Jon Theil Nielsen
2012-Apr-14 17:13 UTC
[Samba] Configuration of idmap_ldap "No backend defined"
Hi list,
I can't make idmap talk to my LDAP server. And I haven't found an
updated
howto.
Some entries from log.windbindd-imap:
[2012/04/13 20:05:40.500475, 5] winbindd/idmap.c:153(smb_register_idmap)
Successfully added idmap backend 'ldap'
[2012/04/13 20:05:40.501112, 5] winbindd/idmap.c:153(smb_register_idmap)
Successfully added idmap backend 'tdb'
[2012/04/13 20:05:40.501318, 5] winbindd/idmap.c:153(smb_register_idmap)
Successfully added idmap backend 'passdb'
[2012/04/13 20:05:40.501516, 5] winbindd/idmap.c:153(smb_register_idmap)
Successfully added idmap backend 'nss'
[2012/04/13 20:05:40.540035, 2] lib/smbldap.c:1018(smbldap_open_connection)
smbldap_open_connection: connection opened
[2012/04/13 20:05:40.550305, 2]
passdb/pdb_ldap.c:2427(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 515
[2012/04/13 20:05:40.592075, 1]
winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config MYDOMAIN
[2012/04/13 20:06:23.606655, 2]
passdb/pdb_ldap.c:2427(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 548
[2012/04/13 20:06:23.629123, 2]
passdb/pdb_ldap.c:2427(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1006
[2012/04/13 20:06:23.632141, 1]
winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config MYDOMAIN
[2012/04/13 20:06:23.637118, 2]
passdb/pdb_ldap.c:2427(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1005
[2012/04/13 20:06:23.640003, 1]
winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config MYDOMAIN
[2012/04/13 20:06:23.653837, 1]
winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config MYDOMAIN
[2012/04/13 20:06:33.287504, 1]
winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config MYDOMAIN
[2012/04/13 20:06:33.287723, 1]
winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config BUILTIN
[2012/04/13 20:06:38.048645, 1]
winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config MYDOMAIN
Part of my smb.conf:
[global]
ldap admin dn = cn=Manager,dc=example,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=example,dc=com
ldap user suffix = ou=People
ldap debug level = 1
idmap config *:backend = ldap
idmap config *:readonly = no
idmap config *:range = 1000-1999999
idmap config *:ldap_url=ldap://localhost
idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com
idmap config MYDOMAIN:backend = ldap
idmap config MYDOMAIN:readonly = no
idmap config MYDOMAIN:range = 1000-1999999
idmap config MYDOMAIN:ldap_url=ldap://localhost
idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com
idmap config MYDOMAIN:ldap_user_dn = cn=admin,ou=Idmap,dc=example,dc=com
I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems to
work otherwise. At least, I can do user authentication this way.
Of course, I can provide much more information from the logs and the
configuration files. I just don't know where to start. And any help would
be much appreciated.
