[Samba] Configuration of idmap_ldap "No backend defined"

Jon Theil Nielsen jontheil at gmail.com
Sat Apr 14 12:36:57 MDT 2012 

Hi and thanks,

The base dn is not as shown. Might be some kind of paranoia...
I changed the smb.conf as suggested. Did not change any other file. Now my
log shows:

[2012/04/14 20:29:36.891125,  2] lib/smbldap.c:1018(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2012/04/14 20:29:36.901600,  0] winbindd/idmap_ldap.c:192(verify_idpool)
  Multiple entries returned from (objectclass=sambaUnixIdPool) (base ==
dc=example,dc=com)
[2012/04/14 20:29:36.901919,  1]
winbindd/idmap_ldap.c:516(idmap_ldap_db_init)
  idmap_ldap_db_init: failed to verify ID pool (NT_STATUS_UNSUCCESSFUL)
[2012/04/14 20:29:36.903646,  5]
winbindd/idmap_ldap.c:421(idmap_ldap_close_destructor)
  The connection to the LDAP server was closed
[2012/04/14 20:29:36.904039,  1] winbindd/idmap.c:249(idmap_init_domain)
  idmap initialization returned NT_STATUS_UNSUCCESSFUL

Regards,
Jon

On 14 April 2012 20:14, Christian Rost <christian.rost at rocon-it.de> wrote:

> Hi,
>
> please check your ldap configuration in your smb.conf file. At first
> verify that your base-dn is really  "dc=example,dc=com". Than remove
> "cn=Manager" from each option that contains "base_dn".
>
> As usual, make sure that your LDAP server is set up correctly and that
> everthing works fine. Than you can connect samba to your LDAP.
>
> Cheers,
>
> Christian
>
> Jon Theil Nielsen <jontheil at gmail.com> schrieb:
>
> >Hi list,
> >
> >I can't make idmap talk to my LDAP server. And I haven't found an
> >updated
> >howto.
> >
> >Some entries from log.windbindd-imap:
> >[2012/04/13 20:05:40.500475,  5]
> >winbindd/idmap.c:153(smb_register_idmap)
> >  Successfully added idmap backend 'ldap'
> >[2012/04/13 20:05:40.501112,  5]
> >winbindd/idmap.c:153(smb_register_idmap)
> >  Successfully added idmap backend 'tdb'
> >[2012/04/13 20:05:40.501318,  5]
> >winbindd/idmap.c:153(smb_register_idmap)
> >  Successfully added idmap backend 'passdb'
> >[2012/04/13 20:05:40.501516,  5]
> >winbindd/idmap.c:153(smb_register_idmap)
> >  Successfully added idmap backend 'nss'
> >[2012/04/13 20:05:40.540035,  2]
> >lib/smbldap.c:1018(smbldap_open_connection)
> >  smbldap_open_connection: connection opened
> >[2012/04/13 20:05:40.550305,  2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> >  init_group_from_ldap: Entry found for group: 515
> >[2012/04/13 20:05:40.592075,  1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> >  no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:23.606655,  2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> >  init_group_from_ldap: Entry found for group: 548
> >[2012/04/13 20:06:23.629123,  2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> >  init_group_from_ldap: Entry found for group: 1006
> >[2012/04/13 20:06:23.632141,  1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> >  no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:23.637118,  2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> >  init_group_from_ldap: Entry found for group: 1005
> >[2012/04/13 20:06:23.640003,  1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> >  no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:23.653837,  1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> >  no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:33.287504,  1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> >  no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:33.287723,  1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> >  no backend defined for idmap config BUILTIN
> >[2012/04/13 20:06:38.048645,  1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> >  no backend defined for idmap config MYDOMAIN
> >
> >Part of my smb.conf:
> >[global]
> >    ldap admin dn = cn=Manager,dc=example,dc=com
> >    ldap delete dn = Yes
> >    ldap group suffix = ou=Groups
> >    ldap idmap suffix = ou=Idmap
> >    ldap machine suffix = ou=Computers
> >    ldap passwd sync = yes
> >    ldap suffix = dc=example,dc=com
> >    ldap user suffix = ou=People
> >    ldap debug level = 1
> >    idmap config *:backend = ldap
> >    idmap config *:readonly = no
> >    idmap config *:range = 1000-1999999
> >    idmap config *:ldap_url=ldap://localhost
> >    idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com
> >    idmap config MYDOMAIN:backend = ldap
> >    idmap config MYDOMAIN:readonly = no
> >    idmap config MYDOMAIN:range = 1000-1999999
> >    idmap config MYDOMAIN:ldap_url=ldap://localhost
> >    idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com
> >idmap config MYDOMAIN:ldap_user_dn =
> >cn=admin,ou=Idmap,dc=example,dc=com
> >
> >I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems
> >to
> >work otherwise. At least, I can do user authentication this way.
> >
> >Of course, I can provide much more information from the logs and the
> >configuration files. I just don't know where to start. And any help
> >would
> >be much appreciated.
> >
> >Best regards,
> >Jon Theil Nielsen
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> Dipl.-Ing. Christian Rost
> roCon - Informationstechnologie
> Ulmenstraße 45
> 44534 Lünen
>
>
> Fon: +49 2306 910 658
> Fax:  +48 2306 910 664
> URL: www.rocon-it.de
>

More information about the samba mailing list