[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

Rowland penny rpenny at samba.org
Mon Feb 29 10:34:14 UTC 2016 

On 29/02/16 10:04, Martin Juhl wrote:
> Hi
>
> This is samba-4.2.3-11.el7_2.x86_64 on CentOS...
>
> I'm trying to setup a Samba NT4 domain, with FreeIPA as a backend...
>
> Right now everything works.. except that I need a Domain Adminstrator...
>
> smbpasswd -a root, segfaults... probably because the user doesn't exist in FreeIPA
>
> If I create the root user in FreeIPA, it instead gives:
>
> [root at bart samba]# LANG=en smbpasswd -a root
> No builtin backend found, trying to load plugin
> Module 'ipasam' loaded
> smbldap_open_connection: connection opened
> ldap_connect_system: successful connection to the LDAP server
> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan
> New SMB password:
> Retype new SMB password:
> init_sam_from_ldap: Entry found for user: root
> ERROR: Got 0 entries for gid 0, expected at least one
> ERROR: Got 0 entries for gid 0, expected at least one
> Forcing Primary Group to 'Domain Users' for root
> Failed to modify entry for user root.
>
>
> I can't create a user with uid=0 or gid=0 in FreeIPA...
>
> I have also tried changing the administrator user:
>
> pdbedit -U S-1-5-21-3189138339-1730592290-4215248117-500 -u mj -r -d 7
>
> but it also fails:
>
> http://pastebin.com/8tpuD6Eg
>
>
> Config:
>
> [global]
>          bind interfaces only = yes
>          enable privileges = yes
>          workgroup = BOLLS
>          netbios name = BART
>          realm = BOLLS.LAN
>          kerberos method = dedicated keytab
>          dedicated keytab file = FILE:/etc/samba/samba.keytab
>          create krb5 conf = no
>          security = user
>          domain master = yes
>          domain logons = yes
>          log level = 3
>          max log size = 100000
>          log file = /var/log/samba/log.%m
>          passdb backend = ipasam:ldaps://lisa.bolls.lan
>          disable spoolss = yes
>          ldapsam:trusted = yes
>          ldap ssl = off
>          ldap suffix = dc=bolls,dc=lan
>          ldap user suffix = cn=users,cn=accounts
>          ldap group suffix = cn=groups,cn=accounts
>          ldap machine suffix = cn=computers,cn=accounts
>          rpc_server:epmapper = external
>          rpc_server:lsarpc = external
>          rpc_server:lsass = external
>          rpc_server:lsasd = external
>          rpc_server:samr = external
>          rpc_server:netlogon = external
>          rpc_server:tcpip = yes
>          rpc_daemon:epmd = fork
>          rpc_daemon:lsasd = fork
>          logon path = \\%L\Profiles\%U
>          logon drive = H:
>          logon home = \\%L\%U
>
> [homes]
>          comment = Home Directories
>          valid users = %S
>          read only = No
>          browseable = No
> [printers]
>          comment = All Printers
>          path = /var/spool/samba
>          printer admin = root, mj
>          create mask = 0600
>          guest ok = Yes
>          printable = Yes
>          browseable = No
> [print$]
>          comment = Printer Drivers Share
>          path = /var/lib/samba/drivers
>          write list = mj, root
>          printer admin = mj, root
> [netlogon]
>          comment = Network Logon Service
>          path = /var/lib/samba/netlogon
>          admin users = root, mj
>          guest ok = Yes
>          browseable = No
> # For profiles to work, create a user directory under the path
> # shown. i.e., mkdir -p /var/lib/samba/profiles/mj
>          [Profiles]
>          comment = Roaming Profile Share
>          path = /var/lib/samba/profiles
>          read only = No
>          profile acls = Yes
>
>
>
>
> ----- Original meddelelse -----
> Fra: "Rowland penny" <rpenny at samba.org>
> Til: "samba" <samba at lists.samba.org>
> Sendt: mandag, 29. februar 2016 10:14:09
> Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend
>
> On 29/02/16 09:06, Martin Juhl wrote:
>> Hi guys
>>
>>
>> When trying to set root's password, I get a segmentation fault:
>>
>> [root at bart ~]# smbpasswd -a root
>> No builtin backend found, trying to load plugin
>> Module 'ipasam' loaded
>> smbldap_open_connection: connection opened
>> ldap_connect_system: successful connection to the LDAP server
>> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan
>> New SMB password:
>> Retype new SMB password:
>> Segmentation fault
>>
>> What to do???
>>
>> Regards
>>
>> Martin
>>
> Hi, what version of Samba is this ?
> Also, how have you set up Samba ?
>
> Rowland
>
>

First thing is, you shouldn't have a user called 'root' in your domain, 
use a usermap to map 'Administrator' to 'root'

Can you try and create a new user with smbpasswd ?

I think you may be hitting the same problem that I have, smbpasswd will 
create the user, but then segfaults when trying to add the password.

Rowland

More information about the samba mailing list