Martin Juhl
2016-Feb-29 14:57 UTC
[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend
Hi Please notice that i'm not using ldapsam, but ipasam... from freeipa server... So I think I need those things in my configuration file.... I'm having trouble finding documentation on the ipasam extension.... Seems as though our problems are similiar ----- Original meddelelse ----- Fra: "Rowland penny" <rpenny at samba.org> Til: "samba" <samba at lists.samba.org> Sendt: mandag, 29. februar 2016 15:16:13 Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend On 29/02/16 13:44, Martin Juhl wrote:> Hi > > >>> First thing is, you shouldn't have a user called 'root' in your domain, > I know, was just saying that the error message changed when I added the user.... > >>> use a usermap to map 'Administrator' to 'root' > I have now tried adding: > > username map = /var/lib/samba/usermap.txt > > to my [global] > > and /var/lib/samba/usermap.txt: > > mj = Adminstrator > > >>> Can you try and create a new user with smbpasswd ? > [root at bart samba]# smbpasswd -a test > No builtin backend found, trying to load plugin > Module 'ipasam' loaded > smbldap_open_connection: connection opened > ldap_connect_system: successful connection to the LDAP server > pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan > New SMB password: > Retype new SMB password: > Could not find user test and no add script defined > Failed to add entry for user test. > > >>> I think you may be hitting the same problem that I have, smbpasswd will >>> create the user, but then segfaults when trying to add the password. > > /Martin > > ----- Original meddelelse ----- > Fra: "Rowland penny" <rpenny at samba.org> > Til: "samba" <samba at lists.samba.org> > Sendt: mandag, 29. februar 2016 11:34:14 > Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend > > On 29/02/16 10:04, Martin Juhl wrote: >> Hi >> >> This is samba-4.2.3-11.el7_2.x86_64 on CentOS... >> >> I'm trying to setup a Samba NT4 domain, with FreeIPA as a backend... >> >> Right now everything works.. except that I need a Domain Adminstrator... >> >> smbpasswd -a root, segfaults... probably because the user doesn't exist in FreeIPA >> >> If I create the root user in FreeIPA, it instead gives: >> >> [root at bart samba]# LANG=en smbpasswd -a root >> No builtin backend found, trying to load plugin >> Module 'ipasam' loaded >> smbldap_open_connection: connection opened >> ldap_connect_system: successful connection to the LDAP server >> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan >> New SMB password: >> Retype new SMB password: >> init_sam_from_ldap: Entry found for user: root >> ERROR: Got 0 entries for gid 0, expected at least one >> ERROR: Got 0 entries for gid 0, expected at least one >> Forcing Primary Group to 'Domain Users' for root >> Failed to modify entry for user root. >> >> >> I can't create a user with uid=0 or gid=0 in FreeIPA... >> >> I have also tried changing the administrator user: >> >> pdbedit -U S-1-5-21-3189138339-1730592290-4215248117-500 -u mj -r -d 7 >> >> but it also fails: >> >> http://pastebin.com/8tpuD6Eg >> >> >> Config: >> >> [global] >> bind interfaces only = yes >> enable privileges = yes >> workgroup = BOLLS >> netbios name = BART >> realm = BOLLS.LAN >> kerberos method = dedicated keytab >> dedicated keytab file = FILE:/etc/samba/samba.keytab >> create krb5 conf = no >> security = user >> domain master = yes >> domain logons = yes >> log level = 3 >> max log size = 100000 >> log file = /var/log/samba/log.%m >> passdb backend = ipasam:ldaps://lisa.bolls.lan >> disable spoolss = yes >> ldapsam:trusted = yes >> ldap ssl = off >> ldap suffix = dc=bolls,dc=lan >> ldap user suffix = cn=users,cn=accounts >> ldap group suffix = cn=groups,cn=accounts >> ldap machine suffix = cn=computers,cn=accounts >> rpc_server:epmapper = external >> rpc_server:lsarpc = external >> rpc_server:lsass = external >> rpc_server:lsasd = external >> rpc_server:samr = external >> rpc_server:netlogon = external >> rpc_server:tcpip = yes >> rpc_daemon:epmd = fork >> rpc_daemon:lsasd = fork >> logon path = \\%L\Profiles\%U >> logon drive = H: >> logon home = \\%L\%U >> >> [homes] >> comment = Home Directories >> valid users = %S >> read only = No >> browseable = No >> [printers] >> comment = All Printers >> path = /var/spool/samba >> printer admin = root, mj >> create mask = 0600 >> guest ok = Yes >> printable = Yes >> browseable = No >> [print$] >> comment = Printer Drivers Share >> path = /var/lib/samba/drivers >> write list = mj, root >> printer admin = mj, root >> [netlogon] >> comment = Network Logon Service >> path = /var/lib/samba/netlogon >> admin users = root, mj >> guest ok = Yes >> browseable = No >> # For profiles to work, create a user directory under the path >> # shown. i.e., mkdir -p /var/lib/samba/profiles/mj >> [Profiles] >> comment = Roaming Profile Share >> path = /var/lib/samba/profiles >> read only = No >> profile acls = Yes >> >>OK, You are running Samba as a NT4-style PDC, so you probably don't need these lines: realm = BOLLS.LAN kerberos method = dedicated keytab dedicated keytab file = FILE:/etc/samba/samba.keytab create krb5 conf = no You also don't have any of the smbldap-tools lines, but you do have 'ldapsam:trusted = yes ', on a PDC you are expected to also have 'ldapsam:editposix=yes' (or so I believe), see here: https://wiki.samba.org/index.php/Ldapsam_Editposix You either have to use smbldap-tools (which now appears to finally dead) or ldapsam:editposix, only problem with this is that smbpasswd doesn't seem to work, it creates the user in ldap and then segfaults when trying to add the password. I have spent all weekend trying to make ldapsam:editposix work, but keep coming up against the password problem. