Hello everyone,
We've been running Samba for years, and with the exception of IDMAP,
we've been very happy. Well, now we have a real need to keep this
information in a shared DB, so I'm trying to set up the idmap_ldap plugin.
I *think* I have lookups working correctly-- at least, I can see that
Samba is contacting the LDAP directory. But since there's nothing
actually *in* my directory yet, I can't be sure.
But the real issue is that I'm having trouble getting LDAP to work as an
allocating backend. I'm getting some ugly stuff like this:
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201)
idmap_alloc module tdb already registered!
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149)
Idmap module passdb already registered!
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149)
Idmap module nss already registered!
[2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589)
ERROR: Initialization failed for alloc backend, deferred!
[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40)
==============================================================[2009/07/10
23:38:12, 0] lib/fault.c:fault_report(41)
INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6)
Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43)
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44)
==============================================================[2009/07/10
23:38:12, 0] lib/util.c:smb_panic(1673)
PANIC (pid 14920): internal error
[2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777)
BACKTRACE: 21 stack frames:
#0 winbindd(log_stack_trace+0x2d) [0x3581f9]
#1 winbindd(smb_panic+0x8e) [0x35804b]
#2 winbindd [0x341960]
#3 winbindd [0x341971]
#4 /lib/tls/libc.so.6 [0x74e918]
#5 winbindd [0x62c779]
#6 winbindd(run_events+0xdf) [0x36b645]
#7 winbindd [0x2b8c6d]
#8 winbindd [0x2b5eb7]
#9 winbindd(async_request+0x20f) [0x2b5881]
#10 winbindd(do_async+0x13c) [0x2b9301]
#11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e]
#12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7]
#13 winbindd [0x2819b8]
#14 winbindd [0x28251a]
#15 winbindd [0x282368]
#16 winbindd [0x281ce7]
#17 winbindd [0x282c13]
#18 winbindd(main+0xb68) [0x283a96]
#19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3]
#20 winbindd [0x280f31]
[2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231)
dumping core in /var/log/samba/cores/winbindd
It's entirely possible that I'm just not configuring this properly.
I've been looking at this document
(http://samba.org/~obnox/presentations/sambaXP-2009/sambaxp-2009-talk-obnox-slides-paper.pdf)
for guidance, because to be honest, it's not clear which revision of
idmap_ldap the manpage actually refers to.
Anyway, the global section of my smb.conf follows, edited slightly.
Can someone help me out? Oh, and I should mention-- I did set the alloc
secret using 'net idmap secret alloc'. That part seems to go OK.
(BTW--
some of these options have accreted over the years-- some of them may no
longer be necessary, or even helpful-- please let me know if anything
sticks out at you)
[global]
interfaces = eth0
netbios name = FOZZIE-NEW
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
realm = BOSTON.EXAMPLE.NET
security = ADS
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap backend = ldap:ldap://localhost/
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://localhost/
idmap alloc config : ldap_user_dn =
cn=Manager,dc=boston,dc=example,dc=net
idmap alloc config : ldap_base_dn =
ou=Idmap,dc=boston,dc=example,dc=net
ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net
ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net
ldap suffix = dc=boston,dc=example,dc=net
ldap ssl = off
winbind enum users = no
winbind enum groups = no
workgroup = BOSTON
os level = 20
password server = bosdc01.boston.example.net
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba/log.%m
encrypt passwords = yes
dns proxy = no
wins server = 192.168.0.252
wins proxy = no
smb ports = 139
load printers = no
printable = no
printcap name = /dev/null
# For broken MacOSX client
max disk size = 1048576
# make sure mode bits are always set correctly
create mask = 770
directory mask = 770
# change default server identification string
server string = ""
# for sshd
template shell = /bin/bash
client use spnego = yes
unix extensions = no
I set up my LDAP with the following LDF:
dn: dc=boston,dc=example,dc=net
objectclass: dcObject
objectclass: organization
o: BSM Boston
dc: boston
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=boston,dc=example,dc=net
objectclass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=boston,dc=example,dc=net
objectClass: organizationalUnit
ou: idmap
If anyone has any ideas, I would be very grateful. I seem to be having
a hard time coming up with working examples using LDAP as an allocating
backend for 3.3 on the web.
