[Samba] [Help] Samba Panic with Samba 3.0Beta3, LDAP

Michael Gasch gasch at eva.mpg.de
Wed Sep 3 12:20:49 GMT 2003 

hi

i'm using samba 3.0.0 Beta 3 with LDAPv3 and --with-ldapsam
users (unix+samba) are authenticated against ldap (nsswitch)

since Beta3 we have to use winbindd, to map UID/GID correctly to RID v.v.

IDMAP's are stored in LDAP (no .tdb-file)

starting winbind give's me the following error

************ winbindd ************

#~ winbindd -FS

-- snip --

winbindd version 3.0.0beta1 started.
set_server_role: role = ROLE_DOMAIN_PDC
added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Netbios name list:-
my_netbios_names[0]="LINUX"
added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Opening cache file at /var/lib/samba/locks/gencache.tdb
namecache_enable: enabling netbios namecache, timeout 660 seconds
Successfully added idmap backend 'winbind'
Successfully added idmap backend 'ldap'
Successfully added idmap backend 'tdb'
===============================================================
INTERNAL ERROR: Signal 11 in pid 21347 (3.0.0beta1)
Please read the appendix Bugs of the Samba HOWTO collection
===============================================================
smb_panic: clobber_region() last called from [idmap_init(123)]
PANIC: internal error
BACKTRACE: 9 stack frames:
  #0 winbindd(smb_panic+0x229) [0x80bd4e7]
  #1 winbindd [0x80a93c1]
  #2 winbindd [0x80a9419]
  #3 /lib/libc.so.6 [0x402365c8]
  #4 winbindd(safe_strcpy_fn+0xa2) [0x80b3d68]
  #5 winbindd(idmap_init+0x1ee) [0x81585ec]
  #6 winbindd(main+0x346) [0x806cf3f]
  #7 /lib/libc.so.6(__libc_start_main+0xce) [0x402228ae]
  #8 winbindd(chroot+0x31) [0x806b621]

Aborted

-- snip --


Is it a primary/known bug?
using pdbedit ID's are insert in ldap
if i use

idmap backend = ldap instead of
idmap backend = ldap:ldap://localhost/

i get no errors with winbindd but timeouts with ldap-server
it finds no dn (dn= (null)), although it's given in smb.conf !!!!!!!!!

-- snip --


winbindd version 3.0.0beta1 started.
Copyright The Samba Team 2000-2003
INFO: Current debug levels:
   all: True/10
   tdb: False/0
   printdrivers: False/0
   lanman: False/0
   smb: False/0
   rpc_parse: False/0
   rpc_srv: False/0
   rpc_cli: False/0
   passdb: False/0
   sam: False/0
   auth: False/0
   winbind: False/0
   vfs: False/0
   idmap: False/0
doing parameter passdb backend = ldapsam:ldap://localhost:389
doing parameter ldap suffix = dc=eva,dc=mpg,dc=de
doing parameter ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de
doing parameter ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
doing parameter ldap machine suffix = ou=machines
doing parameter ldap user suffix = ou=users
doing parameter idmap backend = ldap
doing parameter ldap idmap suffix = ou=idmap,dc=eva,dc=mpg,dc=de
doing parameter idmap uid = 1000-5000
doing parameter idmap gid = 1000-5000
doing parameter interfaces = eth0 lo
doing parameter bind interfaces only = yes
doing parameter load printers = yes
doing parameter log file = /var/lib/samba/log.%m
doing parameter max log size = 50
doing parameter security = user
doing parameter encrypt passwords = yes
doing parameter socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
doing parameter local master = yes
doing parameter os level = 33
doing parameter domain master = yes
doing parameter domain logons = yes
doing parameter wins support = yes
doing parameter dns proxy = no
Processing section "[foedisch]"
doing parameter comment = Home Directories
doing parameter browseable = yes
doing parameter writable = yes
doing parameter path = /home/foedisch
Processing section "[printers]"
doing parameter comment = All Printers
doing parameter path = /usr/spool/samba
doing parameter browseable = no
doing parameter guest ok = no
doing parameter writable = no
doing parameter printable = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
adding IPC service
adding IPC service
set_server_role: role = ROLE_DOMAIN_PDC
added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Netbios name list:-
my_netbios_names[0]="LINUX"
added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Opening cache file at /var/lib/samba/locks/gencache.tdb
namecache_enable: enabling netbios namecache, timeout 660 seconds
Successfully added idmap backend 'winbind'
Successfully added idmap backend 'ldap'
Successfully added idmap backend 'tdb'
idmap_init: using 'ldap' as remote backend
ldap_idmap_open_connection:
ldap_idmap_open_connection: connection opened
ldap_idmap_connect_system: Binding to ldap server  as 
"cn=manager,dc=eva,dc=mpg,dc=de"
failed to bind to server with dn= (null) Error: Can't contact LDAP server
	(null)
Connection to LDAP Server failed for the 1 try!