Best regards,
Jon Theil Nielsen
Christian Rost
2012-Apr-14 18:14 UTC
[Samba] Configuration of idmap_ldap "No backend defined"
Hi, please check your ldap configuration in your smb.conf file. At first verify that your base-dn is really "dc=example,dc=com". Than remove "cn=Manager" from each option that contains "base_dn". As usual, make sure that your LDAP server is set up correctly and that everthing works fine. Than you can connect samba to your LDAP. Cheers, Christian Jon Theil Nielsen <jontheil at gmail.com> schrieb:>Hi list, > >I can't make idmap talk to my LDAP server. And I haven't found an >updated >howto. > >Some entries from log.windbindd-imap: >[2012/04/13 20:05:40.500475, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'ldap' >[2012/04/13 20:05:40.501112, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'tdb' >[2012/04/13 20:05:40.501318, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'passdb' >[2012/04/13 20:05:40.501516, 5] >winbindd/idmap.c:153(smb_register_idmap) > Successfully added idmap backend 'nss' >[2012/04/13 20:05:40.540035, 2] >lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2012/04/13 20:05:40.550305, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 515 >[2012/04/13 20:05:40.592075, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:23.606655, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 548 >[2012/04/13 20:06:23.629123, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1006 >[2012/04/13 20:06:23.632141, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:23.637118, 2] >passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1005 >[2012/04/13 20:06:23.640003, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:23.653837, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:33.287504, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN >[2012/04/13 20:06:33.287723, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config BUILTIN >[2012/04/13 20:06:38.048645, 1] >winbindd/idmap.c:288(idmap_init_named_domain) > no backend defined for idmap config MYDOMAIN > >Part of my smb.conf: >[global] > ldap admin dn = cn=Manager,dc=example,dc=com > ldap delete dn = Yes > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = yes > ldap suffix = dc=example,dc=com > ldap user suffix = ou=People > ldap debug level = 1 > idmap config *:backend = ldap > idmap config *:readonly = no > idmap config *:range = 1000-1999999 > idmap config *:ldap_url=ldap://localhost > idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com > idmap config MYDOMAIN:backend = ldap > idmap config MYDOMAIN:readonly = no > idmap config MYDOMAIN:range = 1000-1999999 > idmap config MYDOMAIN:ldap_url=ldap://localhost > idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com >idmap config MYDOMAIN:ldap_user_dn >cn=admin,ou=Idmap,dc=example,dc=com > >I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems >to >work otherwise. At least, I can do user authentication this way. > >Of course, I can provide much more information from the logs and the >configuration files. I just don't know where to start. And any help >would >be much appreciated. > >Best regards, >Jon Theil Nielsen >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba-- Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstra?e 45 44534 L?nen Fon: +49 2306 910 658 Fax: +48 2306 910 664 URL: www.rocon-it.de
Jon Theil Nielsen
2012-Apr-14 18:36 UTC
[Samba] Configuration of idmap_ldap "No backend defined"
Hi and thanks, The base dn is not as shown. Might be some kind of paranoia... I changed the smb.conf as suggested. Did not change any other file. Now my log shows: [2012/04/14 20:29:36.891125, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/14 20:29:36.901600, 0] winbindd/idmap_ldap.c:192(verify_idpool) Multiple entries returned from (objectclass=sambaUnixIdPool) (base =dc=example,dc=com) [2012/04/14 20:29:36.901919, 1] winbindd/idmap_ldap.c:516(idmap_ldap_db_init) idmap_ldap_db_init: failed to verify ID pool (NT_STATUS_UNSUCCESSFUL) [2012/04/14 20:29:36.903646, 5] winbindd/idmap_ldap.c:421(idmap_ldap_close_destructor) The connection to the LDAP server was closed [2012/04/14 20:29:36.904039, 1] winbindd/idmap.c:249(idmap_init_domain) idmap initialization returned NT_STATUS_UNSUCCESSFUL