[Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration

Michael Adam obnox at samba.org
Wed Mar 21 03:12:00 MDT 2012


Hi Gregory,

I am completely ignorant of interaction with likewise.
But I assume (from the logs) that you have samba's winbindd
running. I also don't know about the lwicompat_v4 backend
that you configured.

What you should know thought is that a domain placeholder "ALL"
is not used for the default idmap configuration any more since
samba 3.3. This must be the reason why you get logs from the
idmap_tdb backend at all.

So in order to configure the lwicompat_v4 backend as the default
(catch-all) backend, you should set:

idmap backend = lwicompat_v4

And this should be it. (remove all the other idmap-options).
There is currently no global read only option to id mapping
in 3.5. And from your configuration, the range options
(idmap uid and idmap gid) are not needed for your case.
If you specify them, then you have to specify values (like
idmap uid = 100000-200000).

So my guess is that you should try:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
idmap backend = lwicompat_v4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

instead of

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
idmap config ALL:backend = lwicompat_v4
idmap config ALL:default = yes
idmap config ALL:readonly = yes
idmap backend
idmap uid
idmap gid
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cheers - Michael

Gregory Machin wrote:
> Thanks for the suggestion, but no joy
> 
> Below is my [global]
> 
> workgroup = endace
>    realm = ad.DOMAIN.COM
>    server string = %h server
>    wins server = 10.0.32.2
>    dns proxy = no
>    panic action = /usr/share/samba/panic-action %d
>    security = ADS
>    encrypt passwords = true
>    passdb backend = tdbsam
>    obey pam restrictions = no
>    unix password sync = yes
> password server = dcn01.ad.DOMAIN.COM
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>    machine password timeout = 0
>    pam password change = yes
>    map to guest = bad user
>         force group = domain^users
>         idmap config ALL:backend = lwicompat_v4
>         idmap config ALL:default = yes
>         idmap config ALL:readonly = yes
>         idmap backend
>         idmap uid
>         idmap gid
>         hosts allow = ALL
> 
>    usershare allow guests = yes
> 
> printcap name = /etc/printcap
> 
> #Logging
>         #   log file = /var/log/samba/log.%m
>         max log size = 1000
>         #syslog = 0
>         log level = 1 vfs:1
>         log file = /var/log/samba/%U.%m.log
> 
> 
> #Network
>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536
> #
> 
> 
> Any further advice ?
> 
> Thanks
> 
> 
> On Sat, Mar 17, 2012 at 2:58 AM, Tom Noonan II <thomas.noonan.ii at hp.com> wrote:
> >        I saw this on CentOS 6 with winbind, not LikewiseOpen.  The problem is
> > that it expects configuration options to be present that are flagged as having
> > (sane) defaults in the smb.conf man page.  Once I added the following options
> > for winbind to my smb.conf this problem went away:
> >
> > idmap backend
> > idmap uid
> > idmap gid
> >
> > I believe it was "idmap backend," but I didn't verify that.
> >
> >
> > --
> > Tom Noonan II
> > ESL Technician - Randstad
> >
> >
> > On Fri, 16 Mar 2012 08:37:48 +0000
> > Gregory Machin <gdm at linuxpro.co.za> wrote:
> >
> >> Hi
> >>
> >> I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 .
> >>
> >> How do I fix these errors ?
> >>
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.639871,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.654353,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.655811,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.674267,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.675524,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.693888,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.695097,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >>
> >> Thanks
> >>
> >> Greg
> >
> >
> >
> > --
> > Tom Noonan II
> > ESL Technician - Randstad
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20120321/52e0de66/attachment.pgp>


More information about the samba mailing list