[Samba] Winbind uselessly using up Idmap range in ldap
Alex Crow
acrow at integrafin.co.uk
Mon Jan 17 03:27:55 MST 2011
Hi,
We have just managed to get winbind behaving correctly in a Samba domain
with Samba member servers with help from Sernet. It is now not adding
spurious entries for the "own domain".
However, a member server keeps trying to add group mappings that already
exist in the LDAP idmap ou. This would not be a problem, apart from the
fact that every time it fails adding an entry, the "gidnumber" attribute
in the idmap ou (that determines the next available gid number) is
incremented. Thus, in a short while, it hits 20000 which is the upper
limit. I also don't know why it tries to add a mapping if one already
exists!
Here are logs from the DMS:
[2011/01/17 10:13:50.303702, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:13:50.303749, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:13:50.303768, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:13:50.303783, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:13:50.312693, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add
S-1-5-21-8015792-1768810241-176008768-513 to 12350 mapping [gidNumber]
[2011/01/17 10:13:50.312747, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:13:50.318187, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:13:50.318225, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:13:50.318245, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:13:50.318263, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:13:50.329100, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12351
mapping [gidNumber]
[2011/01/17 10:13:50.329152, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:16:01.024241, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:16:01.024285, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:16:01.024302, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:16:01.024317, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:16:01.033804, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add
S-1-5-21-8015792-1768810241-176008768-513 to 12352 mapping [gidNumber]
[2011/01/17 10:16:01.033847, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:16:01.035771, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:16:01.035807, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:16:01.035832, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:16:01.035855, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:16:01.043636, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12353
mapping [gidNumber]
[2011/01/17 10:16:01.043675, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:18:15.019605, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:18:15.019664, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:18:15.019682, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:18:15.019697, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:18:17.207189, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add
S-1-5-21-8015792-1768810241-176008768-513 to 12354 mapping [gidNumber]
[2011/01/17 10:18:17.207235, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:18:17.208951, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:18:17.208978, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:18:17.208994, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:18:17.209009, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:18:17.216845, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12355
mapping [gidNumber]
[2011/01/17 10:18:17.216874, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:20:34.446465, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:20:34.446506, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:20:34.446522, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:20:34.446537, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:20:36.631996, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add
S-1-5-21-8015792-1768810241-176008768-513 to 12356 mapping [gidNumber]
[2011/01/17 10:20:36.632037, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:20:36.637324, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:20:36.637353, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:20:36.637370, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:20:36.637385, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:20:36.646479, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12357
mapping [gidNumber]
[2011/01/17 10:20:36.646524, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:22:36.726247, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:22:36.726286, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:22:36.726305, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:22:36.726320, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:22:36.764044, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add
S-1-5-21-8015792-1768810241-176008768-513 to 12358 mapping [gidNumber]
[2011/01/17 10:22:36.764087, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:22:36.765893, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:22:36.765929, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:22:36.765982, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:22:36.766008, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:22:36.774857, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12359
mapping [gidNumber]
[2011/01/17 10:22:36.774896, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:24:41.446106, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:24:41.446146, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:24:41.446163, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:24:41.446178, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:24:41.454458, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add
S-1-5-21-8015792-1768810241-176008768-513 to 12360 mapping [gidNumber]
[2011/01/17 10:24:41.454502, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
[2011/01/17 10:24:41.456096, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/01/17 10:24:41.456132, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/17 10:24:41.456158, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/17 10:24:41.456181, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/17 10:24:41.467068, 0]
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12361
mapping [gidNumber]
[2011/01/17 10:24:41.467107, 0]
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
ldap_set_mapping_internals: Error was: (Already exists)
Here is the relevant part of the DMS smb.conf:
idmap backend = ldap:ldap://pdc
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap admin dn = cn=manager,dc=my,dc=net
ldap suffix = dc=ifa,dc=net
ldap idmap suffix = ou=Idmap
# the own domain, users come via nss_ldap:
idmap config MY_NET : backend = nss
idmap config MY_NET : range = 500-9999
winbind nested groups = yes
winbind use default domain = yes
winbind enum users = no
winbind enum groups = no
allow trusted domains = yes
and on the pdc:
ldap suffix = dc=my,dc=net
ldap machine suffix = ou=Computers,ou=Accounts
ldap user suffix = ou=People,ou=Accounts
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind nested groups = yes
winbind trusted domains only = yes
winbind use default domain = no
winbind enum users = yes
winbind enum groups = yes
allow trusted domains = yes
Any help to resolve this issue would be gratefully received.
Thanks
Alex
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856)
More information about the samba
mailing list