Martin Juhl
2016-Feb-29 13:44 UTC
[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend
Hi>> First thing is, you shouldn't have a user called 'root' in your domain,I know, was just saying that the error message changed when I added the user....>> use a usermap to map 'Administrator' to 'root'I have now tried adding: username map = /var/lib/samba/usermap.txt to my [global] and /var/lib/samba/usermap.txt: mj = Adminstrator>> Can you try and create a new user with smbpasswd ?[root at bart samba]# smbpasswd -a test No builtin backend found, trying to load plugin Module 'ipasam' loaded smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan New SMB password: Retype new SMB password: Could not find user test and no add script defined Failed to add entry for user test.>> I think you may be hitting the same problem that I have, smbpasswd will >> create the user, but then segfaults when trying to add the password./Martin ----- Original meddelelse ----- Fra: "Rowland penny" <rpenny at samba.org> Til: "samba" <samba at lists.samba.org> Sendt: mandag, 29. februar 2016 11:34:14 Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend On 29/02/16 10:04, Martin Juhl wrote:> Hi > > This is samba-4.2.3-11.el7_2.x86_64 on CentOS... > > I'm trying to setup a Samba NT4 domain, with FreeIPA as a backend... > > Right now everything works.. except that I need a Domain Adminstrator... > > smbpasswd -a root, segfaults... probably because the user doesn't exist in FreeIPA > > If I create the root user in FreeIPA, it instead gives: > > [root at bart samba]# LANG=en smbpasswd -a root > No builtin backend found, trying to load plugin > Module 'ipasam' loaded > smbldap_open_connection: connection opened > ldap_connect_system: successful connection to the LDAP server > pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan > New SMB password: > Retype new SMB password: > init_sam_from_ldap: Entry found for user: root > ERROR: Got 0 entries for gid 0, expected at least one > ERROR: Got 0 entries for gid 0, expected at least one > Forcing Primary Group to 'Domain Users' for root > Failed to modify entry for user root. > > > I can't create a user with uid=0 or gid=0 in FreeIPA... > > I have also tried changing the administrator user: > > pdbedit -U S-1-5-21-3189138339-1730592290-4215248117-500 -u mj -r -d 7 > > but it also fails: > > http://pastebin.com/8tpuD6Eg > > > Config: > > [global] > bind interfaces only = yes > enable privileges = yes > workgroup = BOLLS > netbios name = BART > realm = BOLLS.LAN > kerberos method = dedicated keytab > dedicated keytab file = FILE:/etc/samba/samba.keytab > create krb5 conf = no > security = user > domain master = yes > domain logons = yes > log level = 3 > max log size = 100000 > log file = /var/log/samba/log.%m > passdb backend = ipasam:ldaps://lisa.bolls.lan > disable spoolss = yes > ldapsam:trusted = yes > ldap ssl = off > ldap suffix = dc=bolls,dc=lan > ldap user suffix = cn=users,cn=accounts > ldap group suffix = cn=groups,cn=accounts > ldap machine suffix = cn=computers,cn=accounts > rpc_server:epmapper = external > rpc_server:lsarpc = external > rpc_server:lsass = external > rpc_server:lsasd = external > rpc_server:samr = external > rpc_server:netlogon = external > rpc_server:tcpip = yes > rpc_daemon:epmd = fork > rpc_daemon:lsasd = fork > logon path = \\%L\Profiles\%U > logon drive = H: > logon home = \\%L\%U > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > [printers] > comment = All Printers > path = /var/spool/samba > printer admin = root, mj > create mask = 0600 > guest ok = Yes > printable = Yes > browseable = No > [print$] > comment = Printer Drivers Share > path = /var/lib/samba/drivers > write list = mj, root > printer admin = mj, root > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > admin users = root, mj > guest ok = Yes > browseable = No > # For profiles to work, create a user directory under the path > # shown. i.e., mkdir -p /var/lib/samba/profiles/mj > [Profiles] > comment = Roaming Profile Share > path = /var/lib/samba/profiles > read only = No > profile acls = Yes > > > > > ----- Original