[Samba] Trouble with idmap_ldap in 3.3.6

Daniel Barowy samba at ettinsmoor.net
Fri Jul 10 22:03:43 MDT 2009

Hello everyone,

   We've been running Samba for years, and with the exception of IDMAP, 
we've been very happy.  Well, now we have a real need to keep this 
information in a shared DB, so I'm trying to set up the idmap_ldap plugin.

   I *think* I have lookups working correctly-- at least, I can see that 
Samba is contacting the LDAP directory.  But since there's nothing 
actually *in* my directory yet, I can't be sure.

   But the real issue is that I'm having trouble getting LDAP to work as an 
allocating backend.  I'm getting some ugly stuff like this:

[2009/07/10 23:37:51,  0] winbindd/idmap.c:smb_register_idmap_alloc(201)
   idmap_alloc module tdb already registered!
[2009/07/10 23:37:51,  0] winbindd/idmap.c:smb_register_idmap(149)
   Idmap module passdb already registered!
[2009/07/10 23:37:51,  0] winbindd/idmap.c:smb_register_idmap(149)
   Idmap module nss already registered!
[2009/07/10 23:37:51,  0] winbindd/idmap.c:idmap_alloc_init(589)
   ERROR: Initialization failed for alloc backend, deferred!
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(40)
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(41)
   INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6)
   Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(43)

   From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/07/10 23:38:12,  0] lib/fault.c:fault_report(44)
[2009/07/10 23:38:12,  0] lib/util.c:smb_panic(1673)
   PANIC (pid 14920): internal error
[2009/07/10 23:38:12,  0] lib/util.c:log_stack_trace(1777)
   BACKTRACE: 21 stack frames:
    #0 winbindd(log_stack_trace+0x2d) [0x3581f9]
    #1 winbindd(smb_panic+0x8e) [0x35804b]
    #2 winbindd [0x341960]
    #3 winbindd [0x341971]
    #4 /lib/tls/libc.so.6 [0x74e918]
    #5 winbindd [0x62c779]
    #6 winbindd(run_events+0xdf) [0x36b645]
    #7 winbindd [0x2b8c6d]
    #8 winbindd [0x2b5eb7]
    #9 winbindd(async_request+0x20f) [0x2b5881]
    #10 winbindd(do_async+0x13c) [0x2b9301]
    #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e]
    #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7]
    #13 winbindd [0x2819b8]
    #14 winbindd [0x28251a]
    #15 winbindd [0x282368]
    #16 winbindd [0x281ce7]
    #17 winbindd [0x282c13]
    #18 winbindd(main+0xb68) [0x283a96]
    #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3]
    #20 winbindd [0x280f31]
[2009/07/10 23:38:12,  0] lib/fault.c:dump_core(231)
   dumping core in /var/log/samba/cores/winbindd

   It's entirely possible that I'm just not configuring this properly. 
I've been looking at this document 
for guidance, because to be honest, it's not clear which revision of 
idmap_ldap the manpage actually refers to.

   Anyway, the global section of my smb.conf follows, edited slightly. 
Can someone help me out?  Oh, and I should mention-- I did set the alloc 
secret using 'net idmap secret alloc'.  That part seems to go OK.  (BTW-- 
some of these options have accreted over the years-- some of them may no 
longer be necessary, or even helpful-- please let me know if anything 
sticks out at you)

         interfaces = eth0
         netbios name = FOZZIE-NEW
         socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
         realm = BOSTON.EXAMPLE.NET
         security = ADS
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         idmap backend = ldap:ldap://localhost/
         idmap alloc backend = ldap
         idmap alloc config : ldap_url = ldap://localhost/
         idmap alloc config : ldap_user_dn = cn=Manager,dc=boston,dc=example,dc=net
         idmap alloc config : ldap_base_dn = ou=Idmap,dc=boston,dc=example,dc=net
         ldap idmap suffix = ou=Idmap,dc=boston,dc=example,dc=net
         ldap admin dn = cn=Manager,dc=boston,dc=example,dc=net
         ldap suffix = dc=boston,dc=example,dc=net
         ldap ssl = off
         winbind enum users = no
         winbind enum groups = no
         workgroup = BOSTON
         os level = 20
         password server = bosdc01.boston.example.net
         preferred master = no
         winbind separator = +
         max log size = 50
         log file = /var/log/samba/log.%m
         encrypt passwords = yes
         dns proxy = no
         wins server =
         wins proxy = no
         smb ports = 139
         load printers = no
         printable = no
         printcap name = /dev/null
         # For broken MacOSX client
         max disk size = 1048576
         # make sure mode bits are always set correctly
         create mask = 770
         directory mask = 770
         # change default server identification string
         server string = ""
         # for sshd
         template shell = /bin/bash
         client use spnego = yes
         unix extensions = no

I set up my LDAP with the following LDF:

dn: dc=boston,dc=example,dc=net
objectclass: dcObject
objectclass: organization
o: BSM Boston
dc: boston
description: Posix and Samba LDAP Identity Database

dn: cn=Manager,dc=boston,dc=example,dc=net
objectclass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=Idmap,dc=boston,dc=example,dc=net
objectClass: organizationalUnit
ou: idmap

   If anyone has any ideas, I would be very grateful.  I seem to be having 
a hard time coming up with working examples using LDAP as an allocating 
backend for 3.3 on the web.


More information about the samba mailing list