thr3ads.net - samba - [Samba] Winbindd Error : Could not init idmap -- netlogon proxy only [Feb 2006]

If this information is useful, please help other people find it:
Share via:

mallapadi niranjan

2006-Feb-20 07:45 UTC

[Samba] Winbindd Error : Could not init idmap -- netlogon proxy only

Hi list

I have samba 3.0.21 with LDAP version 2.2.13 on Redhat Enterprise Linux 4
enterprise server
kernel version 2.6.9-5 . smbldap-tools version 0.9.
in winbind.log i get the following errors

my domain msdpl.com

#################################################################
[2006/02/16 13:05:28, 0] lib/smbldap.c:smb_ldap_setup_conn(572)
  ldap_initialize: Time limit exceeded
[2006/02/16 13:05:28, 1] lib/smbldap.c:another_ldap_try(1051)
  Connection to LDAP server failed for the 15 try!
[2006/02/16 13:05:29, 0] lib/smbldap.c:smb_ldap_setup_conn(572)
  ldap_initialize: Time limit exceeded
[2006/02/16 13:05:29, 0] sam/idmap.c:idmap_init(138)
  idmap_init: failed to initialize remote backend!
[2006/02/16 13:05:29, 1] nsswitch/winbindd.c:main(1009)
  Could not init idmap -- netlogon proxy only
##########################################################
my smb.conf file
######################################################
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u"
"%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
  ldap delete dn = Yes
  ldap ssl = no
  ldap suffix = dc=msdpl,dc=com
  ldap admin dn = cn=manager,dc=msdpl,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=People
  ldap machine suffix = ou=Computers
  ldap idmap suffix = ou=Idmap
  ldap timeout = 50
  idmap backend = ldap://192.168.129.20
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  map acl inherit = yes
  winbind use default domain = yes
  template shell = /bin/false
##################################################
I do have OU=idmap,

dn: ou=Idmap,dc=msdpl,dc=com
objectClass: organizationalUnit
objectClass: sambaUnixIDPool
ou: Idmap

i have ignored the above problem as started using it, but i need to have
nested groups
for which windbind should be working i believe,
how do i fix windbind without disturbing the current setup.

when i use the below commands, i get the following error
#############################################################
[root@msdpl lib]# net rpc group addmem mvc681team "DOM\mvc681nns"
Password:
Could not lookup up group member DOM\mvc681nns
Could not add DOM\mvc681nns to mvc681team: NT_STATUS_NONE_MAPPED
[root@msdpl lib]# net rpc group addmem mvc681team "medhapdc\mvc681nns"
Password:
Could not lookup up group member medhapdc\mvc681nns
Could not add medhapdc\mvc681nns to mvc681team: NT_STATUS_NONE_MAPPED
[root@msdpl lib]# net rpc group addmem mvc681team "mvc681nns"
Password:
Could not add mvc681nns to mvc681team: NT_STATUS_NO_SUCH_USER
[root@msdpl lib]# net rpc group addmem mvc681team "DOMAIN\mvc681nns"
Password:
Could not lookup up group member DOMAIN\mvc681nns
Could not add DOMAIN\mvc681nns to mvc681team: NT_STATUS_NONE_MAPPED
[root@msdpl lib]# net rpc group addmem mvc681team
"msdpl.com\mvc681nns"
Password:
Could not lookup up group member msdpl.com\mvc681nns
Could not add msdpl.com\mvc681nns to mvc681team: NT_STATUS_NONE_MAPPED
[root@msdpl lib]# net rpc group addmem mvc681team
"msdpl.com\mvc681nns"
Password:
Could not lookup up group member msdpl.com\mvc681nns
Could not add msdpl.com\mvc681nns to mvc681team: NT_STATUS_NONE_MAPPED

#############################################################

Gerald (Jerry) Carter

2006-Feb-20 14:58 UTC

head link

[Samba] Winbindd Error : Could not init idmap -- netlogon proxy only

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mallapadi niranjan wrote:> Hi list
> 
> I have samba 3.0.21 with LDAP version 2.2.13 on Redhat Enterprise Linux 4
> enterprise server
> kernel version 2.6.9-5 . smbldap-tools version 0.9.
> in winbind.log i get the following errors
> 
> my domain msdpl.com
> 
> #################################################################
> [2006/02/16 13:05:28, 0] lib/smbldap.c:smb_ldap_setup_conn(572)
>   ldap_initialize: Time limit exceeded
> [2006/02/16 13:05:28, 1] lib/smbldap.c:another_ldap_try(1051)
>   Connection to LDAP server failed for the 15 try!
> [2006/02/16 13:05:29, 0] lib/smbldap.c:smb_ldap_setup_conn(572)
>   ldap_initialize: Time limit exceeded
> [2006/02/16 13:05:29, 0] sam/idmap.c:idmap_init(138)
>   idmap_init: failed to initialize remote backend!
> [2006/02/16 13:05:29, 1] nsswitch/winbindd.c:main(1009)
>   Could not init idmap -- netlogon proxy only^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This means you have not correctly defined an idmap uid/gid
range.  Make sure that there are no spaces in between
the lower and upper id number ni the range.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+dkTIR7qMdg1EfYRAh+uAJ40f9pIhZYgX8ONIe7kdwZoDlXKWACg1M0l
KkyJfiWuDgEyFfRW5y+XZJI=UyPB
-----END PGP SIGNATURE-----

Jeremy Koski

2006-Feb-20 15:36 UTC

head link

[Samba] How to prevent password changes?

Is there a way to prevent a user from changing their password?

Possibly Parallel Threads

Search for more reasonably related threads

samba - Feb 2006 - Winbindd Error : Could not init idmap -- netlogon proxy only

[Samba] Winbindd Error : Could not init idmap -- netlogon proxy only

[Samba] Winbindd Error : Could not init idmap -- netlogon proxy only

[Samba] How to prevent password changes?

Possibly Parallel Threads