meddelelse ----- > Fra: "Rowland penny" <rpenny at samba.org> > Til: "samba" <samba at lists.samba.org> > Sendt: mandag, 29. februar 2016 10:14:09 > Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend > > On 29/02/16 09:06, Martin Juhl wrote: >> Hi guys >> >> >> When trying to set root's password, I get a segmentation fault: >> >> [root at bart ~]# smbpasswd -a root >> No builtin backend found, trying to load plugin >> Module 'ipasam' loaded >> smbldap_open_connection: connection opened >> ldap_connect_system: successful connection to the LDAP server >> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan >> New SMB password: >> Retype new SMB password: >> Segmentation fault >> >> What to do??? >> >> Regards >> >> Martin >> > Hi, what version of Samba is this ? > Also, how have you set up Samba ? > > Rowland > >First thing is, you shouldn't have a user called 'root' in your domain, use a usermap to map 'Administrator' to 'root' Can you try and create a new user with smbpasswd ? I think you may be hitting the same problem that I have, smbpasswd will create the user, but then segfaults when trying to add the password. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2016-Feb-29 14:16 UTC
[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend
On 29/02/16 13:44, Martin Juhl wrote:> Hi > > >>> First thing is, you shouldn't have a user called 'root' in your domain, > I know, was just saying that the error message changed when I added the user.... > >>> use a usermap to map 'Administrator' to 'root' > I have now tried adding: > > username map = /var/lib/samba/usermap.txt > > to my [global] > > and /var/lib/samba/usermap.txt: > > mj = Adminstrator > > >>> Can you try and create a new user with smbpasswd ? > [root at bart samba]# smbpasswd -a test > No builtin backend found, trying to load plugin > Module 'ipasam' loaded > smbldap_open_connection: connection opened > ldap_connect_system: successful connection to the LDAP server > pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan > New SMB password: > Retype new SMB password: > Could not find user test and no add script defined > Failed to add entry for user test. > > >>> I think you may be hitting the same problem that I have, smbpasswd will >>> create the user, but then segfaults when trying to add the password. > > /Martin > > ----- Original meddelelse ----- > Fra: "Rowland penny" <rpenny at samba.org> > Til: "samba" <samba at lists.samba.org> > Sendt: mandag, 29. februar 2016 11:34:14 > Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend > > On 29/02/16 10:04, Martin Juhl wrote: >> Hi >> >> This is samba-4.2.3-11.el7_2.x86_64 on CentOS... >> >> I'm trying to setup a Samba NT4 domain, with FreeIPA as a backend... >> >> Right now everything works.. except that I need a Domain Adminstrator... >> >> smbpasswd -a root, segfaults... probably because the user doesn't exist in FreeIPA >> >> If I create the root user in FreeIPA, it instead gives: >> >> [root at bart samba]# LANG=en smbpasswd -a root >> No builtin backend found, trying to load plugin >> Module 'ipasam' loaded >> smbldap_open_connection: connection opened >> ldap_connect_system: successful connection to the LDAP server >> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan >> New SMB password: >> Retype new SMB password: >> init_sam_from_ldap: Entry found for user: root >> ERROR: Got 0 entries for gid 0, expected at least one >> ERROR: Got 0 entries for gid 0, expected at least one >> Forcing Primary Group to 'Domain Users' for root >> Failed to modify entry for user root. >> >> >> I can't create a user with uid=0 or gid=0 in FreeIPA... >> >> I have also tried changing the administrator user: >> >> pdbedit -U S-1-5-21-3189138339-1730592290-4215248117-500 -u mj -r -d 7 >> >> but it also fails: >> >> http://pastebin.com/8tpuD6Eg >> >> >> Config: >> >> [global] >> bind interfaces only = yes >> enable privileges = yes >> workgroup = BOLLS >> netbios name = BART >> realm = BOLLS.LAN >> kerberos method = dedicated keytab >> dedicated keytab file = FILE:/etc/samba/samba.keytab >> create krb5 conf = no >> security = user >> domain master = yes >> domain logons = yes >> log level = 3 >> max log size = 100000 >> log file = /var/log/samba/log.