[Samba] IDMAP usage
Fabricio Adorno
fabricio at dr.ufu.br
Thu Jun 26 11:36:11 GMT 2003
Hi Bartlett,
I'm using ldap for Samba accounts and the schemas from examples/LDAP too. I
have already configured my idmap backend as you can se below. My ldap server
is working fine for users authentication. When I use "smbpasswd -a someuser"
it also works fine against ldap. But when I try to do "net group add
Administrators -U someUserInLDAP" and supply the password, I get the exit
error code -1. Here you are what I have gotten with debug level = 2
----------------------------------------------------------------------------------------------
fabricio:/usr/local/samba # bin/net group add Administradores -U administrador
[2003/06/26 08:01:29, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0
[2003/06/26 08:01:29, 2] lib/interface.c:add_interface(79)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Password:
[2003/06/26 08:01:31, 1] libsmb/cliconnect.c:cli_full_connection(1262)
failed negprot
[2003/06/26 08:01:31, 1] utils/net.c:connect_to_ipc(148)
Cannot connect to server. Error was NT_STATUS_UNSUCCESSFUL
[2003/06/26 08:01:31, 2] utils/net.c:main(685)
return code = -1
--------------------------------------------------------------------------------------------
And something strange. I have gotten this from smbd log:
[2003/06/26 08:01:31, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(3391)
Enabling non-unix account ranges
[2003/06/26 08:01:31, 0] lib/fault.c:fault_report(36)
===============================================================
[2003/06/26 08:01:31, 0] lib/fault.c:fault_report(37)
INTERNAL ERROR: Signal 11 in pid 7305 (3.0.0beta1)
Please read the appendix Bugs of the Samba HOWTO collection
[2003/06/26 08:01:31, 0] lib/fault.c:fault_report(39)
===============================================================
[2003/06/26 08:01:31, 0] lib/util.c:smb_panic(1462)
PANIC: internal error
[2003/06/26 08:01:31, 0] lib/util.c:smb_panic(1469)
BACKTRACE: 8 stack frames:
#0 /usr/local/samba/sbin/smbd(smb_panic+0x5d) [0x81955ad]
#1 /usr/local/samba/sbin/smbd [0x818500f]
#2 /lib/libc.so.6 [0x400e73a8]
#3 /usr/local/samba/sbin/smbd(safe_strcpy_fn+0x44) [0x818db94]
#4 /usr/local/samba/sbin/smbd(idmap_init+0x13e) [0x81e329e]
#5 /usr/local/samba/sbin/smbd(main+0x339) [0x81ebd09]
#6 /lib/libc.so.6(__libc_start_main+0xc7) [0x400d3857]
#7 /usr/local/samba/sbin/smbd(ldap_msgfree+0x89) [0x8072381]
Here my smb.conf file.
[global]
...
# User and Machine Backends
passdb backend = ldapsam:ldap://127.0.0.1, guest
# LDAP Options
ldap suffix = dc=ufu,dc=br
ldap machine suffix = dc=dr,ou=computadores
ldap user suffix = ou=usuarios
ldap group suffix = dc=dr,ou=grupos
ldap idmap suffix = dc=dr,ou=idMapping
ldap admin dn = cn=manager,dc=ufu,dc=br
ldap ssl = no
ldap port = 389
ldap passwd sync = yes
# User and Group Mapping
idmap backend = ldap:ldap://127.0.0.1
idmap only = yes
idmap uid = 1000-1500
idmap gid = 1000-1500
...
I hope you can help me and these informations can help you fix any problem (if
it exists).
Thanks.
--
Fabrício de Paula Adorno
Divisão de Redes - NUPRO
Universidade Federal de Uberlândia (UFU)
On Wednesday 25 June 2003 21:32, you wrote:
> On Wed, 2003-06-25 at 21:28, Fabricio Adorno wrote:
> > Hi, all
> >
> >
> > I have a ldap server where I have defined all of my linux users and
> > groups. I'd like to store the SID<->(UID,GID) mapping there too using
> > idmap, but I don't know how to configure a directory entry to handle
> > idmap storage. I couldn't find how to do it in Samba-Howto-Collection
> > (6th June 2003) and the man pages seems to be incomplete. If someone have
> > done it, I'll be glad to have some help.
>
> Samba 3.0 is designed to do this quite nicely - the schema file is in
> examples/LDAP/samba.schema.
>
> You configure it by saying:
>
> idmap backend = ldap:ldap://my.ldap.server
>
> Are you using ldap for Samba accounts too, or just for IDMAP?
>
> If you are using it for IDMAP/unix only, then things are not as
> 'pleasant' as they should be in how it's stored - it's on my todo list
> to fix.
>
> Andrew Bartlett
More information about the samba
mailing list