database.

Best Regards

-- 
You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of Storage!

http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748&STATUS=MAIN

Aldyth Maharsha

2011-Jun-09 10:18 UTC

head link

[Samba] Problem with IDMAP+LDAP+WINBIND

What kind of your security parameter using?..try to set security = ADS at
smb.conf
Or you can just configure idmap uid and gid like this :
idmap uid =10000-500000


idmap gid = 10000-500000

not specify your idmap backend, correct me if i'm wrong :-)

Best Regards,
Aldyth M

On Wed, Jun 8, 2011 at 10:02 PM, Adrian Berlin <gato at rock.com> wrote:
> Hello,
>
> I have problem with idmap configuration. I would like to use LDAP as
> backend for idmap in Samba+ADS environment, but i have following errors
> in log.winbindd-idmap:
>
> [2011/06/08 16:57:54.805575,  0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already
>
> registered!
> [2011/06/08 16:57:54.805618,  0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already
>
> registered!
> [2011/06/08 16:57:54.805645,  0]
>
> winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already
>
> registered!
> [2011/06/08 16:57:54.805671,  0]
>
> winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already
>
> registered!
> [2011/06/08 16:57:54.806552,  1]
>
> winbindd/idmap_ldap.c:193(verify_idpool)
>   Unable to verify the idpool, cannot continue
>
> initialization!
> [2011/06/08 16:57:54.806642,  0]
>
> winbindd/idmap.c:589(idmap_alloc_init)
>   ERROR: Initialization failed for alloc backend,
>
> deferred!
> [2011/06/08 16:57:54.844163,  0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already
>
> registered!
> [2011/06/08 16:57:54.844226,  0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already
>
> registered!
> [2011/06/08 16:57:54.844254,  0]
>
> winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already
>
> registered!
> [2011/06/08 16:57:54.844280,  0]
>
> winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already
>
> registered!
> [2011/06/08 16:57:54.845341,  1]
>
> winbindd/idmap_ldap.c:193(verify_idpool)
>   Unable to verify the idpool, cannot continue
>
> initialization!
> [2011/06/08 16:57:54.845380,  0]
>
> winbindd/idmap.c:589(idmap_alloc_init)
>   ERROR: Initialization failed for alloc backend,
>
> deferred!
> [2011/06/08 16:57:54.846287,  0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already
>
> registered!
> [2011/06/08 16:57:54.846326,  0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already
>
> registered!
> [2011/06/08 16:57:54.846353,  0]
>
> winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already
>
> registered!
> [2011/06/08 16:57:54.846380,  0]
>
> winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already
>
> registered!
> [2011/06/08 16:57:54.847374,  1]
>
> winbindd/idmap_ldap.c:193(verify_idpool)
>   Unable to verify the idpool, cannot continue
>
> initialization!
> [2011/06/08 16:57:54.847409,  0]
>
> winbindd/idmap.c:589(idmap_alloc_init)
>   ERROR: Initialization failed for alloc backend, deferred!
>
> LDAP database is up and running.
>
> slapcat:
>
> dn: dc=server,dc=nas
> objectClass: dcObject
> objectClass: organization
> dc: server
> o: server
> structuralObjectClass: organization
> entryUUID: 6401d0ac-262b-1030-84d2-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000000#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: cn=admin,dc=server,dc=nas
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: admin
> userPassword:: c2VjcmV0
> description: LDAP administrator
> structuralObjectClass: organizationalRole
> entryUUID: 64127830-262b-1030-84d3-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000001#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=People,dc=server,dc=nas
> ou: People
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 642ad5ec-262b-1030-84d4-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000002#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=ChapPeople,dc=server,dc=nas
> ou: ChapPeople
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 642f6b7a-262b-1030-84d5-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000003#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=Groups,dc=server,dc=nas
> ou: Groups
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 64357e34-262b-1030-84d6-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000004#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=Computers,dc=server,dc=nas
> ou: Computers
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 643a116a-262b-1030-84d7-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000005#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=idmap,dc=server,dc=nas
> objectClass: organizationalUnit
> objectClass: top
> objectClass: sambaUnixIdPool
> ou: idmap
> description: idmap
> uidNumber: 10000
> gidNumber: 10000
> structuralObjectClass: organizationalUnit
> entryUUID: 643ea9dc-262b-1030-84d8-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000006#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: sambaDomainName=DSS,dc=server,dc=nas
> sambaDomainName: DSS
> sambaSID: S-1-5-21-2206515185-2896615622-3143254707
> sambaAlgorithmicRidBase: 1000
> objectClass: sambaDomain
> sambaNextUserRid: 1000
> sambaMinPwdLength: 5
> sambaPwdHistoryLength: 0
> sambaLogonToChgPwd: 0
> sambaMaxPwdAge: -1
> sambaMinPwdAge: 0
> sambaLockoutDuration: 30
> sambaLockoutObservationWindow: 30
> sambaLockoutThreshold: 0
> sambaForceLogoff: -1
> sambaRefuseMachinePwdChange: 0
> structuralObjectClass: sambaDomain
> entryUUID: 6470ac16-262b-1030-84d9-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000007#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: cn=users,ou=Groups,dc=server,dc=nas
> objectClass: posixGroup
> objectClass: top
> objectClass: sambaGroupMapping
> gidNumber: 101
> cn: users
> description: DefaulGroup
> sambaSID: S-1-5-21-2206515185-2896615622-3143254707-1203
> sambaGroupType: 2
> displayName: users
> structuralObjectClass: posixGroup
> entryUUID: 6475a05e-262b-1030-84da-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000008#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> cat /etc/samba/smb.conf
> ...
> ldap admin dn>
> "cn=admin,dc=server,dc=nas"
> ldap suffix>
> "dc=server,dc=nas"
> #ldap server>
> 127.0.0.1
> ldap idmap suffix >
> "ou=idmap"
> passdb backend > ldapsam:ldap://127.0.0.1:389
>
> idmap backend > ldap:ldap://127.0.0.1:389
>
> idmap uid >
> 10000-500000
> idmap gid = 10000-500000
> ...
>
> Samba successfully connect to ADS domain but idmapings aren't writen to
> LDAP database.
>
> Best Regards
>
> --
> You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of
> Storage!
>
>
>
http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748&STATUS=MAIN
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Possibly Parallel Threads

Search for more reasonably related threads

samba - Jun 2011 - Problem with IDMAP+LDAP+WINBIND

[Samba] Problem with IDMAP+LDAP+WINBIND

[Samba] Problem with IDMAP+LDAP+WINBIND

Possibly Parallel Threads