Thanks,
Dan
Dan,
I'm not getting a core dump like you are...however I do see a bunch of those
nasty messages:
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201)
idmap_alloc module tdb already registered!
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149)
Idmap module passdb already registered!
Would love to know if these need to be worried about or if they are normal.
I'm running Samba 3.4.0 on CentOS 5.3 x86_64.
I could never get the below config parameters to actually effect anything so
I gave up. I posted a couple of days ago on that topic. For now I think
you are better off commenting this section out as I did.
ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net
ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net
ldap suffix = dc=boston,dc=example,dc=net
...note that typically a core dump means you've got something more than just
mis-configuration going on..in my experience; but am not knowledgeable
enough you to comment further.
Regards,
Theo
-----Original Message-----
From: Daniel Barowy [mailto:samba@ettinsmoor.net]
Sent: Friday, July 10, 2009 9:04 PM
To: samba@lists.samba.org
Subject: [Samba] Trouble with idmap_ldap in 3.3.6
Hello everyone,
We've been running Samba for years, and with the exception of IDMAP,
we've been very happy. Well, now we have a real need to keep this
information in a shared DB, so I'm trying to set up the idmap_ldap plugin.
I *think* I have lookups working correctly-- at least, I can see that
Samba is contacting the LDAP directory. But since there's nothing
actually *in* my directory yet, I can't be sure.
But the real issue is that I'm having trouble getting LDAP to work as an
allocating backend. I'm getting some ugly stuff like this:
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201)
idmap_alloc module tdb already registered!
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149)
Idmap module passdb already registered!
[2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149)
Idmap module nss already registered!
[2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589)
ERROR: Initialization failed for alloc backend, deferred!
[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40)
==============================================================[2009/07/10
23:38:12, 0] lib/fault.c:fault_report(41)
INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6)
Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43)
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44)
==============================================================[2009/07/10
23:38:12, 0] lib/util.c:smb_panic(1673)
PANIC (pid 14920): internal error
[2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777)
BACKTRACE: 21 stack frames:
#0 winbindd(log_stack_trace+0x2d) [0x3581f9]
#1 winbindd(smb_panic+0x8e) [0x35804b]
#2 winbindd [0x341960]
#3 winbindd [0x341971]
#4 /lib/tls/libc.so.6 [0x74e918]
#5 winbindd [0x62c779]
#6 winbindd(run_events+0xdf) [0x36b645]
#7 winbindd [0x2b8c6d]
#8 winbindd [0x2b5eb7]
#9 winbindd(async_request+0x20f) [0x2b5881]
#10 winbindd(do_async+0x13c) [0x2b9301]
#11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e]
#12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7]
#13 winbindd [0x2819b8]
#14 winbindd [0x28251a]
#15 winbindd [0x282368]
#16 winbindd [0x281ce7]
#17 winbindd [0x282c13]
#18 winbindd(main+0xb68) [0x283a96]
#19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3]
#20 winbindd [0x280f31]
[2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231)
dumping core in /var/log/samba/cores/winbindd
It's entirely possible that I'm just not configuring this properly.
I've been looking at this document
(http://samba.org/~obnox/presentations/sambaXP-2009/sambaxp-2009-talk-obnox-
slides-paper.pdf)
for guidance, because to be honest, it's not clear which revision of
idmap_ldap the manpage actually refers to.
Anyway, the global section of my smb.conf follows, edited slightly.
Can someone help me out? Oh, and I should mention-- I did set the alloc
secret using 'net idmap secret alloc'. That part seems to go OK.
