[Samba] Winbind 3.0.25-pre2 problems with sid2uid

Anders.Strandberg at tietoenator.com Anders.Strandberg at tietoenator.com
Tue Apr 3 10:53:07 GMT 2007 

Hi,

I have tested winbind in samba-3.0.25-pre2 and encountered some problems. We have a working config with Linux samba-3.0.23d and W2k3 AD R2 rfc2307bis, but when I switch to 3.0.25 it stopped working. I am not quite familiar with the new configuration directives for idmap, but the old config did not work either with 3.0.25, so I tried to use the new ones.

Is there apparent errors in my config ?  

BR,
Anders




Error from log.winbindd-idmap:

Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
ads_sasl_spnego_bind: got server principal name = dc011$@my.domain.com
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or
directory)
ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit
kerberos_kinit_password: using [MEMORY:winbind_ccache] as ccache and config [(null)]
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Tue, 03 Apr 2007 22:22:31 CEST
ads_krb5_mk_req: Ticket (dc011$@my.domain.com) in ccache
(MEMORY:winbind_ccache) is valid until: (Tue, 03 Apr 2007 22:22:31 CEST
- 1175631751)
Got KRB5 session key of length 16
Domain my.domain.com - Backend ad - default - readonly Domain laptop003 - Backend passdb - not default - readonly Initializing idmap alloc module Opening tdbfile /var/spool/locks/winbindd_idmap.tdb
Cache entry with key =
IDMAP/SID/S-1-5-21-1417001333-308236825-725345543-11251 couldn't be found Query backends to map sids->ids SID S-1-5-21-1417001333-308236825-725345543-11251 is being handled by my.domain.com Query ids from domain my.domain.com Current tickets expire in 36000 seconds (at 1175631751, time is now
1175595751)
===============================================================
INTERNAL ERROR: Signal 11 in pid 12974 (3.0.25pre2) Please read the Trouble-Shooting section of the Samba3-HOWTO

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
===============================================================
PANIC (pid 12974): internal error
BACKTRACE: 24 stack frames:
 #0 /usr/local/samba/3.0.25/sbin/winbindd(log_stack_trace+0x2d) [0x800cca55]
 #1 /usr/local/samba/3.0.25/sbin/winbindd(smb_panic+0x86) [0x800cc8c3]
 #2 /usr/local/samba/3.0.25/sbin/winbindd [0x800b84ec]
 #3 /usr/local/samba/3.0.25/sbin/winbindd [0x800b84fd]
 #4 [0xffffe420]
 #5 /usr/local/samba/3.0.25/sbin/winbindd [0x801f6d3b]
 #6 /usr/local/samba/3.0.25/sbin/winbindd(idmap_sids_to_unixids+0x3c9)
[0x801f77a7]
 #7 /usr/local/samba/3.0.25/sbin/winbindd(idmap_sid_to_uid+0xa6) [0x801f9e0c]
 #8 /usr/local/samba/3.0.25/sbin/winbindd(winbindd_dual_sid2uid+0x123)
[0x8006ad0c]
 #9 /usr/local/samba/3.0.25/sbin/winbindd [0x800681d3]  #10 /usr/local/samba/3.0.25/sbin/winbindd [0x80069bf5]
 #11 /usr/local/samba/3.0.25/sbin/winbindd [0x80067da4]
 #12 /usr/local/samba/3.0.25/sbin/winbindd(async_request+0x17c) [0x80067945]
 #13 /usr/local/samba/3.0.25/sbin/winbindd [0x80069e71]
 #14 /usr/local/samba/3.0.25/sbin/winbindd(winbindd_sid2uid_async+0x83)
[0x8006abdf]
 #15 /usr/local/samba/3.0.25/sbin/winbindd [0x80041063]
 #16 /usr/local/samba/3.0.25/sbin/winbindd [0x8006dd3a]
 #17 /usr/local/samba/3.0.25/sbin/winbindd [0x80069d37]
 #18 /usr/local/samba/3.0.25/sbin/winbindd [0x80067d5e]
 #19 /usr/local/samba/3.0.25/sbin/winbindd [0x8003edec]  #20 /usr/local/samba/3.0.25/sbin/winbindd [0x8003fb55]
 #21 /usr/local/samba/3.0.25/sbin/winbindd(main+0x725) [0x800405e6]
 #22 /lib/libc.so.6(__libc_start_main+0xdc) [0xb7bfc87c]
 #23 /usr/local/samba/3.0.25/sbin/winbindd [0x8003e491] dumping core in /var/log/cores/winbindd Could not receive async reply Could not trigger sid2uid Could not query uid for user MY\testuser1


Config:

[global]
        workgroup = MY
        realm = my.domain.com
        security = ADS
        auth methods = winbind
        allow trusted domains = No
        password server = dc011.my.domain.com dc012.my.domain.com *
        name resolve order = host
        socket options = SO_RMYSEADDR TCP_NODELAY
        os level = 0
        preferred master = No
        socket address = 10.21.24.141
        idmap domains = my.domain.com
        idmap uid = 300-200000
        idmap gid = 15-200000
        template homedir = /home/%u
        winbind cache time = 600
        winbind use default domain = Yes
        winbind nss info = rfc2307
        winbind refresh tickets = Yes
        winbind offline logon = Yes
        idmap config my.domain.com:range = 300-200000
        idmap config my.domain.com:backend = ad
        idmap config my.domain.com:default = yes
        include = /env/samba/lib/smb.include.shares






 _________________________________________________________________________________
Anders Strandberg, TietoEnator Processing & Network AB
E-mail:   Anders.Strandberg at tietoenator.com		| Voice:  +46 920 452 037
Internet: http://www.tietoenator.com/			| Fax:    +46 920 452 906
Laboratoriegränd 11, Box 50006, S-973 21  Luleå, Sweden	| Mobile: +46 70 345 3285

More information about the samba mailing list