Recent Samba (4.18.0+) winbind configuration ?

Rowland Penny rpenny at samba.org
Tue Apr 11 13:49:15 UTC 2023 


On 11/04/2023 13:32, Jiří Šašek - Solaris Prague via samba-technical wrote:
> Story begins when Samba 4.14.0 changed its VFS so we decided to skip 
> 4.14.x and also 4.15.x releases to bundle it on Solaris but various 
> problems were also with later releases and we were only fixing issues in 
> 4.13.0 . Currently (4.18.0) the situation can called be critical so I 
> focused on recent release.
> 
> winbindd is giving up and I think the key could be in log message:
> 
> [2023/04/11 11:28:53.090661,  5, pid=1525, effective(0, 0), real(0, 0), 
> class=winbind] ../../source3/winbindd/wb_lookupname.c:
> 52(wb_lookupname_send)
>    WB command lookupname start.
>    Search namespace 'smbsetup' and domain 'smbsetup' for name ''.
> 
> ...where "smbsetup" is my domain  ...and I have added core-dump here to 
> freeze the stack:
> 
> [2023/04/11 11:28:53.090780,  0, pid=1525, effective(0, 0), real(0, 0)] 
> ../../source3/lib/dumpcore.c:315(dump_core)
>    dumping core in /var/samba/log/cores/winbindd
> 
> 
> I went over such many frames of "tevent's" but I do not know where to 
> start evaluation. I only catch the (PIDL) generated code was 
> optimized-out by gcc (11.3.0) so I built the code with -O0 and now the 
> code is available.
> 
> In the mood of total madness I also tried ChatGPT which suspects my 
> smb.conf but answer on my question:
> 
> 
> Q:
> what was changed in idmap configuration in smb.conf between 4.13 and 4.18 ?
> 
> A:
> There have been some changes to the idmap configuration in Samba between 
> version 4.13 and 4.18, although they may not necessarily be related to 
> the issue you're experiencing.
> 
> One notable change is that in Samba 4.18, the idmap config parameter has 
> been deprecated in favor of the idmap_ldb parameter. This new parameter 
> uses an LDB backend for id mapping, which allows for better performance 
> and scalability than the previous tdb backend.
> 
> Another change is that the idmap config parameter in Samba 4.18 now 
> accepts a backend option, which allows you to specify the backend to use 
> for id mapping. The options are rid, ad, autorid, and autorid_compat.
> 
> The rid backend continues to be the default, which means that if you 
> don't specify a backend explicitly, Samba will use the RID algorithm to 
> generate UIDs and GIDs.
> 
> In summary, if you're upgrading from Samba 4.13 to 4.18, you may need to 
> update your smb.conf to use the new idmap_ldb parameter and specify a 
> backend if you're not using the default rid backend.
> 
> ....looks suspectably because I can not find "idmap_ldb" in man smb.conf 
> so I asked again:
> 
> Q:
> backend option of idmap config was available even in samba 4.0.0 smb.con 
> so what exactly has been changed in 4.18.0 ?
> A:
> Something went wrong. If this issue persists please contact us through 
> our help center at help.openai.com.
> 
> ...I do not want to push here the way how to shot-down the f'g ChatGPT 
> but I would like to know if something was really changed. I went through 
> the RELEASE NOTES and there is nothing directly concerns to idmap config 
> AFAIK
> 
> constraints:
> 
>   - net ads join works as usual include adding of "A" record to DNS
> 
>   - despite of successful join it looks DC can not be located:
> 
> [2023/04/11 11:28:53.083220,  1, pid=1525, effective(0, 0), real(0, 0), 
> class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_
> function_debug)
>         wbint_PingDc: struct wbint_PingDc
>            in: struct wbint_PingDc
> [2023/04/11 11:28:53.083291,  1, pid=1525, effective(0, 0), real(0, 0), 
> class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_
> function_debug)
>         wbint_InitConnection: struct wbint_InitConnection
>            in: struct wbint_InitConnection
>                dcname                   : *
>                    dcname                   : ''
> 
> ...so it really looks like a stupid mis-configuration issue of mine.
> 
> Google is silent on all my attempts to ask "him".
> 
> If someone have some good idea please share it with me.
> 
> Many thanks,
> Yura
> 

Yes, stop asking chatGTP, you have made my day by supplying me with 
proof that chatGPT is STUPID!!!

There is an idmap backend called idmap_ldb, but it is only used on a 
Samba AD DC, did you get that chatGPT ?

Please post on again, but this time on the samba mailing list, which is 
the correct place to discuss how to set up Samba.
Please also post your smb.conf and tell us what version of Samba you 
were using previously.

Rowland

More information about the samba-technical mailing list