[Samba] Problem with IDMAP+LDAP+WINBIND
Adrian Berlin
gato at rock.com
Wed Jun 8 09:02:41 MDT 2011
Hello,
I have problem with idmap configuration. I would like to use LDAP as
backend for idmap in Samba+ADS environment, but i have following errors
in log.winbindd-idmap:
[2011/06/08 16:57:54.805575, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already
registered!
[2011/06/08 16:57:54.805618, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already
registered!
[2011/06/08 16:57:54.805645, 0]
winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already
registered!
[2011/06/08 16:57:54.805671, 0]
winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already
registered!
[2011/06/08 16:57:54.806552, 1]
winbindd/idmap_ldap.c:193(verify_idpool)
Unable to verify the idpool, cannot continue
initialization!
[2011/06/08 16:57:54.806642, 0]
winbindd/idmap.c:589(idmap_alloc_init)
ERROR: Initialization failed for alloc backend,
deferred!
[2011/06/08 16:57:54.844163, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already
registered!
[2011/06/08 16:57:54.844226, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already
registered!
[2011/06/08 16:57:54.844254, 0]
winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already
registered!
[2011/06/08 16:57:54.844280, 0]
winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already
registered!
[2011/06/08 16:57:54.845341, 1]
winbindd/idmap_ldap.c:193(verify_idpool)
Unable to verify the idpool, cannot continue
initialization!
[2011/06/08 16:57:54.845380, 0]
winbindd/idmap.c:589(idmap_alloc_init)
ERROR: Initialization failed for alloc backend,
deferred!
[2011/06/08 16:57:54.846287, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already
registered!
[2011/06/08 16:57:54.846326, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already
registered!
[2011/06/08 16:57:54.846353, 0]
winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already
registered!
[2011/06/08 16:57:54.846380, 0]
winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already
registered!
[2011/06/08 16:57:54.847374, 1]
winbindd/idmap_ldap.c:193(verify_idpool)
Unable to verify the idpool, cannot continue
initialization!
[2011/06/08 16:57:54.847409, 0]
winbindd/idmap.c:589(idmap_alloc_init)
ERROR: Initialization failed for alloc backend, deferred!
LDAP database is up and running.
slapcat:
dn: dc=server,dc=nas
objectClass: dcObject
objectClass: organization
dc: server
o: server
structuralObjectClass: organization
entryUUID: 6401d0ac-262b-1030-84d2-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000000#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: cn=admin,dc=server,dc=nas
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
userPassword:: c2VjcmV0
description: LDAP administrator
structuralObjectClass: organizationalRole
entryUUID: 64127830-262b-1030-84d3-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000001#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: ou=People,dc=server,dc=nas
ou: People
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 642ad5ec-262b-1030-84d4-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000002#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: ou=ChapPeople,dc=server,dc=nas
ou: ChapPeople
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 642f6b7a-262b-1030-84d5-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000003#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: ou=Groups,dc=server,dc=nas
ou: Groups
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 64357e34-262b-1030-84d6-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000004#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: ou=Computers,dc=server,dc=nas
ou: Computers
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 643a116a-262b-1030-84d7-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000005#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: ou=idmap,dc=server,dc=nas
objectClass: organizationalUnit
objectClass: top
objectClass: sambaUnixIdPool
ou: idmap
description: idmap
uidNumber: 10000
gidNumber: 10000
structuralObjectClass: organizationalUnit
entryUUID: 643ea9dc-262b-1030-84d8-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000006#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: sambaDomainName=DSS,dc=server,dc=nas
sambaDomainName: DSS
sambaSID: S-1-5-21-2206515185-2896615622-3143254707
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
structuralObjectClass: sambaDomain
entryUUID: 6470ac16-262b-1030-84d9-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000007#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
dn: cn=users,ou=Groups,dc=server,dc=nas
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
gidNumber: 101
cn: users
description: DefaulGroup
sambaSID: S-1-5-21-2206515185-2896615622-3143254707-1203
sambaGroupType: 2
displayName: users
structuralObjectClass: posixGroup
entryUUID: 6475a05e-262b-1030-84da-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000008#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modifyTimestamp: 20110608145736Z
cat /etc/samba/smb.conf
...
ldap admin dn=
"cn=admin,dc=server,dc=nas"
ldap suffix=
"dc=server,dc=nas"
#ldap server=
127.0.0.1
ldap idmap suffix =
"ou=idmap"
passdb backend =
ldapsam:ldap://127.0.0.1:389
idmap backend =
ldap:ldap://127.0.0.1:389
idmap uid =
10000-500000
idmap gid = 10000-500000
...
Samba successfully connect to ADS domain but idmapings aren't writen to
LDAP database.
Best Regards
--
You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of Storage!
http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748&STATUS=MAIN
More information about the samba
mailing list