[Samba] Configuration of idmap_ldap "No backend defined"
Jon Theil Nielsen
jontheil at gmail.com
Sat Apr 14 12:36:57 MDT 2012
Hi and thanks,
The base dn is not as shown. Might be some kind of paranoia...
I changed the smb.conf as suggested. Did not change any other file. Now my
log shows:
[2012/04/14 20:29:36.891125, 2] lib/smbldap.c:1018(smbldap_open_connection)
smbldap_open_connection: connection opened
[2012/04/14 20:29:36.901600, 0] winbindd/idmap_ldap.c:192(verify_idpool)
Multiple entries returned from (objectclass=sambaUnixIdPool) (base ==
dc=example,dc=com)
[2012/04/14 20:29:36.901919, 1]
winbindd/idmap_ldap.c:516(idmap_ldap_db_init)
idmap_ldap_db_init: failed to verify ID pool (NT_STATUS_UNSUCCESSFUL)
[2012/04/14 20:29:36.903646, 5]
winbindd/idmap_ldap.c:421(idmap_ldap_close_destructor)
The connection to the LDAP server was closed
[2012/04/14 20:29:36.904039, 1] winbindd/idmap.c:249(idmap_init_domain)
idmap initialization returned NT_STATUS_UNSUCCESSFUL
Regards,
Jon
On 14 April 2012 20:14, Christian Rost <christian.rost at rocon-it.de> wrote:
> Hi,
>
> please check your ldap configuration in your smb.conf file. At first
> verify that your base-dn is really "dc=example,dc=com". Than remove
> "cn=Manager" from each option that contains "base_dn".
>
> As usual, make sure that your LDAP server is set up correctly and that
> everthing works fine. Than you can connect samba to your LDAP.
>
> Cheers,
>
> Christian
>
> Jon Theil Nielsen <jontheil at gmail.com> schrieb:
>
> >Hi list,
> >
> >I can't make idmap talk to my LDAP server. And I haven't found an
> >updated
> >howto.
> >
> >Some entries from log.windbindd-imap:
> >[2012/04/13 20:05:40.500475, 5]
> >winbindd/idmap.c:153(smb_register_idmap)
> > Successfully added idmap backend 'ldap'
> >[2012/04/13 20:05:40.501112, 5]
> >winbindd/idmap.c:153(smb_register_idmap)
> > Successfully added idmap backend 'tdb'
> >[2012/04/13 20:05:40.501318, 5]
> >winbindd/idmap.c:153(smb_register_idmap)
> > Successfully added idmap backend 'passdb'
> >[2012/04/13 20:05:40.501516, 5]
> >winbindd/idmap.c:153(smb_register_idmap)
> > Successfully added idmap backend 'nss'
> >[2012/04/13 20:05:40.540035, 2]
> >lib/smbldap.c:1018(smbldap_open_connection)
> > smbldap_open_connection: connection opened
> >[2012/04/13 20:05:40.550305, 2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> > init_group_from_ldap: Entry found for group: 515
> >[2012/04/13 20:05:40.592075, 1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> > no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:23.606655, 2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> > init_group_from_ldap: Entry found for group: 548
> >[2012/04/13 20:06:23.629123, 2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> > init_group_from_ldap: Entry found for group: 1006
> >[2012/04/13 20:06:23.632141, 1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> > no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:23.637118, 2]
> >passdb/pdb_ldap.c:2427(init_group_from_ldap)
> > init_group_from_ldap: Entry found for group: 1005
> >[2012/04/13 20:06:23.640003, 1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> > no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:23.653837, 1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> > no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:33.287504, 1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> > no backend defined for idmap config MYDOMAIN
> >[2012/04/13 20:06:33.287723, 1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> > no backend defined for idmap config BUILTIN
> >[2012/04/13 20:06:38.048645, 1]
> >winbindd/idmap.c:288(idmap_init_named_domain)
> > no backend defined for idmap config MYDOMAIN
> >
> >Part of my smb.conf:
> >[global]
> > ldap admin dn = cn=Manager,dc=example,dc=com
> > ldap delete dn = Yes
> > ldap group suffix = ou=Groups
> > ldap idmap suffix = ou=Idmap
> > ldap machine suffix = ou=Computers
> > ldap passwd sync = yes
> > ldap suffix = dc=example,dc=com
> > ldap user suffix = ou=People
> > ldap debug level = 1
> > idmap config *:backend = ldap
> > idmap config *:readonly = no
> > idmap config *:range = 1000-1999999
> > idmap config *:ldap_url=ldap://localhost
> > idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com
> > idmap config MYDOMAIN:backend = ldap
> > idmap config MYDOMAIN:readonly = no
> > idmap config MYDOMAIN:range = 1000-1999999
> > idmap config MYDOMAIN:ldap_url=ldap://localhost
> > idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com
> >idmap config MYDOMAIN:ldap_user_dn =
> >cn=admin,ou=Idmap,dc=example,dc=com
> >
> >I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems
> >to
> >work otherwise. At least, I can do user authentication this way.
> >
> >Of course, I can provide much more information from the logs and the
> >configuration files. I just don't know where to start. And any help
> >would
> >be much appreciated.
> >
> >Best regards,
> >Jon Theil Nielsen
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
>
> --
> Dipl.-Ing. Christian Rost
> roCon - Informationstechnologie
> Ulmenstraße 45
> 44534 Lünen
>
>
> Fon: +49 2306 910 658
> Fax: +48 2306 910 664
> URL: www.rocon-it.de
>
More information about the samba
mailing list