[Samba] IDMAP usage

Fabricio Adorno fabricio at dr.ufu.br
Thu Jun 26 11:36:11 GMT 2003 

Hi Bartlett,


I'm using ldap for Samba accounts and the schemas from examples/LDAP too. I 
have already configured my idmap backend as you can se below. My ldap server 
is working fine for users authentication. When I use "smbpasswd -a someuser" 
it also works fine against ldap. But when I try to do "net group add 
Administrators -U someUserInLDAP" and supply the password, I get the exit 
error code -1. Here you are what I have gotten with debug level = 2

----------------------------------------------------------------------------------------------
fabricio:/usr/local/samba # bin/net group add Administradores -U administrador
[2003/06/26 08:01:29, 2] lib/interface.c:add_interface(79)
  added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0
[2003/06/26 08:01:29, 2] lib/interface.c:add_interface(79)
  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Password:
[2003/06/26 08:01:31, 1] libsmb/cliconnect.c:cli_full_connection(1262)
  failed negprot
[2003/06/26 08:01:31, 1] utils/net.c:connect_to_ipc(148)
  Cannot connect to server.  Error was NT_STATUS_UNSUCCESSFUL
[2003/06/26 08:01:31, 2] utils/net.c:main(685)
  return code = -1
--------------------------------------------------------------------------------------------

And something strange. I have gotten this from smbd log:

[2003/06/26 08:01:31, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(3391)
  Enabling non-unix account ranges
[2003/06/26 08:01:31, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/06/26 08:01:31, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 7305 (3.0.0beta1)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/06/26 08:01:31, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/06/26 08:01:31, 0] lib/util.c:smb_panic(1462)
  PANIC: internal error
[2003/06/26 08:01:31, 0] lib/util.c:smb_panic(1469)
  BACKTRACE: 8 stack frames:
   #0 /usr/local/samba/sbin/smbd(smb_panic+0x5d) [0x81955ad]
   #1 /usr/local/samba/sbin/smbd [0x818500f]
   #2 /lib/libc.so.6 [0x400e73a8]
   #3 /usr/local/samba/sbin/smbd(safe_strcpy_fn+0x44) [0x818db94]
   #4 /usr/local/samba/sbin/smbd(idmap_init+0x13e) [0x81e329e]
   #5 /usr/local/samba/sbin/smbd(main+0x339) [0x81ebd09]
   #6 /lib/libc.so.6(__libc_start_main+0xc7) [0x400d3857]
   #7 /usr/local/samba/sbin/smbd(ldap_msgfree+0x89) [0x8072381]



Here my smb.conf file.
[global]
	...

	# User and Machine Backends
        passdb backend = ldapsam:ldap://127.0.0.1, guest

        # LDAP Options
        ldap suffix = dc=ufu,dc=br
        ldap machine suffix = dc=dr,ou=computadores
        ldap user suffix = ou=usuarios
        ldap group suffix = dc=dr,ou=grupos
        ldap idmap suffix = dc=dr,ou=idMapping
        ldap admin dn = cn=manager,dc=ufu,dc=br
        ldap ssl = no
        ldap port = 389
        ldap passwd sync = yes

        # User and Group Mapping
        idmap backend = ldap:ldap://127.0.0.1
        idmap only = yes
        idmap uid = 1000-1500
        idmap gid = 1000-1500
	
	...

I hope you can help me and these informations can help you fix any problem (if 
it exists).
Thanks.

-- 
Fabrício de Paula Adorno
Divisão de Redes - NUPRO
Universidade Federal de Uberlândia (UFU)


On Wednesday 25 June 2003 21:32, you wrote:
> On Wed, 2003-06-25 at 21:28, Fabricio Adorno wrote:
> > Hi, all
> >
> >
> > I have a ldap server where I have defined all of my linux users and
> > groups. I'd like to store the SID<->(UID,GID) mapping there too using
> > idmap, but I don't know how to configure a directory entry to handle
> > idmap storage. I couldn't find how to do it in Samba-Howto-Collection
> > (6th June 2003) and the man pages seems to be incomplete. If someone have
> > done it, I'll be glad to have some help.
>
> Samba 3.0 is designed to do this quite nicely - the schema file is in
> examples/LDAP/samba.schema.
>
> You configure it by saying:
>
> idmap backend = ldap:ldap://my.ldap.server
>
> Are you using ldap for Samba accounts too, or just for IDMAP?
>
> If you are using it for IDMAP/unix only, then things are not as
> 'pleasant' as they should be in how it's stored - it's on my todo list
> to fix.
>
> Andrew Bartlett

More information about the samba mailing list