Hello everyone, We've been running Samba for years, and with the exception of IDMAP, we've been very happy. Well, now we have a real need to keep this information in a shared DB, so I'm trying to set up the idmap_ldap plugin. I *think* I have lookups working correctly-- at least, I can see that Samba is contacting the LDAP directory. But since there's nothing actually *in* my directory yet, I can't be sure. But the real issue is that I'm having trouble getting LDAP to work as an allocating backend. I'm getting some ugly stuff like this: [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) idmap_alloc module tdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module passdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module nss already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589) ERROR: Initialization failed for alloc backend, deferred! [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40) ==============================================================[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44) ==============================================================[2009/07/10 23:38:12, 0] lib/util.c:smb_panic(1673) PANIC (pid 14920): internal error [2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777) BACKTRACE: 21 stack frames: #0 winbindd(log_stack_trace+0x2d) [0x3581f9] #1 winbindd(smb_panic+0x8e) [0x35804b] #2 winbindd [0x341960] #3 winbindd [0x341971] #4 /lib/tls/libc.so.6 [0x74e918] #5 winbindd [0x62c779] #6 winbindd(run_events+0xdf) [0x36b645] #7 winbindd [0x2b8c6d] #8 winbindd [0x2b5eb7] #9 winbindd(async_request+0x20f) [0x2b5881] #10 winbindd(do_async+0x13c) [0x2b9301] #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e] #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7] #13 winbindd [0x2819b8] #14 winbindd [0x28251a] #15 winbindd [0x282368] #16 winbindd [0x281ce7] #17 winbindd [0x282c13] #18 winbindd(main+0xb68) [0x283a96] #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3] #20 winbindd [0x280f31] [2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231) dumping core in /var/log/samba/cores/winbindd It's entirely possible that I'm just not configuring this properly. I've been looking at this document (http://samba.org/~obnox/presentations/sambaXP-2009/sambaxp-2009-talk-obnox-slides-paper.pdf) for guidance, because to be honest, it's not clear which revision of idmap_ldap the manpage actually refers to. Anyway, the global section of my smb.conf follows, edited slightly. Can someone help me out? Oh, and I should mention-- I did set the alloc secret using 'net idmap secret alloc'. That part seems to go OK. (BTW-- some of these options have accreted over the years-- some of them may no longer be necessary, or even helpful-- please let me know if anything sticks out at you) [global] interfaces = eth0 netbios name = FOZZIE-NEW socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 realm = BOSTON.EXAMPLE.NET security = ADS idmap uid = 10000-20000 idmap gid = 10000-20000 idmap backend = ldap:ldap://localhost/ idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://localhost/ idmap alloc config : ldap_user_dn = cn=Manager,dc=boston,dc=example,dc=net idmap alloc config : ldap_base_dn = ou=Idmap,dc=boston,dc=example,dc=net ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net ldap suffix = dc=boston,dc=example,dc=net ldap ssl = off winbind enum users = no winbind enum groups = no workgroup = BOSTON os level = 20 password server = bosdc01.boston.example.net preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba/log.%m encrypt passwords = yes dns proxy = no wins server = 192.168.0.252 wins proxy = no smb ports = 139 load printers = no printable = no printcap name = /dev/null # For broken MacOSX client max disk size = 1048576 # make sure mode bits are always set correctly create mask = 770 directory mask = 770 # change default server identification string server string = "" # for sshd template shell = /bin/bash client use spnego = yes unix extensions = no I set up my LDAP with the following LDF: dn: dc=boston,dc=example,dc=net objectclass: dcObject objectclass: organization o: BSM Boston dc: boston description: Posix and Samba LDAP Identity Database dn: cn=Manager,dc=boston,dc=example,dc=net objectclass: organizationalRole cn: Manager description: Directory Manager dn: ou=Idmap,dc=boston,dc=example,dc=net objectClass: organizationalUnit ou: idmap If anyone has any ideas, I would be very grateful. I seem to be having a hard time coming up with working examples using LDAP as an allocating backend for 3.3 on the web. Thanks, Dan
Dan, I'm not getting a core dump like you are...however I do see a bunch of those nasty messages: [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) idmap_alloc module tdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module passdb already registered! Would love to know if these need to be worried about or if they are normal. I'm running Samba 3.4.0 on CentOS 5.3 x86_64. I could never get the below config parameters to actually effect anything so I gave up. I posted a couple of days ago on that topic. For now I think you are better off commenting this section out as I did. ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net ldap suffix = dc=boston,dc=example,dc=net ...note that typically a core dump means you've got something more than just mis-configuration going on..in my experience; but am not knowledgeable enough you to comment further. Regards, Theo -----Original Message----- From: Daniel Barowy [mailto:samba@ettinsmoor.net] Sent: Friday, July 10, 2009 9:04 PM To: samba@lists.samba.org Subject: [Samba] Trouble with idmap_ldap in 3.3.6 Hello everyone, We've been running Samba for years, and with the exception of IDMAP, we've been very happy. Well, now we have a real need to keep this information in a shared DB, so I'm trying to set up the idmap_ldap plugin. I *think* I have lookups working correctly-- at least, I can see that Samba is contacting the LDAP directory. But since there's nothing actually *in* my directory yet, I can't be sure. But the real issue is that I'm having trouble getting LDAP to work as an allocating backend. I'm getting some ugly stuff like this: [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) idmap_alloc module tdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module passdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module nss already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589) ERROR: