[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

Martin Juhl mj at casalogic.dk
Mon Feb 29 13:44:00 UTC 2016 

Hi 


>> First thing is, you shouldn't have a user called 'root' in your domain, 

I know, was just saying that the error message changed when I added the user....

>> use a usermap to map 'Administrator' to 'root' 

I have now tried adding:

username map = /var/lib/samba/usermap.txt

to my [global]

and /var/lib/samba/usermap.txt:

mj = Adminstrator


>> Can you try and create a new user with smbpasswd ? 

[root at bart samba]# smbpasswd -a test
No builtin backend found, trying to load plugin
Module 'ipasam' loaded
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan
New SMB password:
Retype new SMB password:
Could not find user test and no add script defined
Failed to add entry for user test.


>> I think you may be hitting the same problem that I have, smbpasswd will 
>> create the user, but then segfaults when trying to add the password. 


/Martin

----- Original meddelelse -----
Fra: "Rowland penny" <rpenny at samba.org>
Til: "samba" <samba at lists.samba.org>
Sendt: mandag, 29. februar 2016 11:34:14
Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

On 29/02/16 10:04, Martin Juhl wrote: 
> Hi 
> 
> This is samba-4.2.3-11.el7_2.x86_64 on CentOS... 
> 
> I'm trying to setup a Samba NT4 domain, with FreeIPA as a backend... 
> 
> Right now everything works.. except that I need a Domain Adminstrator... 
> 
> smbpasswd -a root, segfaults... probably because the user doesn't exist in FreeIPA 
> 
> If I create the root user in FreeIPA, it instead gives: 
> 
> [root at bart samba]# LANG=en smbpasswd -a root 
> No builtin backend found, trying to load plugin 
> Module 'ipasam' loaded 
> smbldap_open_connection: connection opened 
> ldap_connect_system: successful connection to the LDAP server 
> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan 
> New SMB password: 
> Retype new SMB password: 
> init_sam_from_ldap: Entry found for user: root 
> ERROR: Got 0 entries for gid 0, expected at least one 
> ERROR: Got 0 entries for gid 0, expected at least one 
> Forcing Primary Group to 'Domain Users' for root 
> Failed to modify entry for user root. 
> 
> 
> I can't create a user with uid=0 or gid=0 in FreeIPA... 
> 
> I have also tried changing the administrator user: 
> 
> pdbedit -U S-1-5-21-3189138339-1730592290-4215248117-500 -u mj -r -d 7 
> 
> but it also fails: 
> 
> http://pastebin.com/8tpuD6Eg 
> 
> 
> Config: 
> 
> [global] 
> bind interfaces only = yes 
> enable privileges = yes 
> workgroup = BOLLS 
> netbios name = BART 
> realm = BOLLS.LAN 
> kerberos method = dedicated keytab 
> dedicated keytab file = FILE:/etc/samba/samba.keytab 
> create krb5 conf = no 
> security = user 
> domain master = yes 
> domain logons = yes 
> log level = 3 
> max log size = 100000 
> log file = /var/log/samba/log.%m 
> passdb backend = ipasam:ldaps://lisa.bolls.lan 
> disable spoolss = yes 
> ldapsam:trusted = yes 
> ldap ssl = off 
> ldap suffix = dc=bolls,dc=lan 
> ldap user suffix = cn=users,cn=accounts 
> ldap group suffix = cn=groups,cn=accounts 
> ldap machine suffix = cn=computers,cn=accounts 
> rpc_server:epmapper = external 
> rpc_server:lsarpc = external 
> rpc_server:lsass = external 
> rpc_server:lsasd = external 
> rpc_server:samr = external 
> rpc_server:netlogon = external 
> rpc_server:tcpip = yes 
> rpc_daemon:epmd = fork 
> rpc_daemon:lsasd = fork 
> logon path = \\%L\Profiles\%U 
> logon drive = H: 
> logon home = \\%L\%U 
> 
> [homes] 
> comment = Home Directories 
> valid users = %S 
> read only = No 
> browseable = No 
> [printers] 
> comment = All Printers 
> path = /var/spool/samba 
> printer admin = root, mj 
> create mask = 0600 
> guest ok = Yes 
> printable = Yes 
> browseable = No 
> [print$] 
> comment = Printer Drivers Share 
> path = /var/lib/samba/drivers 
> write list = mj, root 
> printer admin = mj, root 
> [netlogon] 
> comment = Network Logon Service 
> path = /var/lib/samba/netlogon 
> admin users = root, mj 
> guest ok = Yes 
> browseable = No 
> # For profiles to work, create a user directory under the path 
> # shown. i.e., mkdir -p /var/lib/samba/profiles/mj 
> [Profiles] 
> comment = Roaming Profile Share 
> path = /var/lib/samba/profiles 
> read only = No 
> profile acls = Yes 
> 
> 
> 
> 
> ----- Original meddelelse ----- 
> Fra: "Rowland penny" <rpenny at samba.org> 
> Til: "samba" <samba at lists.samba.org> 
> Sendt: mandag, 29. februar 2016 10:14:09 
> Emne: Re: [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend 
> 
> On 29/02/16 09:06, Martin Juhl wrote: 
>> Hi guys 
>> 
>> 
>> When trying to set root's password, I get a segmentation fault: 
>> 
>> [root at bart ~]# smbpasswd -a root 
>> No builtin backend found, trying to load plugin 
>> Module 'ipasam' loaded 
>> smbldap_open_connection: connection opened 
>> ldap_connect_system: successful connection to the LDAP server 
>> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain bolls.lan 
>> New SMB password: 
>> Retype new SMB password: 
>> Segmentation fault 
>> 
>> What to do??? 
>> 
>> Regards 
>> 
>> Martin 
>> 
> Hi, what version of Samba is this ? 
> Also, how have you set up Samba ? 
> 
> Rowland 
> 
> 

First thing is, you shouldn't have a user called 'root' in your domain, 
use a usermap to map 'Administrator' to 'root' 

Can you try and create a new user with smbpasswd ? 

I think you may be hitting the same problem that I have, smbpasswd will 
create the user, but then segfaults when trying to add the password. 

Rowland 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list