Angel Galindo Muñoz
2004-May-11 12:34 UTC
[Samba] ldapsam - Failed to open group mapping database
Hi!
I've been trying to install Samba 3.0.2a + ldapSam (Stand-Alone, not
PDC) on a RedHat Enterprise Edition 3.0 as a fileserver. It works fine
but I still get some errors about groups and I can't find the answers in
the mailing list log:
Let's explain the error: When I connect with a W2k client it works
fine, but then if I try to add extra permissions to a file it complains
in some ways. The underlying FS is XFS (bestbits' linux 2.4.25
ACL+Quotas patch) with ACLs enabled (I'm sure there isnt any filesystem
error).
The log looks like this:
[2004/05/11 12:52:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
init_sam_from_ldap: Entry found for user: samba4
[2004/05/11 12:52:31, 0] groupdb/mapping.c:init_group_mapping(139)
Failed to open group mapping database
[2004/05/11 12:52:31, 0] groupdb/mapping.c:get_group_from_gid(655)
failed to initialize group mappingFailed to open group mapping database
[2004/05/11 12:52:31, 0] groupdb/mapping.c:get_group_from_gid(655)
failed to initialize group mappingget_alias_user_groups: gid of user
samba4 doesn't exist. Check your /etc/passwd and /etc/group files
[2004/05/11 12:52:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
init_sam_from_ldap: Entry found for user: Domain Users
[2004/05/11 12:52:31, 2] rpc_server/srv_util.c:get_alias_user_groups(145)
get_alias_user_groups: getgroups_user failed
There are two clear messages:
- "Failed to open group mapping database"
-"gid of user samba4 doesn't exist...".
This is a ldif snippet of the ldap SAM. I'm not using any tool, I need
to be able to do it directly on LDAP , because the user managamement
must be done by our middleware integration applications:
########
# User #
########
dn: uid=samba4, ou=People, ou=file, o=ub, c=es
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: top
sambaAcctFlags: [UX ]
uid: samba4
cn: Usuari samba4
loginShell: /bin/bash
gidNumber: 1002
displayName: Usuari samba4
homeDirectory: /home/samba4
sambaNTPassword: 47592B71C1BFBB0F76F215901B4D1A37
sambaLMPassword: 63F31FE8389468A6AAD3B435B51404EE
sambaSID: S-1-5-21-349043978-4100265039-1442050830-1104
userPassword: {CRYPT}DmHwJp6jnwQcU
uidNumber: 1004
sambaPrimaryGroupSID: S-1-5-21-349043978-4100265039-1442050830-513
################
# Unix Groups: #
################
dn: cn=unixSambaAdmins, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: posixgroup
cn: unixSambaAdmins
gidNumber: 1003
description: El grup UNIX d administradors de Samba
dn: cn=unixSambaNobodyGroup, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: posixgroup
cn: unixSambaNobodyGroup
gidNumber: 1004
description: El grup UNIX de samba nobody
dn: cn=unixSambaUsuaris, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: posixgroup
cn: unixSambaUsuaris
gidNumber: 1002
description: El grup UNIX d usuaris Samba
##############
# NT Groups: #
##############
dn: cn=Domain Admins, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: sambaGroupMapping
objectClass: sambaSamAccount
sambaSID: S-1-5-21-349043978-4100265039-1442050830-512
gidNumber: 1003
sambaGroupType: 5
uid: Domain Admins
dn: cn=Domain Users, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: sambaGroupMapping
objectClass: sambaSamAccount
sambaSID: S-1-5-21-349043978-4100265039-1442050830-513
gidNumber: 1002
sambaGroupType: 5
uid: Domain Users
dn: cn=Domain Guests, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: sambaGroupMapping
objectClass: sambaSamAccount
sambaSID: S-1-5-21-349043978-4100265039-1442050830-514
gidNumber: 1004
sambaGroupType: 5
uid: Domain Guests
The ldap ACLs grants to the manager DN used by samba has full access,
there are no permision problems.
More info about mapping: It looks like good (?) :
[root@sambap root]# /opt/samba/bin/net groupmap list
Domain Users (S-1-5-21-349043978-4100265039-1442050830-513) ->
unixSambaUsuaris
Domain Admins (S-1-5-21-349043978-4100265039-1442050830-512) ->
unixSambaAdmins
Domain Guests (S-1-5-21-349043978-4100265039-1442050830-514) ->
unixSambaNobodyGroup
Anyway let's also give the relevant sections of smb.conf:
[global]
nt acl support = yes
workgroup = SAMBAPROVES
server string = Servidor Samba de Proves
hosts allow = 161.116.2.
printcap name = /etc/printcap
load printers = yes
printing = bsd
log file = /var/log/samba/%m.log
max log size = 5000
log level = 2
security = user
encrypt passwords = yes
ldap admin dn=cn=xxxxxx,o=ub,c=es
passdb backend = ldapsam:ldap://xx.yy.zz:ppp
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = ou=file, o=ub, c=es
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
nt acl support = yes
I'm very sure that my error is on Group Mapping but I've read Chapters
11 (Account Info DBs) and 12 (Group Mapping) and I can't fix it.
Any help would be very very appreciated.
Thanks in advance!
--
Angel Galindo Mu?oz
Gerald (Jerry) Carter
2004-May-11 16:06 UTC
[Samba] ldapsam - Failed to open group mapping database
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Angel Galindo Mu?oz wrote: | | Hi! | | I've been trying to install Samba 3.0.2a + ldapSam (Stand-Alone, not | PDC) on a RedHat Enterprise Edition 3.0 as a fileserver. It works fine | but I still get some errors about groups and I can't find the answers in | the mailing list log: | | | Let's explain the error: When I connect with a W2k client it works | fine, but then if I try to add extra permissions to a file it complains | in some ways. The underlying FS is XFS (bestbits' linux 2.4.25 | ACL+Quotas patch) with ACLs enabled (I'm sure there isnt any filesystem | error). | ... | failed to initialize group mappingFailed to open group mapping database We fixed a lot of these post 3.0.2a. Please test 3.0.4 cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAoPoPIR7qMdg1EfYRAgDZAJ4kfMNDorGDCVZPZmobdnyh0xHbngCg4ccY 6H+XZflrPIERtaG9P7h2cXA=EyGN -----END PGP SIGNATURE-----