[Samba] Problem with IDMAP+LDAP+WINBIND
Aldyth Maharsha
demhyt at gmail.com
Thu Jun 9 04:18:00 MDT 2011
What kind of your security parameter using?..try to set security = ADS at
smb.conf
Or you can just configure idmap uid and gid like this :
idmap uid =10000-500000
idmap gid = 10000-500000
not specify your idmap backend, correct me if i'm wrong :-)
Best Regards,
Aldyth M
On Wed, Jun 8, 2011 at 10:02 PM, Adrian Berlin <gato at rock.com> wrote:
> Hello,
>
> I have problem with idmap configuration. I would like to use LDAP as
> backend for idmap in Samba+ADS environment, but i have following errors
> in log.winbindd-idmap:
>
> [2011/06/08 16:57:54.805575, 0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> idmap_alloc module ldap already
>
> registered!
> [2011/06/08 16:57:54.805618, 0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> idmap_alloc module tdb already
>
> registered!
> [2011/06/08 16:57:54.805645, 0]
>
> winbindd/idmap.c:149(smb_register_idmap)
> Idmap module passdb already
>
> registered!
> [2011/06/08 16:57:54.805671, 0]
>
> winbindd/idmap.c:149(smb_register_idmap)
> Idmap module nss already
>
> registered!
> [2011/06/08 16:57:54.806552, 1]
>
> winbindd/idmap_ldap.c:193(verify_idpool)
> Unable to verify the idpool, cannot continue
>
> initialization!
> [2011/06/08 16:57:54.806642, 0]
>
> winbindd/idmap.c:589(idmap_alloc_init)
> ERROR: Initialization failed for alloc backend,
>
> deferred!
> [2011/06/08 16:57:54.844163, 0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> idmap_alloc module ldap already
>
> registered!
> [2011/06/08 16:57:54.844226, 0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> idmap_alloc module tdb already
>
> registered!
> [2011/06/08 16:57:54.844254, 0]
>
> winbindd/idmap.c:149(smb_register_idmap)
> Idmap module passdb already
>
> registered!
> [2011/06/08 16:57:54.844280, 0]
>
> winbindd/idmap.c:149(smb_register_idmap)
> Idmap module nss already
>
> registered!
> [2011/06/08 16:57:54.845341, 1]
>
> winbindd/idmap_ldap.c:193(verify_idpool)
> Unable to verify the idpool, cannot continue
>
> initialization!
> [2011/06/08 16:57:54.845380, 0]
>
> winbindd/idmap.c:589(idmap_alloc_init)
> ERROR: Initialization failed for alloc backend,
>
> deferred!
> [2011/06/08 16:57:54.846287, 0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> idmap_alloc module ldap already
>
> registered!
> [2011/06/08 16:57:54.846326, 0]
>
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> idmap_alloc module tdb already
>
> registered!
> [2011/06/08 16:57:54.846353, 0]
>
> winbindd/idmap.c:149(smb_register_idmap)
> Idmap module passdb already
>
> registered!
> [2011/06/08 16:57:54.846380, 0]
>
> winbindd/idmap.c:149(smb_register_idmap)
> Idmap module nss already
>
> registered!
> [2011/06/08 16:57:54.847374, 1]
>
> winbindd/idmap_ldap.c:193(verify_idpool)
> Unable to verify the idpool, cannot continue
>
> initialization!
> [2011/06/08 16:57:54.847409, 0]
>
> winbindd/idmap.c:589(idmap_alloc_init)
> ERROR: Initialization failed for alloc backend, deferred!
>
> LDAP database is up and running.
>
> slapcat:
>
> dn: dc=server,dc=nas
> objectClass: dcObject
> objectClass: organization
> dc: server
> o: server
> structuralObjectClass: organization
> entryUUID: 6401d0ac-262b-1030-84d2-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000000#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: cn=admin,dc=server,dc=nas
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: admin
> userPassword:: c2VjcmV0
> description: LDAP administrator
> structuralObjectClass: organizationalRole
> entryUUID: 64127830-262b-1030-84d3-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000001#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=People,dc=server,dc=nas
> ou: People
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 642ad5ec-262b-1030-84d4-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000002#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=ChapPeople,dc=server,dc=nas
> ou: ChapPeople
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 642f6b7a-262b-1030-84d5-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000003#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=Groups,dc=server,dc=nas
> ou: Groups
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 64357e34-262b-1030-84d6-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000004#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=Computers,dc=server,dc=nas
> ou: Computers
> objectClass: top
> objectClass: organizationalUnit
> structuralObjectClass: organizationalUnit
> entryUUID: 643a116a-262b-1030-84d7-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000005#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: ou=idmap,dc=server,dc=nas
> objectClass: organizationalUnit
> objectClass: top
> objectClass: sambaUnixIdPool
> ou: idmap
> description: idmap
> uidNumber: 10000
> gidNumber: 10000
> structuralObjectClass: organizationalUnit
> entryUUID: 643ea9dc-262b-1030-84d8-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000006#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: sambaDomainName=DSS,dc=server,dc=nas
> sambaDomainName: DSS
> sambaSID: S-1-5-21-2206515185-2896615622-3143254707
> sambaAlgorithmicRidBase: 1000
> objectClass: sambaDomain
> sambaNextUserRid: 1000
> sambaMinPwdLength: 5
> sambaPwdHistoryLength: 0
> sambaLogonToChgPwd: 0
> sambaMaxPwdAge: -1
> sambaMinPwdAge: 0
> sambaLockoutDuration: 30
> sambaLockoutObservationWindow: 30
> sambaLockoutThreshold: 0
> sambaForceLogoff: -1
> sambaRefuseMachinePwdChange: 0
> structuralObjectClass: sambaDomain
> entryUUID: 6470ac16-262b-1030-84d9-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000007#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> dn: cn=users,ou=Groups,dc=server,dc=nas
> objectClass: posixGroup
> objectClass: top
> objectClass: sambaGroupMapping
> gidNumber: 101
> cn: users
> description: DefaulGroup
> sambaSID: S-1-5-21-2206515185-2896615622-3143254707-1203
> sambaGroupType: 2
> displayName: users
> structuralObjectClass: posixGroup
> entryUUID: 6475a05e-262b-1030-84da-1370b5f1fe61
> creatorsName: cn=admin,dc=server,dc=nas
> createTimestamp: 20110608145736Z
> entryCSN: 20110608145736Z#000008#00#000000
> modifiersName: cn=admin,dc=server,dc=nas
> modifyTimestamp: 20110608145736Z
>
> cat /etc/samba/smb.conf
> ...
> ldap admin dn=
>
> "cn=admin,dc=server,dc=nas"
> ldap suffix=
>
> "dc=server,dc=nas"
> #ldap server=
>
> 127.0.0.1
> ldap idmap suffix =
>
> "ou=idmap"
> passdb backend =
> ldapsam:ldap://127.0.0.1:389
>
> idmap backend =
> ldap:ldap://127.0.0.1:389
>
> idmap uid =
>
> 10000-500000
> idmap gid = 10000-500000
> ...
>
> Samba successfully connect to ADS domain but idmapings aren't writen to
> LDAP database.
>
> Best Regards
>
> --
> You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of
> Storage!
>
>
> http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748&STATUS=MAIN
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list