....

Connection to LDAP Server failed for the 8 try!
ldap_idmap_search: LDAP server is down!
The connection to the LDAP server was closed
ldap_idmap_open_connection: (null)
ldap_idmap_open_connection: connection opened
ldap_idmap_connect_system: Binding to ldap server (null) as 
"cn=manager,dc=eva,dc=mpg,dc=de"
ldap_idmap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
ldap_set_mapping: Failed to create mapping from 
S-1-5-21-1042031166-387543594-2118856591-501 to 65534 [uidNumber]
Trying to load: ldapsam:ldap://localhost:389
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match 
ldapsam:ldap://localhost:389 (ldapsam)
Found pdb backend ldapsam
Enabling non-unix account ranges
pdb backend ldapsam:ldap://localhost:389 has a valid init
ldapsam_open_connection: ldap://localhost:389
ldapsam_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost:389 as 
"cn=manager,dc=eva,dc=mpg,dc=de"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
ldapsam_setsampwent: 3 entries in the base!
Entry found for group: 500
get_single_attribute: [description] = [<does not exist>]
Entry found for group: 501
get_single_attribute: [description] = [<does not exist>]
Entry found for group: 0
get_single_attribute: [description] = [<does not exist>]
ldap_idmap_open: already connected to the LDAP server
ldap_set_mapping: Failed to create mapping from 
S-1-5-21-1042031166-387543594-2118856591-2001 to 500 [gidNumber]
ldap_idmap_open: already connected to the LDAP server
ldap_set_mapping: Failed to create mapping from 
S-1-5-21-1042031166-387543594-2118856591-2003 to 501 [gidNumber]
ldap_idmap_open: already connected to the LDAP server
ldap_set_mapping: Failed to create mapping from 
S-1-5-21-1042031166-387543594-2118856591-1001 to 0 [gidNumber]

-- EOF --


could somebody help me or give me hints?

thx very much

micha



************ smb.conf ************

-- snip --

[global]

    workgroup = testevan
    netbios name = linux

    server string = Samba Server

    log level = 10

    passdb backend = ldapsam:ldap://localhost:389

    ldap suffix = dc=eva,dc=mpg,dc=de
    ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de
    ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
    ldap machine suffix = ou=machines
    ldap user suffix  = ou=users

    idmap backend = ldap:ldap://localhost/
    ldap idmap suffix = ou=idmap,dc=eva,dc=mpg,dc=de

#  default=1000
#  algorithmic rid base = 1000

    idmap uid = 1000-5000
    idmap gid = 1000-5000

-- snip --


************ ldap-content ************

# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# eva.mpg.de
dn: dc=eva,dc=mpg,dc=de
objectClass: organization
o: MPIEVA

# users, eva.mpg.de
dn: ou=users,dc=eva,dc=mpg,dc=de
objectClass: organizationalUnit
ou: users

# idmap, eva.mpg.de
dn: ou=idmap,dc=eva,dc=mpg,dc=de
objectClass: organizationalUnit
ou: idmap

# users, users, eva.mpg.de
dn: cn=users,ou=users,dc=eva,dc=mpg,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 500
cn: users
sambaSID: S-1-5-21-1042031166-387543594-2118856591-2001
sambaGroupType: 2
displayName: Benutzer

# foedisch, users, eva.mpg.de
dn: cn=foedisch,ou=users,dc=eva,dc=mpg,dc=de
objectClass: person
objectClass: posixAccount
sn: foedisch
cn: foedisch
uid: foedisch
uidNumber: 502
gidNumber: 500
homeDirectory: /home/foedisch
loginShell: /bin/bash
userPassword:

# 65534, idmap, eva.mpg.de
dn: uidNumber=65534,ou=idmap,dc=eva,dc=mpg,dc=de
objectClass: sambaIdmapEntry
uidNumber: 65534
sambaSID: S-1-5-21-1042031166-387543594-2118856591-501

# 500, idmap, eva.mpg.de
dn: gidNumber=500,ou=idmap,dc=eva,dc=mpg,dc=de
objectClass: sambaIdmapEntry
gidNumber: 500
sambaSID: S-1-5-21-1042031166-387543594-2118856591-2001