%m >> passdb backend = ipasam:ldaps://lisa.bolls.lan >> disable spoolss = yes >> ldapsam:trusted = yes >> ldap ssl = off >> ldap suffix = dc=bolls,dc=lan >> ldap user suffix = cn=users,cn=accounts >> ldap group suffix = cn=groups,cn=accounts >> ldap machine suffix = cn=computers,cn=accounts >> rpc_server:epmapper = external >> rpc_server:lsarpc = external >> rpc_server:lsass = external >> rpc_server:lsasd = external >> rpc_server:samr = external >> rpc_server:netlogon = external >> rpc_server:tcpip = yes >> rpc_daemon:epmd = fork >> rpc_daemon:lsasd = fork >> logon path = \\%L\Profiles\%U >> logon drive = H: >> logon home = \\%L\%U >> >> [homes] >> comment = Home Directories >> valid users = %S >> read only = No >> browseable = No >> [printers] >> comment = All Printers >> path = /var/spool/samba >> printer admin = root, mj >> create mask = 0600 >> guest ok = Yes >> printable = Yes >> browseable = No >> [print$] >> comment = Printer Drivers Share >> path = /var/lib/samba/drivers >> write list = mj, root >> printer admin = mj, root >> [netlogon] >> comment = Network Logon Service >> path = /var/lib/samba/netlogon >> admin users = root, mj >> guest ok = Yes >> browseable = No >> # For profiles to work, create a user directory under the path >> # shown. i.e., mkdir -p /var/lib/samba/profiles/mj >> [Profiles] >> comment = Roaming Profile Share >> path = /var/lib/samba/profiles >> read only = No >> profile acls = Yes >> >>OK, You are running Samba as a NT4-style PDC, so you probably don't need these lines: realm = BOLLS.LAN kerberos method = dedicated keytab dedicated keytab file = FILE:/etc/samba/samba.keytab create krb5 conf = no You also don't have any of the smbldap-tools lines, but you do have 'ldapsam:trusted = yes ', on a PDC you are expected to also have 'ldapsam:editposix=yes' (or so I believe), see here: https://wiki.samba.org/index.php/Ldapsam_Editposix You either have to use smbldap-tools (which now appears to finally dead) or ldapsam:editposix, only problem with this is that smbpasswd doesn't seem to work, it creates the user in ldap and then segfaults when trying to add the password. I have spent all weekend trying to make ldapsam:editposix work, but keep coming up against the password problem. Rowland
Martin Juhl
2016-Feb-29 14:57 UTC
[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend
Hi Please notice that i'm not using ldapsam, but ipasam... from freeipa server... So I think I need those things in my configuration file.... I'm having trouble finding documentation on the ipasam extension.... Seems as though our problems are similiar ----- Original meddelelse ----- Fra: "Rowland penny" <rpenny at samba.org> Til: "samba" <samba at lists.samba.org> Sendt: mandag, 29. februar 2016 15:16:13 Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend On 29/02/16 13:44, Martin Juhl wrote:> Hi > > >>> First thing is, you shouldn't have a user called 'root' in your domain, > I know, was just saying that the error message changed when I added the user.... > >>> use a usermap to map 'Administrator' to 'root' > I have now tried adding: > > username map = /var/lib/samba/usermap.txt > > to my [global] > > and /var/lib/samba/usermap.txt: > > mj = Adminstrator > > >>> Can you try and create a new user with smbpasswd ? > [root at bart samba]# smbpasswd -a test > No builtin backend found, trying to load plugin > Module 'ipasam' loaded > smbldap_open_connection: connection opened > ldap_connect_system: successful connection to the LDAP server > pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan > New SMB password: > Retype new SMB password: > Could not find user test and no add script defined > Failed to add entry for user test. > > >>> I think you may be hitting the same problem that I have, smbpasswd will >>> create the user, but then segfaults when trying to add the password. > > /Martin > > ----- Original meddelelse ----- > Fra: "Rowland penny" <rpenny at samba.org> > Til: "samba" <samba