[Samba] idmap uid allocation problem
Hugo Mallinson
hfm21 at cam.ac.uk
Sun Mar 8 14:08:15 GMT 2009
Hi, we've had a machine happily authenticating to an ADS domain for
about a year now, and it's recently stopped working (possibly due to
changes in the domain or a samba upgrade, unfortunately I'm not sure).
We're using an ldap idmap backend running on the local machine.
Now though, new domain users can't log in. Running "wbinfo -i newuser"
returns an error. However users can use wbinfo -a to authenticate, and
previously registered users can still log in fine. The problem seems
to be with the sid->uid mapping. I can manually add an LDAP entry for
the new user's sid and make up a uid and the login works as normal.
Specifically "wbinfo --allocate-uid" says it cannot allocate a uid.
Could someone please help?
smb.conf:
[global]
workgroup = IFM
interfaces = bond0 lo
bind interfaces only = yes
password server = mlpc-serv-dc1.eng.cam.ac.uk
realm = IFM.ENG.CAM.AC.UK
security = domain
winbind separator = +
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = true
wins server = 129.169.8.25
domain master = no
local master = no
preferred master = no
os level = 0
idmap domains = IFM
idmap config IFM:default = yes
idmap config IFM:backend = ldap
idmap config IFM:ldap_base_dn =
ou=Idmap,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
idmap config IFM:ldap_url = ldap://mlpc-autoid1.eng.cam.ac.uk/
idmap config IFM:range = 100000 - 1500000
idmap config IFM:ldap_user_dn =
cn=Manager,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn =
ou=Idmap,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
idmap alloc config:ldap_url = ldap://mlpc-
autoid1.eng.cam.ac.uk/
idmap alloc config:range = 100000 - 1500000
idmap alloc config:ldap_user_dn =
cn=Manager,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
winbind enum users = yes
winbind enum groups = yes
winbindd.log:
input: wbinfo -i newuser
output:
[2009/03/08 14:05:51, 6] winbindd/winbindd.c:new_connection(717)
accepted socket 20
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204670
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204581
[2009/03/08 14:05:51, 10] winbindd/winbindd.c:process_request(402)
process_request: request fn INTERFACE_VERSION
[2009/03/08 14:05:51, 3] winbindd/
winbindd_misc.c:winbindd_interface_version(757)
[ 4115]: request interface version
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204460
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204374
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204285
[2009/03/08 14:05:51, 10] winbindd/winbindd.c:process_request(402)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2009/03/08 14:05:51, 3] winbindd/
winbindd_misc.c:winbindd_priv_pipe_dir(790)
[ 4115]: request location of privileged pipe
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204140
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204095
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/204051
[2009/03/08 14:05:51, 6] winbindd/winbindd.c:new_connection(717)
accepted socket 21
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/203881
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/203801
[2009/03/08 14:05:51, 2] winbindd/winbindd.c:remove_client(761)
final write to client failed: Broken pipe
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/203672
[2009/03/08 14:05:51, 10] winbindd/winbindd.c:process_request(402)
process_request: request fn GETPWNAM
[2009/03/08 14:05:51, 3] winbindd/
winbindd_user.c:winbindd_getpwnam(373)
[ 4115]: getpwnam sk604
[2009/03/08 14:05:51, 10] winbindd/winbindd_dual.c:async_request(125)
Sending request to child pid 4091 (domain=IFM)
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/203497
[2009/03/08 14:05:51, 10] lib/events.c:event_add_timed(130)
Added timed event "async_request_timeout": b8dcee48
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/203411
[2009/03/08 14:05:51, 10] lib/events.c:timed_event_destructor(65)
Destroying timed event b8dcee48 "async_request_timeout"
[2009/03/08 14:05:51, 10] winbindd/
winbindd_cache.c:cache_retrieve_response(2468)
Retrieving response for pid 4091
[2009/03/08 14:05:51, 10] winbindd/winbindd_dual.c:async_request(125)
Sending request to child pid 4091 (domain=IFM)
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/202689
[2009/03/08 14:05:51, 10] lib/events.c:event_add_timed(130)
Added timed event "async_request_timeout": b8dcf970
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/202609
[2009/03/08 14:05:51, 10] lib/events.c:timed_event_destructor(65)
Destroying timed event b8dcf970 "async_request_timeout"
[2009/03/08 14:05:51, 10] winbindd/
winbindd_cache.c:cache_retrieve_response(2468)
Retrieving response for pid 4091
[2009/03/08 14:05:51, 10] winbindd/winbindd_dual.c:async_request(125)
Sending request to child pid 4093 (domain='')
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/201931
[2009/03/08 14:05:51, 10] lib/events.c:event_add_timed(130)
Added timed event "async_request_timeout": b8dd4800
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 104/201160
[2009/03/08 14:05:51, 10] lib/events.c:timed_event_destructor(65)
Destroying timed event b8dd4800 "async_request_timeout"
[2009/03/08 14:05:51, 10] winbindd/
winbindd_cache.c:cache_retrieve_response(2468)
Retrieving response for pid 4093
[2009/03/08 14:05:51, 5] winbindd/
winbindd_idmap.c:winbindd_sid2uid_recv(289)
sid2uid returned an error
[2009/03/08 14:05:51, 5] winbindd/
winbindd_user.c:getpwsid_sid2uid_recv(293)
Could not query uid for user IFM\sk604
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 103/661130
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 103/659990
[2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 103/659895
[2009/03/08 14:05:51, 2] winbindd/winbindd.c:remove_client(761)
final write to client failed: Broken pipe
input: wbinfo --allocate-uid
[2009/03/08 14:06:21, 6] winbindd/winbindd.c:new_connection(717)
accepted socket 20
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/929055
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928969
[2009/03/08 14:06:21, 10] winbindd/winbindd.c:process_request(402)
process_request: request fn INTERFACE_VERSION
[2009/03/08 14:06:21, 3] winbindd/
winbindd_misc.c:winbindd_interface_version(757)
[ 4116]: request interface version
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928836
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928791
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928715
[2009/03/08 14:06:21, 10] winbindd/winbindd.c:process_request(402)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2009/03/08 14:06:21, 3] winbindd/
winbindd_misc.c:winbindd_priv_pipe_dir(790)
[ 4116]: request location of privileged pipe
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928584
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928539
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928495
[2009/03/08 14:06:21, 6] winbindd/winbindd.c:new_connection(717)
accepted socket 21
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928325
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/928214
[2009/03/08 14:06:21, 2] winbindd/winbindd.c:remove_client(761)
final write to client failed: Broken pipe
[2009/03/08 14:06:21, 10] winbindd/winbindd.c:process_request(402)
process_request: request fn ALLOCATE_UID
[2009/03/08 14:06:21, 10] winbindd/winbindd_dual.c:async_request(125)
Sending request to child pid 4093 (domain='')
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/927997
[2009/03/08 14:06:21, 10] lib/events.c:event_add_timed(130)
Added timed event "async_request_timeout": b8dcf970
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/927895
[2009/03/08 14:06:21, 10] lib/events.c:timed_event_destructor(65)
Destroying timed event b8dcf970 "async_request_timeout"
[2009/03/08 14:06:21, 10] winbindd/
winbindd_cache.c:cache_retrieve_response(2468)
Retrieving response for pid 4093
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/927361
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/927311
[2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
timed_events_timeout: 73/926128
[2009/03/08 14:06:21, 2] winbindd/winbindd.c:remove_client(761)
final write to client failed: Broken pipe
More information about the samba
mailing list