Initialization failed for alloc backend, deferred! [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40) ==============================================================[2009/07/10 23:38:12, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44) ==============================================================[2009/07/10 23:38:12, 0] lib/util.c:smb_panic(1673) PANIC (pid 14920): internal error [2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777) BACKTRACE: 21 stack frames: #0 winbindd(log_stack_trace+0x2d) [0x3581f9] #1 winbindd(smb_panic+0x8e) [0x35804b] #2 winbindd [0x341960] #3 winbindd [0x341971] #4 /lib/tls/libc.so.6 [0x74e918] #5 winbindd [0x62c779] #6 winbindd(run_events+0xdf) [0x36b645] #7 winbindd [0x2b8c6d] #8 winbindd [0x2b5eb7] #9 winbindd(async_request+0x20f) [0x2b5881] #10 winbindd(do_async+0x13c) [0x2b9301] #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e] #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7] #13 winbindd [0x2819b8] #14 winbindd [0x28251a] #15 winbindd [0x282368] #16 winbindd [0x281ce7] #17 winbindd [0x282c13] #18 winbindd(main+0xb68) [0x283a96] #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3] #20 winbindd [0x280f31] [2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231) dumping core in /var/log/samba/cores/winbindd It's entirely possible that I'm just not configuring this properly. I've been looking at this document (http://samba.org/~obnox/presentations/sambaXP-2009/sambaxp-2009-talk-obnox- slides-paper.pdf) for guidance, because to be honest, it's not clear which revision of idmap_ldap the manpage actually refers to. Anyway, the global section of my smb.conf follows, edited slightly. Can someone help me out? Oh, and I should mention-- I did set the alloc secret using 'net idmap secret alloc'. That part seems to go OK. (BTW-- some of these options have accreted over the years-- some of them may no longer be necessary, or even helpful-- please let me know if anything sticks out at you) [global] interfaces = eth0 netbios name = FOZZIE-NEW socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 realm = BOSTON.EXAMPLE.NET security = ADS idmap uid = 10000-20000 idmap gid = 10000-20000 idmap backend = ldap:ldap://localhost/ idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://localhost/ idmap alloc config : ldap_user_dn cn=Manager,dc=boston,dc=example,dc=net idmap alloc config : ldap_base_dn ou=Idmap,dc=boston,dc=example,dc=net ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net ldap suffix = dc=boston,dc=example,dc=net ldap ssl = off winbind enum users = no winbind enum groups = no workgroup = BOSTON os level = 20 password server = bosdc01.boston.example.net preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba/log.%m encrypt passwords = yes dns proxy = no wins server = 192.168.0.252 wins proxy = no smb ports = 139 load printers = no printable = no printcap name = /dev/null # For broken MacOSX client max disk size = 1048576 # make sure mode bits are always set correctly create mask = 770 directory mask = 770 # change default server identification string server string = "" # for sshd template shell = /bin/bash client use spnego = yes unix extensions = no I set up my LDAP with the following LDF: dn: dc=boston,dc=example,dc=net objectclass: dcObject objectclass: organization o: BSM Boston dc: boston description: Posix and Samba LDAP Identity Database dn: cn=Manager,dc=boston,dc=example,dc=net objectclass: organizationalRole cn: Manager description: Directory Manager dn: ou=Idmap,dc=boston,dc=example,dc=net objectClass: organizationalUnit ou: idmap If anyone has any ideas, I would be very grateful. I seem to be having a hard time coming up with working examples using LDAP as an allocating backend for 3.3 on the web. Thanks, Dan
On Sat, Jul 11, 2009 at 12:03:43AM -0400, Daniel Barowy wrote:> Hello everyone, > > We've been running Samba for years, and with the exception of IDMAP, > we've been very happy. Well, now we have a real need to keep this > information in a shared DB, so I'm trying to set up the idmap_ldap > plugin. > > I *think* I have lookups working correctly-- at least, I can see that > Samba is contacting the LDAP directory. But since there's nothing > actually *in* my directory yet, I can't be sure. > > But the real issue is that I'm having trouble getting LDAP to work as > an allocating backend. I'm getting some ugly stuff like this: > > [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) > idmap_alloc module tdb already registered! > [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) > Idmap module passdb already registered! > [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) > Idmap module nss already registered! > [2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589) > ERROR: Initialization failed for alloc backend, deferred! > [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40) > ==============================================================> [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6) > Please read the Trouble-Shooting section of the Samba3-HOWTO > [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44) > ==============================================================> [2009/07/10 23:38:12, 0] lib/util.c:smb_panic(1673) > PANIC (pid 14920): internal error > [2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777) > BACKTRACE: 21 stack frames: > #0 winbindd(log_stack_trace+0x2d) [0x3581f9] > #1 winbindd(smb_panic+0x8e) [0x35804b] > #2 winbindd [0x341960] > #3 winbindd [0x341971] > #4 /lib/tls/libc.so.6 [0x74e918] > #5 winbindd [0x62c779] > #6 winbindd(run_events+0xdf) [0x36b645] > #7 winbindd [0x2b8c6d] > #8 winbindd [0x2b5eb7] > #9 winbindd(async_request+0x20f) [0x2b5881] > #10 winbindd(do_async+0x13c) [0x2b9301] > #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e] > #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7] > #13 winbindd [0x2819b8] > #14 winbindd [0x28251a] > #15 winbindd [0x282368] > #16 winbindd [0x281ce7] > #17 winbindd [0x282c13] > #18 winbindd(main+0xb68) [0x283a96] > #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3] > #20 winbindd [0x280f31] > [2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231) > dumping core in /var/log/samba/cores/winbindd > > It's entirely possible that I'm just not configuring this properly.No, it should never crash. Can you load the debug symbols and get a stack backtrace from gdb so we can fix this please ? Thanks, Jeremy.