Michael Heydon
2007-Jan-30 04:46 UTC
[Samba] winbindd + smbd errors trying to run in proxy only mode
Hi, I am trying to set up squid to authenticate using the ntlm module. In order to do this I am trying to get winbindd to run in proxy only mode. I am running Samba 2.0.23c. I have no references to idmap or winbind in my smb.conf. I was of the impression this should cause winbindd to start in proxy only mode. Starting winbindd results in: Jan 30 12:04:33 FS1 winbindd[15332]: [2007/01/30 12:04:33, 0] nsswitch/winbindd_util.c:winbindd_param_init(787) Jan 30 12:04:33 FS1 winbindd[15332]: winbindd: idmap uid range missing or invalid Jan 30 12:04:33 FS1 winbindd[15332]: [2007/01/30 12:04:33, 0] nsswitch/winbindd_util.c:winbindd_param_init(788) Jan 30 12:04:33 FS1 winbindd[15332]: winbindd: cannot continue, exiting. Despite the errors winbindd does start. (Two winbindd processes are visible in the output of ps ax even if windbindd is started with -Y which I believe is acceptable for a proxy only daemon). After winbindd has started I start getting the following errors: Jan 30 12:04:56 FS1 smbd[14761]: [2007/01/30 12:04:56, 0] auth/auth_util.c:create_builtin_users(751) Jan 30 12:04:56 FS1 smbd[14761]: create_builtin_users: Failed to create Users Jan 30 12:05:00 FS1 smbd[14773]: [2007/01/30 12:05:00, 0] auth/auth_util.c:create_builtin_users(751) Jan 30 12:05:00 FS1 smbd[14773]: create_builtin_users: Failed to create Users Jan 30 12:05:41 FS1 smbd[14653]: [2007/01/30 12:05:41, 0] auth/auth_util.c:create_builtin_users(751) Jan 30 12:05:41 FS1 smbd[14653]: create_builtin_users: Failed to create Users Jan 30 12:05:48 FS1 smbd[15116]: [2007/01/30 12:05:48, 0] auth/auth_util.c:create_builtin_users(751) Jan 30 12:05:48 FS1 smbd[15116]: create_builtin_users: Failed to create Users The pids listed appear to be preexisting connections (from before winbindd was started). Users is the OU that the user accounts are stored in. http://lists.samba.org/archive/samba/2006-September/125552.html says the error is normal and will be fixed in the next version. What I would like to know is, does the "Failed to create Users" error imply that winbindd is trying to make changes rather than just running as a proxy? If so, what else do I have to do to put it in proxy mode? if not, does 3.0.23d fix this problem (I can't spot anything obvious in the changelogs)? Regards, Michael Heydon
Michael Coburn
2007-Jan-30 21:53 UTC
[Samba] winbindd + smbd errors trying to run in proxy only mode
Did you configure winbind within smb.conf? Here is an example that works at our location: ---- winbind separator = / winbind cache time = 10 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes obey pam restrictions = no winbind nested groups = yes ---- It appears you are missing the "idmap" entries. -- Michael Coburn Enterprise Systems Administrator Jupiterimages Michael Heydon said the following on 01/29/2007 10:45 PM:> Hi, > > I am trying to set up squid to authenticate using the ntlm module. In > order to do this I am trying to get winbindd to run in proxy only > mode. I am running Samba 2.0.23c. I have no references to idmap or > winbind in my smb.conf. I was of the impression this should cause > winbindd to start in proxy only mode. > > Starting winbindd results in: > > Jan 30 12:04:33 FS1 winbindd[15332]: [2007/01/30 12:04:33, 0] > nsswitch/winbindd_util.c:winbindd_param_init(787) > Jan 30 12:04:33 FS1 winbindd[15332]: winbindd: idmap uid range > missing or invalid > Jan 30 12:04:33 FS1 winbindd[15332]: [2007/01/30 12:04:33, 0] > nsswitch/winbindd_util.c:winbindd_param_init(788) > Jan 30 12:04:33 FS1 winbindd[15332]: winbindd: cannot continue, > exiting. > > Despite the errors winbindd does start. (Two winbindd processes are > visible in the output of ps ax even if windbindd is started with -Y > which I believe is acceptable for a proxy only daemon). > > After winbindd has started I start getting the following errors: > > Jan 30 12:04:56 FS1 smbd[14761]: [2007/01/30 12:04:56, 0] > auth/auth_util.c:create_builtin_users(751) > Jan 30 12:04:56 FS1 smbd[14761]: create_builtin_users: Failed to > create Users > Jan 30 12:05:00 FS1 smbd[14773]: [2007/01/30 12:05:00, 0] > auth/auth_util.c:create_builtin_users(751) > Jan 30 12:05:00 FS1 smbd[14773]: create_builtin_users: Failed to > create Users > Jan 30 12:05:41 FS1 smbd[14653]: [2007/01/30 12:05:41, 0] > auth/auth_util.c:create_builtin_users(751) > Jan 30 12:05:41 FS1 smbd[14653]: create_builtin_users: Failed to > create Users > Jan 30 12:05:48 FS1 smbd[15116]: [2007/01/30 12:05:48, 0] > auth/auth_util.c:create_builtin_users(751) > Jan 30 12:05:48 FS1 smbd[15116]: create_builtin_users: Failed to > create Users > > The pids listed appear to be preexisting connections (from before > winbindd was started). Users is the OU that the user accounts are > stored in. > http://lists.samba.org/archive/samba/2006-September/125552.html says > the error is normal and will be fixed in the next version. > > What I would like to know is, does the "Failed to create Users" error > imply that winbindd is trying to make changes rather than just running > as a proxy? If so, what else do I have to do to put it in proxy mode? > if not, does 3.0.23d fix this problem (I can't spot anything obvious > in the changelogs)? > > Regards, > > Michael Heydon >