(BTW--
some of these options have accreted over the years-- some of them may no
longer be necessary, or even helpful-- please let me know if anything
sticks out at you)
[global]
interfaces = eth0
netbios name = FOZZIE-NEW
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
realm = BOSTON.EXAMPLE.NET
security = ADS
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap backend = ldap:ldap://localhost/
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://localhost/
idmap alloc config : ldap_user_dn
cn=Manager,dc=boston,dc=example,dc=net
idmap alloc config : ldap_base_dn ou=Idmap,dc=boston,dc=example,dc=net
ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net
ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net
ldap suffix = dc=boston,dc=example,dc=net
ldap ssl = off
winbind enum users = no
winbind enum groups = no
workgroup = BOSTON
os level = 20
password server = bosdc01.boston.example.net
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba/log.%m
encrypt passwords = yes
dns proxy = no
wins server = 192.168.0.252
wins proxy = no
smb ports = 139
load printers = no
printable = no
printcap name = /dev/null
# For broken MacOSX client
max disk size = 1048576
# make sure mode bits are always set correctly
create mask = 770
directory mask = 770
# change default server identification string
server string = ""
# for sshd
template shell = /bin/bash
client use spnego = yes
unix extensions = no
I set up my LDAP with the following LDF:
dn: dc=boston,dc=example,dc=net
objectclass: dcObject
objectclass: organization
o: BSM Boston
dc: boston
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=boston,dc=example,dc=net
objectclass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=boston,dc=example,dc=net
objectClass: organizationalUnit
ou: idmap
If anyone has any ideas, I would be very grateful. I seem to be having
a hard time coming up with working examples using LDAP as an allocating
backend for 3.3 on the web.
Thanks,
Dan
On Sat, Jul 11, 2009 at 12:03:43AM -0400, Daniel Barowy wrote:> Hello everyone, > > We've been running Samba for years, and with the exception of IDMAP, > we've been very happy. Well, now we have a real need to keep this > information in a shared DB, so I'm trying to set up the idmap_ldap > plugin. > > I *think* I have lookups working correctly-- at least, I can see that > Samba is contacting the LDAP directory. But since there's nothing > actually *in* my directory yet, I can't be sure. > > But the real issue is that I'm having trouble getting LDAP to work as > an allocating backend. I'm getting some ugly stuff like this: > > [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) > idmap_alloc module tdb already registered! > [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) > Idmap module passdb already registered! > [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) > Idmap module nss already registered! > [2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589) > ERROR: Initialization failed for alloc backend, deferred! > [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40) > ==============================================================> [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6) > Please read the Trouble-Shooting section of the Samba3-HOWTO > [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44) > ==============================================================> [2009/07/10 23:38:12, 0] lib/util.c:smb_panic(1673) > PANIC (pid 14920): internal error > [2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777) > BACKTRACE: 21 stack frames: > #0 winbindd(log_stack_trace+0x2d) [0x3581f9] > #1 winbindd(smb_panic+0x8e) [0x35804b] > #2 winbindd [0x341960] > #3 winbindd [0x341971] > #4 /lib/tls/libc.so.6 [0x74e918] > #5 winbindd [0x62c779] > #6 winbindd(run_events+0xdf) [0x36b645] > #7 winbindd [0x2b8c6d] > #8 winbindd [0x2b5eb7] > #9 winbindd(async_request+0x20f) [0x2b5881] > #10 winbindd(do_async+0x13c) [0x2b9301] > #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e] > #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7] > #13 winbindd [0x2819b8] > #14 winbindd [0x28251a] > #15 winbindd [0x282368] > #16 winbindd [0x281ce7] > #17 winbindd [0x282c13] > #18 winbindd(main+0xb68) [0x283a96] > #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3] > #20 winbindd [0x280f31] > [2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231) > dumping core in /var/log/samba/cores/winbindd > > It's entirely possible that I'm just not configuring this properly.No, it should never crash. Can you load the debug symbols and get a stack backtrace from gdb so we can fix this please ? Thanks, Jeremy.