[Samba] idmap uid allocation problem
Hugo Mallinson
hfm21 at cam.ac.uk
Sun Mar 8 14:31:34 GMT 2009
Sorry: Samba 3.2.8-0.26 running on Intel FC9.
On Mar 8, 2009, at 2:08 PM, Hugo Mallinson wrote:
> Hi, we've had a machine happily authenticating to an ADS domain for
> about a year now, and it's recently stopped working (possibly due to
> changes in the domain or a samba upgrade, unfortunately I'm not
> sure). We're using an ldap idmap backend running on the local machine.
>
> Now though, new domain users can't log in. Running "wbinfo -i
> newuser" returns an error. However users can use wbinfo -a to
> authenticate, and previously registered users can still log in fine.
> The problem seems to be with the sid->uid mapping. I can manually
> add an LDAP entry for the new user's sid and make up a uid and the
> login works as normal. Specifically "wbinfo --allocate-uid" says it
> cannot allocate a uid.
>
> Could someone please help?
>
> smb.conf:
>
> [global]
> workgroup = IFM
> interfaces = bond0 lo
> bind interfaces only = yes
> password server = mlpc-serv-dc1.eng.cam.ac.uk
> realm = IFM.ENG.CAM.AC.UK
> security = domain
> winbind separator = +
> template homedir = /home/%U
> template shell = /bin/bash
> winbind use default domain = true
> wins server = 129.169.8.25
> domain master = no
> local master = no
> preferred master = no
> os level = 0
>
> idmap domains = IFM
> idmap config IFM:default = yes
> idmap config IFM:backend = ldap
> idmap config IFM:ldap_base_dn =
> ou=Idmap,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
> idmap config IFM:ldap_url = ldap://mlpc-autoid1.eng.cam.ac.uk/
> idmap config IFM:range = 100000 - 1500000
> idmap config IFM:ldap_user_dn =
> cn=Manager,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
>
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn =
> ou=Idmap,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
> idmap alloc config:ldap_url = ldap://mlpc-
> autoid1.eng.cam.ac.uk/
> idmap alloc config:range = 100000 - 1500000
> idmap alloc config:ldap_user_dn =
> cn=Manager,dc=dial,dc=ifm,dc=eng,dc=cam,dc=ac,dc=uk
>
>
> winbind enum users = yes
> winbind enum groups = yes
>
>
> winbindd.log:
>
> input: wbinfo -i newuser
>
> output:
> [2009/03/08 14:05:51, 6] winbindd/winbindd.c:new_connection(717)
> accepted socket 20
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204670
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204581
> [2009/03/08 14:05:51, 10] winbindd/winbindd.c:process_request(402)
> process_request: request fn INTERFACE_VERSION
> [2009/03/08 14:05:51, 3] winbindd/
> winbindd_misc.c:winbindd_interface_version(757)
> [ 4115]: request interface version
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204460
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204374
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204285
> [2009/03/08 14:05:51, 10] winbindd/winbindd.c:process_request(402)
> process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2009/03/08 14:05:51, 3] winbindd/
> winbindd_misc.c:winbindd_priv_pipe_dir(790)
> [ 4115]: request location of privileged pipe
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204140
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204095
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/204051
> [2009/03/08 14:05:51, 6] winbindd/winbindd.c:new_connection(717)
> accepted socket 21
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/203881
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/203801
> [2009/03/08 14:05:51, 2] winbindd/winbindd.c:remove_client(761)
> final write to client failed: Broken pipe
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/203672
> [2009/03/08 14:05:51, 10] winbindd/winbindd.c:process_request(402)
> process_request: request fn GETPWNAM
> [2009/03/08 14:05:51, 3] winbindd/
> winbindd_user.c:winbindd_getpwnam(373)
> [ 4115]: getpwnam sk604
> [2009/03/08 14:05:51, 10] winbindd/winbindd_dual.c:async_request(125)
> Sending request to child pid 4091 (domain=IFM)
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/203497
> [2009/03/08 14:05:51, 10] lib/events.c:event_add_timed(130)
> Added timed event "async_request_timeout": b8dcee48
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/203411
> [2009/03/08 14:05:51, 10] lib/events.c:timed_event_destructor(65)
> Destroying timed event b8dcee48 "async_request_timeout"
> [2009/03/08 14:05:51, 10] winbindd/