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2016-Feb-29 15:02 UTC
[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend
On 29/02/16 14:57, Martin Juhl wrote:> Hi > > Please notice that i'm not using ldapsam, but ipasam... from freeipa server... So I think I need those things in my configuration file....Never heard of ipasam (not that means anything) so I will bow to your superior knowledge.> > I'm having trouble finding documentation on the ipasam extension....You will probably have to ask on the ipa mailing list (if there is one) about ipa docs.> > Seems as though our problems are similiarVery probably, I am going to file a bug report anyway. Rowland> > > ----- Original meddelelse ----- > Fra: "Rowland penny" <rpenny at samba.org> > Til: "samba" <samba at lists.samba.org> > Sendt: mandag, 29. februar 2016 15:16:13 > Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend > > On 29/02/16 13:44, Martin Juhl wrote: >> Hi >> >> >>>> First thing is, you shouldn't have a user called 'root' in your domain, >> I know, was just saying that the error message changed when I added the user.... >> >>>> use a usermap to map 'Administrator' to 'root' >> I have now tried adding: >> >> username map = /var/lib/samba/usermap.txt >> >> to my [global] >> >> and /var/lib/samba/usermap.txt: >> >> mj = Adminstrator >> >> >>>> Can you try and create a new user with smbpasswd ? >> [root at bart samba]# smbpasswd -a test >> No builtin backend found, trying to load plugin >> Module 'ipasam' loaded >> smbldap_open_connection: connection opened >> ldap_connect_system: successful connection to the LDAP server >> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan >> New SMB password: >> Retype new SMB password: >> Could not find user test and no add script defined >> Failed to add entry for user test. >> >> >>>> I think you may be hitting the same problem that I have, smbpasswd will >>>> create the user, but then segfaults when trying to add the password. >>
Martin Juhl
2016-Feb-29 15:11 UTC
[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend
Ok Please post the link for the bug report.. Thanks... ----- Original meddelelse ----- Fra: "Rowland penny" <rpenny at samba.org> Til: "samba" <samba at lists.samba.org> Sendt: mandag, 29. februar 2016 16:02:38 Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend On 29/02/16 14:57, Martin Juhl wrote:> Hi > > Please notice that i'm not using ldapsam, but ipasam... from freeipa server... So I think I need those things in my configuration file....Never heard of ipasam (not that means anything) so I will bow to your superior knowledge.> > I'm having trouble finding documentation on the ipasam extension....You will probably have to ask on the ipa mailing list (if there is one) about ipa docs.> > Seems as though our problems are similiarVery probably, I am going to file a bug report anyway. Rowland> > > ----- Original meddelelse ----- > Fra: "Rowland penny" <rpenny at samba.org> > Til: "samba" <samba at lists.samba.org> > Sendt: mandag, 29. februar 2016 15:16:13 > Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend > > On 29/02/16 13:44, Martin Juhl wrote: >> Hi >> >> >>>> First thing is, you shouldn't have a user called 'root' in your domain, >> I know, was just saying that the error message changed when I added the user.... >> >>>> use a usermap to map 'Administrator' to 'root' >> I have now tried adding: >> >> username map = /var/lib/samba/usermap.txt >> >> to my [global] >> >> and /var/lib/samba/usermap.txt: >> >> mj = Adminstrator >> >> >>>> Can you try and create a new user with smbpasswd ? >> [root at bart samba]# smbpasswd -a test >> No builtin backend found, trying to load plugin >> Module 'ipasam' loaded >> smbldap_open_connection: connection opened >> ldap_connect_system: successful connection to the LDAP server >> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan >> New SMB password: >> Retype new SMB password: >> Could not find user test and no add script defined >> Failed to add entry for user test. >> >> >>>> I think you may be hitting the same problem that I have, smbpasswd will >>>> create the user, but then segfaults when trying to add the password. >>-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend
- Segmentation Fault when trying to set root samba password, IPA as a backend