# foedisch, users, eva.mpg.de
dn: uid=foedisch,ou=users,dc=eva,dc=mpg,dc=de
uid: foedisch
sambaSID: S-1-5-21-1042031166-387543594-2118856591-501
sambaPrimaryGroupSID: S-1-5-21-1042031166-387543594-2118856591-2001
displayName: foedisch
sambaPwdCanChange: 1062577426
sambaPwdMustChange: 1064391826
sambaLMPassword: 624AAC413795CDC1FF17365FAF1FFE89
sambaNTPassword: 3B1B47E42E0463276E3DED6CEF349F93
sambaPwdLastSet: 1062577426
sambaAcctFlags: [U          ]
objectClass: sambaSamAccount
objectClass: account

# machines, eva.mpg.de
dn: ou=machines,dc=eva,dc=mpg,dc=de
objectClass: organizationalUnit
ou: machines

# machines, machines, eva.mpg.de
dn: cn=machines,ou=machines,dc=eva,dc=mpg,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 501
cn: machines
sambaSID: S-1-5-21-1042031166-387543594-2118856591-2003
sambaGroupType: 2
displayName: machines

# winxp$, users, eva.mpg.de
dn: cn=winxp$,ou=users,dc=eva,dc=mpg,dc=de
objectClass: posixAccount
objectClass: person
cn: winxp$
uid: winxp$
sn: winxp$
uidNumber: 504
gidNumber: 501
homeDirectory: /
loginShell: /bin/false
userPassword:: e01ENX1GdGVrL0tkRUxkbzYyVHlhY21XWDVBPT0=

# 501, idmap, eva.mpg.de
dn: gidNumber=501,ou=idmap,dc=eva,dc=mpg,dc=de
objectClass: sambaIdmapEntry
gidNumber: 501
sambaSID: S-1-5-21-1042031166-387543594-2118856591-2003

# winxp$, machines, eva.mpg.de
dn: uid=winxp$,ou=machines,dc=eva,dc=mpg,dc=de
uid: winxp$
sambaSID: S-1-5-21-1042031166-387543594-2118856591-2008
sambaPrimaryGroupSID: S-1-5-21-1042031166-387543594-2118856591-515
displayName: winxp$
sambaPwdCanChange: 1062579763
sambaPwdMustChange: 1064394163
sambaLMPassword: 7C3EF25FA3779D64AAD3B435B51404EE
sambaNTPassword: 1A49257017CFEA65452A8927CE010BD3
sambaPwdLastSet: 1062579763
sambaAcctFlags: [W          ]
objectClass: sambaSamAccount
objectClass: account

# root_group, users, eva.mpg.de
dn: cn=root_group,ou=users,dc=eva,dc=mpg,dc=de
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 0
cn: root
sambaSID: S-1-5-21-1042031166-387543594-2118856591-1001
sambaGroupType: 2
displayName: Administratoren

# root, users, eva.mpg.de
dn: cn=root,ou=users,dc=eva,dc=mpg,dc=de
objectClass: posixAccount
objectClass: person
cn: root
uid: root
sn: root
uidNumber: 0
gidNumber: 0
homeDirectory: /
loginShell: /bin/bash
userPassword:: e01ENX1sVS8wS0pjK1laWm9zdFU2em5URm9BPT0=

# 0, idmap, eva.mpg.de
dn: gidNumber=0,ou=idmap,dc=eva,dc=mpg,dc=de
objectClass: sambaIdmapEntry
gidNumber: 0
sambaSID: S-1-5-21-1042031166-387543594-2118856591-1001

# root, users, eva.mpg.de
dn: uid=root,ou=users,dc=eva,dc=mpg,dc=de
uid: root
sambaSID: S-1-5-21-1042031166-387543594-2118856591-1000
sambaPrimaryGroupSID: S-1-5-21-1042031166-387543594-2118856591-1001
displayName: root
sambaPwdCanChange: 1062580385
sambaPwdMustChange: 1064394785
sambaLMPassword: 15CAAC75F60F56F99E1AE3CC3AC1887E
sambaNTPassword: B8C11A1F0254E63D654CBB0C28C3F1DF
sambaPwdLastSet: 1062580385
sambaAcctFlags: [U          ]
objectClass: sambaSamAccount
objectClass: account

# search result
search: 2
result: 0 Success

# numResponses: 18
# numEntries: 17


don't try to crack these pwd, they're just fake ;)
servers are in a vm-ware host-only network



-- 


          "Matrix - more than a vision"

**************************************************
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig

Germany
**************************************************

More information about the samba mailing list