> winbindd_cache.c:cache_retrieve_response(2468)
> Retrieving response for pid 4091
> [2009/03/08 14:05:51, 10] winbindd/winbindd_dual.c:async_request(125)
> Sending request to child pid 4091 (domain=IFM)
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/202689
> [2009/03/08 14:05:51, 10] lib/events.c:event_add_timed(130)
> Added timed event "async_request_timeout": b8dcf970
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/202609
> [2009/03/08 14:05:51, 10] lib/events.c:timed_event_destructor(65)
> Destroying timed event b8dcf970 "async_request_timeout"
> [2009/03/08 14:05:51, 10] winbindd/
> winbindd_cache.c:cache_retrieve_response(2468)
> Retrieving response for pid 4091
> [2009/03/08 14:05:51, 10] winbindd/winbindd_dual.c:async_request(125)
> Sending request to child pid 4093 (domain='')
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/201931
> [2009/03/08 14:05:51, 10] lib/events.c:event_add_timed(130)
> Added timed event "async_request_timeout": b8dd4800
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 104/201160
> [2009/03/08 14:05:51, 10] lib/events.c:timed_event_destructor(65)
> Destroying timed event b8dd4800 "async_request_timeout"
> [2009/03/08 14:05:51, 10] winbindd/
> winbindd_cache.c:cache_retrieve_response(2468)
> Retrieving response for pid 4093
> [2009/03/08 14:05:51, 5] winbindd/
> winbindd_idmap.c:winbindd_sid2uid_recv(289)
> sid2uid returned an error
> [2009/03/08 14:05:51, 5] winbindd/
> winbindd_user.c:getpwsid_sid2uid_recv(293)
> Could not query uid for user IFM\sk604
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 103/661130
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 103/659990
> [2009/03/08 14:05:51, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 103/659895
> [2009/03/08 14:05:51, 2] winbindd/winbindd.c:remove_client(761)
> final write to client failed: Broken pipe
>
>
>
>
> input: wbinfo --allocate-uid
>
> [2009/03/08 14:06:21, 6] winbindd/winbindd.c:new_connection(717)
> accepted socket 20
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/929055
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928969
> [2009/03/08 14:06:21, 10] winbindd/winbindd.c:process_request(402)
> process_request: request fn INTERFACE_VERSION
> [2009/03/08 14:06:21, 3] winbindd/
> winbindd_misc.c:winbindd_interface_version(757)
> [ 4116]: request interface version
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928836
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928791
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928715
> [2009/03/08 14:06:21, 10] winbindd/winbindd.c:process_request(402)
> process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2009/03/08 14:06:21, 3] winbindd/
> winbindd_misc.c:winbindd_priv_pipe_dir(790)
> [ 4116]: request location of privileged pipe
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928584
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928539
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928495
> [2009/03/08 14:06:21, 6] winbindd/winbindd.c:new_connection(717)
> accepted socket 21
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928325
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/928214
> [2009/03/08 14:06:21, 2] winbindd/winbindd.c:remove_client(761)
> final write to client failed: Broken pipe
> [2009/03/08 14:06:21, 10] winbindd/winbindd.c:process_request(402)
> process_request: request fn ALLOCATE_UID
> [2009/03/08 14:06:21, 10] winbindd/winbindd_dual.c:async_request(125)
> Sending request to child pid 4093 (domain='')
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/927997
> [2009/03/08 14:06:21, 10] lib/events.c:event_add_timed(130)
> Added timed event "async_request_timeout": b8dcf970
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/927895
> [2009/03/08 14:06:21, 10] lib/events.c:timed_event_destructor(65)
> Destroying timed event b8dcf970 "async_request_timeout"
> [2009/03/08 14:06:21, 10] winbindd/
> winbindd_cache.c:cache_retrieve_response(2468)
> Retrieving response for pid 4093
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/927361
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/927311
> [2009/03/08 14:06:21, 10] lib/events.c:get_timed_events_timeout(304)
> timed_events_timeout: 73/926128
> [2009/03/08 14:06:21, 2] winbindd/winbindd.c:remove_client(761)
> final write to client failed: Broken pipe
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list