Regards, Jon On 14 April 2012 20:14, Christian Rost <christian.rost at rocon-it.de> wrote:> Hi, > > please check your ldap configuration in your smb.conf file. At first > verify that your base-dn is really "dc=example,dc=com". Than remove > "cn=Manager" from each option that contains "base_dn". > > As usual, make sure that your LDAP server is set up correctly and that > everthing works fine. Than you can connect samba to your LDAP. > > Cheers, > > Christian > > Jon Theil Nielsen <jontheil at gmail.com> schrieb: > > >Hi list, > > > >I can't make idmap talk to my LDAP server. And I haven't found an > >updated > >howto. > > > >Some entries from log.windbindd-imap: > >[2012/04/13 20:05:40.500475, 5] > >winbindd/idmap.c:153(smb_register_idmap) > > Successfully added idmap backend 'ldap' > >[2012/04/13 20:05:40.501112, 5] > >winbindd/idmap.c:153(smb_register_idmap) > > Successfully added idmap backend 'tdb' > >[2012/04/13 20:05:40.501318, 5] > >winbindd/idmap.c:153(smb_register_idmap) > > Successfully added idmap backend 'passdb' > >[2012/04/13 20:05:40.501516, 5] > >winbindd/idmap.c:153(smb_register_idmap) > > Successfully added idmap backend 'nss' > >[2012/04/13 20:05:40.540035, 2] > >lib/smbldap.c:1018(smbldap_open_connection) > > smbldap_open_connection: connection opened > >[2012/04/13 20:05:40.550305, 2] > >passdb/pdb_ldap.c:2427(init_group_from_ldap) > > init_group_from_ldap: Entry found for group: 515 > >[2012/04/13 20:05:40.592075, 1] > >winbindd/idmap.c:288(idmap_init_named_domain) > > no backend defined for idmap config MYDOMAIN > >[2012/04/13 20:06:23.606655, 2] > >passdb/pdb_ldap.c:2427(init_group_from_ldap) > > init_group_from_ldap: Entry found for group: 548 > >[2012/04/13 20:06:23.629123, 2] > >passdb/pdb_ldap.c:2427(init_group_from_ldap) > > init_group_from_ldap: Entry found for group: 1006 > >[2012/04/13 20:06:23.632141, 1] > >winbindd/idmap.c:288(idmap_init_named_domain) > > no backend defined for idmap config MYDOMAIN > >[2012/04/13 20:06:23.637118, 2] > >passdb/pdb_ldap.c:2427(init_group_from_ldap) > > init_group_from_ldap: Entry found for group: 1005 > >[2012/04/13 20:06:23.640003, 1] > >winbindd/idmap.c:288(idmap_init_named_domain) > > no backend defined for idmap config MYDOMAIN > >[2012/04/13 20:06:23.653837, 1] > >winbindd/idmap.c:288(idmap_init_named_domain) > > no backend defined for idmap config MYDOMAIN > >[2012/04/13 20:06:33.287504, 1] > >winbindd/idmap.c:288(idmap_init_named_domain) > > no backend defined for idmap config MYDOMAIN > >[2012/04/13 20:06:33.287723, 1] > >winbindd/idmap.c:288(idmap_init_named_domain) > > no backend defined for idmap config BUILTIN > >[2012/04/13 20:06:38.048645, 1] > >winbindd/idmap.c:288(idmap_init_named_domain) > > no backend defined for idmap config MYDOMAIN > > > >Part of my smb.conf: > >[global] > > ldap admin dn = cn=Manager,dc=example,dc=com > > ldap delete dn = Yes > > ldap group suffix = ou=Groups > > ldap idmap suffix = ou=Idmap > > ldap machine suffix = ou=Computers > > ldap passwd sync = yes > > ldap suffix = dc=example,dc=com > > ldap user suffix = ou=People > > ldap debug level = 1 > > idmap config *:backend = ldap > > idmap config *:readonly = no > > idmap config *:range = 1000-1999999 > > idmap config *:ldap_url=ldap://localhost > > idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com > > idmap config MYDOMAIN:backend = ldap > > idmap config MYDOMAIN:readonly = no > > idmap config MYDOMAIN:range = 1000-1999999 > > idmap config MYDOMAIN:ldap_url=ldap://localhost > > idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com > >idmap config MYDOMAIN:ldap_user_dn > >cn=admin,ou=Idmap,dc=example,dc=com > > > >I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems > >to > >work otherwise. At least, I can do user authentication this way. > > > >Of course, I can provide much more information from the logs and the > >configuration files. I just don't know where to start. And any help > >would > >be much appreciated. > > > >Best regards, > >Jon Theil Nielsen > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > -- > Dipl.-Ing. Christian Rost > roCon - Informationstechnologie > Ulmenstra?e 45 > 44534 L?nen > > > Fon: +49 2306 910 658 > Fax: +48 2306 910 664 > URL: www.rocon-it.de >