[Samba] Possible problem w/ 'idmap restore' under 3.0.25rc3
(the sequel)
simo
idra at samba.org
Fri May 11 12:17:32 GMT 2007
On Thu, 2007-05-10 at 01:54 -0500, Don Meyer wrote:
> At 04:40 PM 5/9/2007, simo wrote:
> >On Fri, 2007-05-04 at 19:14 -0500, Don Meyer wrote:
> > > At 06:00 PM 5/4/2007, simo wrote:
> > > >Sorry for the problem, this slipped through during recent patches to fix
> > > >the sid checking layer violation and the idmap offline code.
> > >
> > > No problem.
> > >
> > > I may have another for you, however. This patch enables me to
> > > successfully restore when using a tdb backend. However, when using
> > > idmap_ldap, it seems that winbind is opening a connection to the ldap
> > > server and not closing it for many updates/queries.
> > >
> > > When I try 'net idmap restore' when using idmap_ldap, the command
> > > will plug away until the ldap server starts complaining "accept(8)
> > > failed errno=24 (Too many open files)". netstat -aln shows around
> > > 1000 open connections from winbind on another system. (The one
> > with 3.0.25rc3+)
> >
> >Found the problem, see patch for revision 22771.
> >Another one-liner :/
> >
> >Thanks again for testing rc3 out.
>
>
> Simo, you are going to think I'm picking on you, but I think we may
> have yet another problem...
No, if there are problem, better to know.
> The 22771 patch does fix winbindd's abuse of the ldap server -- when
> I start winbind, it opens two sessions to the ldap server. When I
> subsequently try the 'net idmap restore' command to restore several
> thousand SID-UID/GID mappings, all the transactions flow one of
> those TCP sessions. However, the command throws a huge list of
> errors (thousands) that we've seen before IIRC, and we thought you
> had fixed with patch 22677:
[..]
> Afterward, testing the UID mappings that should have been established
> (by 'getent passwd {username}' results in allocation of a new number.
I need to know what error you get, I have no errors in storing the IDs,
They get created in ldap for me.
Maybe you can get to the real error the server returns?
> My first thought was that perhaps I missed the original patch for
> this problem, so I reset the smb.conf back from ldap to tdb mode,
> cleaned out /var/lib/samba/ and restarted the smb & winbind service,
> then issued the same 'net idmap restore' command -- which finished
> without a single error, and successfully initialized all the
> users/groups to their correct UID/GID.
>
> So, the previous patch fixes TDB mode, but that particular problem
> appears to still exist under LDAP mode.
>
> If there is any additional info you need (or tests to run) to help
> diagnose this problem, I'd be glad to try to get it for you.
Need to know why the ldap server refuses to create the entries.
I can't repro this.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba
mailing list