[Samba] Problems with idmap_adex module

Gerald (Jerry) Carter jerry at samba.org
Thu Mar 26 15:59:53 GMT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Ross,

> I'm having problems getting the new idmap_adex module to work.

Sorry about that.

> When using the idmap_adex plugin I get the following:
> 
> # wbinfo -n administrator
> S-1-5-21-XXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500 User (1)
> # wbinfo -i administrator
> Could not get info for user administrator
> 
> As expected attempting to lookup user & group info 
> via commands which use libnss also fail.
> 
> The "administrator" account is setup with all the necessary 
> rfc2307 attributes and works fine with the idmap_ad plugin.
> The uidNumber, gidNumber, and uid attributes have been added
> to the forests partial attribute set, as recommended by then
> idmap_adex man page.
> 
> Idmap log throws up a couple of interesting lines (full log below):
> 1) "NT_STATUS_NO_LOGON_SERVERS"; although wbinfo --online-status 
>  says domain is online and name to sid lookups work ok.
> 2) "could not find idmap alloc module adex"; idmap module is 
> installed at /usr/lib/samba/idmap/adex.so, ad.so is in the same
> folder.

idmap_adex doesn't do uid/gid allocation so this is a normal
message.

> Domain & forest functional level are both Windows Server 2003. 
> Running Samba/Winbind 3.3.1 on RHEL5, built from Fedora
> rawhide SRPM.
> 
> Here is my smb.conf
> [global]
>         workgroup = LOCAL
...

The conf file looks fine.

> And here is log-winbindd-idmap at debug level 10:
> 
...
> [2009/03/26 09:12:45, 10] winbindd/idmap_adex/likewise_cell.c:cell_do_search(382)
>   cell_do_search: Base = ,  Filter = (objectSid=\XX\....), Scope = 2, GC = yes
> [2009/03/26 09:12:45, 10] winbindd/idmap_adex/likewise_cell.c:cell_connect_dn(339)
>   Failed! (NT_STATUS_NO_LOGON_SERVERS)

Any chance i could get you to send me a network sniff of the failure
(off list)?   E.g.

  $ tcpdump -s 0 -w /tmp/dump.pcap \
    port 88 or port 53 or port 3268 or port 389




cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software                  ---------  http://www.likewise.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknLpngACgkQIR7qMdg1Efbn/ACfSlhx2g6hTXABULtMMtB3JcvA
5cMAn3f5XdUwzgJtVd0AoLsiqPYh932R
=w1qw
-----END PGP SIGNATURE-----

More information about the samba mailing list