at lists.samba.org> > Sendt: mandag, 29. februar 2016 11:34:14 > Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend > > On 29/02/16 10:04, Martin Juhl wrote: >> Hi >> >> This is samba-4.2.3-11.el7_2.x86_64 on CentOS... >> >> I'm trying to setup a Samba NT4 domain, with FreeIPA as a backend... >> >> Right now everything works.. except that I need a Domain Adminstrator... >> >> smbpasswd -a root, segfaults... probably because the user doesn't exist in FreeIPA >> >> If I create the root user in FreeIPA, it instead gives: >> >> [root at bart samba]# LANG=en smbpasswd -a root >> No builtin backend found, trying to load plugin >> Module 'ipasam' loaded >> smbldap_open_connection: connection opened >> ldap_connect_system: successful connection to the LDAP server >> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan >> New SMB password: >> Retype new SMB password: >> init_sam_from_ldap: Entry found for user: root >> ERROR: Got 0 entries for gid 0, expected at least one >> ERROR: Got 0 entries for gid 0, expected at least one >> Forcing Primary Group to 'Domain Users' for root >> Failed to modify entry for user root. >> >> >> I can't create a user with uid=0 or gid=0 in FreeIPA... >> >> I have also tried changing the administrator user: >> >> pdbedit -U S-1-5-21-3189138339-1730592290-4215248117-500 -u mj -r -d 7 >> >> but it also fails: >> >> http://pastebin.com/8tpuD6Eg >> >> >> Config: >> >> [global] >> bind interfaces only = yes >> enable privileges = yes >> workgroup = BOLLS >> netbios name = BART >> realm = BOLLS.LAN >> kerberos method = dedicated keytab >> dedicated keytab file = FILE:/etc/samba/samba.keytab >> create krb5 conf = no >> security = user >> domain master = yes >> domain logons = yes >> log level = 3 >> max log size = 100000 >> log file = /var/log/samba/log.%m >> passdb backend = ipasam:ldaps://lisa.bolls.lan >> disable spoolss = yes >> ldapsam:trusted = yes >> ldap ssl = off >> ldap suffix = dc=bolls,dc=lan >> ldap user suffix = cn=users,cn=accounts >> ldap group suffix = cn=groups,cn=accounts >> ldap machine suffix = cn=computers,cn=accounts >> rpc_server:epmapper = external >> rpc_server:lsarpc = external >> rpc_server:lsass = external >> rpc_server:lsasd = external >> rpc_server:samr = external >> rpc_server:netlogon = external >> rpc_server:tcpip = yes >> rpc_daemon:epmd = fork >> rpc_daemon:lsasd = fork >> logon path = \\%L\Profiles\%U >> logon drive = H: >> logon home = \\%L\%U >> >> [homes] >> comment = Home Directories >> valid users = %S >> read only = No >> browseable = No >> [printers] >> comment = All Printers >> path = /var/spool/samba >> printer admin = root, mj >> create mask = 0600 >> guest ok = Yes >> printable = Yes >> browseable = No >> [print$] >> comment = Printer Drivers Share >> path = /var/lib/samba/drivers >> write list = mj, root >> printer admin = mj, root >> [netlogon] >> comment = Network Logon Service >> path = /var/lib/samba/netlogon >> admin users = root, mj >> guest ok = Yes >> browseable = No >> # For profiles to work, create a user directory under the path >> # shown. i.e., mkdir -p /var/lib/samba/profiles/mj >> [Profiles] >> comment = Roaming Profile Share >> path = /var/lib/samba/profiles >> read only = No >> profile acls = Yes >> >>OK, You are running Samba as a NT4-style PDC, so you probably don't need these lines: realm = BOLLS.LAN kerberos method = dedicated keytab dedicated keytab file = FILE:/etc/samba/samba.keytab create krb5 conf = no You also don't have any of the smbldap-tools lines, but you do have 'ldapsam:trusted = yes ', on a PDC you are expected to also have 'ldapsam:editposix=yes' (or so I believe), see here: https://wiki.samba.org/index.php/Ldapsam_Editposix You either have to use smbldap-tools (which now appears to finally dead) or ldapsam:editposix, only problem with this is that smbpasswd doesn't seem to work, it creates the user in ldap and then segfaults when trying to add the password. I have spent all weekend trying to make ldapsam:editposix work, but keep coming up against the password problem. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend