[Samba] idmap LDAP backend

Ted Kaczmarek tedkaz at optonline.net
Tue Mar 22 04:14:38 GMT 2005


On Mon, 2005-03-21 at 11:30 -0800, Theodore Jencks wrote:
> Figure this out a little further:
> 
> I had the following in my smb.conf:
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> idmap backend = ldap:ldap://localhost
> ldap admin dn = cn=manager,dc=navis,dc=net
> ldap suffix = "ou=smb,dc=navis,dc=net"
> ldap idmap suffix = "ou=idmap"
> 
> I took the quotes off and now Winbind seems to connect to LDAP fine:
> ldap suffix = ou=smb,dc=navis,dc=net
> ldap idmap suffix = ou=idmap
> 
> 
> I'm now getting this when I start Winbind in the Winbind log:
> [2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59)
>   Opening cache file at /var/lock/samba/gencache.tdb
> [2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58)
>   namecache_enable: enabling netbios namecache, timeout 660 seconds
> [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'ldap'
> [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'tdb'
> [2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132)
>   idmap_init: using 'ldap' as remote backend
> [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038)
>   smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter =>
> [(objectclass=sambaUnixIdPool)], scope => [2]
> [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949)
>   The connection to the LDAP server was closed
> [2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866)
>   ldap_connect_system: succesful connection to the LDAP server
>   ldap_connect_system: LDAP server does support paged results
> [2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929)
>   The LDAP server is succesfully connected
> [2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
>   Registered MSG_REQ_POOL_USAGE
> [2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
>   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2005/03/21 11:16:26, 2]
> nsswitch/winbindd_util.c:add_trusted_domain(175)
>   Added domain HQ HQ.NAVIS.NET S-0-0
> [2005/03/21 11:16:26, 4]
> passdb/secrets.c:secrets_fetch_trust_account_password(290)
>   Using cleartext machine password
> 
> 
> However I still think there is a problem because getent passwd only
> returns local usernames.  When I'm not using the ldap idmap backend
> getent passwd runs as expected giving both local and domain usernames.
> 
> Any help appreciated,
> Theo
> 
> 
> -----Original Message-----
> From: samba-bounces+tjencks=navis.com at lists.samba.org
> [mailto:samba-bounces+tjencks=navis.com at lists.samba.org] On Behalf Of
> Theodore Jencks
> Sent: Monday, March 21, 2005 9:52 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] idmap LDAP backend
> 
> Ok, I made the change however the LDAP backend for idmap is still not
> working.  I set Winbind to debugging level 5 and get the following in
> the logs:
> 
> [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
>   added interface ip=192.168.192.112 bcast=192.168.195.255
> nmask=255.255.252.0
> [2005/03/21 09:45:05, 5] lib/util.c:init_names(256)
>   Netbios name list:-
>   my_netbios_names[0]="THEO"
> [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
>   added interface ip=192.168.192.112 bcast=192.168.195.255
> nmask=255.255.252.0
> [2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59)
>   Opening cache file at /var/lock/samba/gencache.tdb
> [2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58)
>   namecache_enable: enabling netbios namecache, timeout 660 seconds
> [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'ldap'
> [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'tdb'
> [2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132)
>   idmap_init: using 'ldap' as remote backend
> [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038)
>   smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter
> => [(objectclass=sambaUnixIdPool)], scope => [2]
> [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949)
>   The connection to the LDAP server was closed
> [2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866)
>   ldap_connect_system: succesful connection to the LDAP server
>   ldap_connect_system: LDAP server does support paged results
> [2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929)
>   The LDAP server is succesfully connected
> [2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138)
>   idmap_init: failed to initialize remote backend!
> 
> 
> Looks like it tries to get what are called paged results and then it
> fails to initialize remote backend.  I'm not quite sure what is going on
> here and any further guidance would be greatly appreciated.
> 
> Thanks in advance,
> Theo
> 
> -----Original Message-----
> From: Gerald (Jerry) Carter [mailto:jerry at samba.org] 
> Sent: Friday, March 18, 2005 7:18 AM
> To: Theodore Jencks
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] idmap LDAP backend
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Theodore Jencks wrote:
> 
> | ldap idmap suffix = "ou=idmap,ou=smb,dc=navis,dc=net"
> | ldap suffix = "ou=smb,dc=navis,dc=net"
> 
> 
> change this to
> 
> 	ldap suffix = "ou=smb,dc=navis,dc=net"
> 	ldap idmap suffix = "ou=idmap"
> 
> 
> 
> cheers, jerry
Seeing something similar myself.
  ldap_initialize: Time limit exceeded
[2005/03/21 23:08:34, 1] lib/smbldap.c:another_ldap_try(990)
  Connection to LDAP server failed for the 2 try!
[2005/03/21 23:08:35, 0] lib/smbldap.c:smbldap_open_connection(599)
  ldap_initialize: Time limit exceeded
[2005/03/21 23:08:35, 1] lib/smbldap.c:another_ldap_try(990)
  Connection to LDAP server failed for the 3 try!
[2005/03/21 23:08:36, 0] lib/smbldap.c:smbldap_open_connection(599)
  ldap_initialize: Time limit exceeded
[2005/03/21 23:08:36, 1] lib/smbldap.c:another_ldap_try(990)
  Connection to LDAP server failed for the 4 try!
[2005/03/21 23:08:37, 0] lib/smbldap.c:smbldap_open_connection(599)
  ldap_initialize: Time limit exceeded
[2005/03/21 23:08:37, 1] lib/smbldap.c:another_ldap_try(990)
  Connection to LDAP server failed for the 5 try!
[2005/03/21 23:08:38, 0] lib/smbldap.c:smbldap_open_connection(599)
  ldap_initialize: Time limit exceeded
[2005/03/21 23:08:38, 1] lib/smbldap.c:another_ldap_try(990)
  Connection to LDAP server failed for the 6 try!

All other aspects of the ldap server appear to be working.
I am testing with Centos 4.

samba-3.0.10-1.4E
smbldap-tools-0.8.7-2.2.el4.rf
openldap-2.2.13-2

Could be a pilot error in my case, as I am doing a OX/Ldap/Samba
integration and still getting my feet wet, still have quite a few things
I need to recheck.

Ted



More information about the samba mailing list