Hi,
I'm setting up a Samba AD member server on CentOS 6. Everything seems to
work, except that Windows users don't get automatically created in the
idmap backend (which is an LDAP tree, btw).
I do get the following errors in the winbind logging:
[2012/01/26 13:04:20.634990, 1]
winbindd/idmap_ldap.c:193(verify_idpool)
Unable to verify the idpool, cannot continue initialization!
[2012/01/26 13:04:20.635125, 0] winbindd/idmap.c:599(idmap_alloc_init)
ERROR: Initialization failed for alloc backend, deferred!
and a panic by winbind:
[2012/01/26 13:06:50.726749, 0] lib/fault.c:46(fault_report)
==============================================================[2012/01/26
13:06:50.726893, 0] lib/fault.c:47(fault_report)
INTERNAL ERROR: Signal 11 in pid 2730 (3.5.10-114.el6)
Please read the Trouble-Shooting section of the Samba3-HOWTO
[2012/01/26 13:06:50.726931, 0] lib/fault.c:49(fault_report)
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2012/01/26 13:06:50.726967, 0] lib/fault.c:50(fault_report)
==============================================================[2012/01/26
13:06:50.727005, 0] lib/util.c:1490(smb_panic)
PANIC (pid 2730): internal error
[2012/01/26 13:06:50.730324, 0] lib/util.c:1594(log_stack_trace)
BACKTRACE: 19 stack frames:
#0 winbindd(log_stack_trace+0x2e) [0x95a88e]
#1 winbindd(smb_panic+0x2e) [0x95a9ae]
#2 winbindd(+0x170f9f) [0x947f9f]
#3 [0x110400]
#4 /lib/libldap-2.4.so.2(ldap_unbind_ext+0x25) [0x186855]
#5 /lib/libldap-2.4.so.2(ldap_unbind+0x70) [0x1869a0]
#6 winbindd(+0x52d07f) [0xd0407f]
#7 winbindd(+0x52d325) [0xd04325]
#8 winbindd(run_events+0x110) [0x96c800]
#9 winbindd(+0xbffd8) [0x896fd8]
#10 winbindd(+0xc0f1d) [0x897f1d]
#11 winbindd(+0x198d08) [0x96fd08]
#12 winbindd(tevent_common_loop_immediate+0xe6) [0x96e4f6]
#13 winbindd(run_events+0x3e) [0x96c72e]
#14 winbindd(+0x195bc1) [0x96cbc1]
#15 winbindd(_tevent_loop_once+0x98) [0x96d2c8]
#16 winbindd(main+0xa9a) [0x86804a]
#17 /lib/libc.so.6(__libc_start_main+0xe6) [0xf9ace6]
#18 winbindd(+0x8e531) [0x865531]
[2012/01/26 13:06:50.731949, 0] lib/fault.c:326(dump_core)
dumping core in /var/log/samba/cores/winbindd
Here's my testparm output with <domain> replacing our internal
domainname:
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Profiles]"
Processing section "[<domain>]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = <domain>
realm = <domain>.LOCAL
server string = Samba Server Version %v
security = ADS
passdb backend = ldapsam:ldap://limara.mgt.<domain>.local
log file = /var/log/samba/log.%m
max log size = 50
ldap admin dn = cn=Manager,dc=<domain>,dc=local
ldap group suffix = ou=Group,dc=office
ldap idmap suffix = ou=People,ou=Domain Users,dc=office
ldap machine suffix = ou=Computers,dc=office
ldap suffix = dc=<domain>,dc=local
ldap ssl = no
idmap backend = ldap:ldap://limara.mgt.<domain>.local
idmap alloc backend = ldap
idmap uid = 10000-19999
idmap gid = 10000-19999
idmap alloc config : ldap_base_dn = dc=office,dc=<domain>,dc=local
idmap alloc config : ldap_url = ldap://limara.mgt.<domain>.local
ldapsam:editposix = yes
ldapsam:trusted = yes
cups options = raw
[homes]
comment = Home Directories
path = /srv/windows/users/%S
valid users = <domain>\%S
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[Profiles]
path = /srv/windows/profiles/
read only = No
guest ok = Yes
browseable = No
[<Domain>]
path = /srv/windows/shared/
read only = No
Searching on the errors on Google gives me only parts of the source
code, questions, and no answers.
For a sidenote: if I do create the user objects manually, the idmappings
get created without problems. I could run production with the server as
it is now, but I'd prefer to have the account creation/idmapping to go
automatically, as that saves me a lot of admin work.
