Hi Mike, There is a couple of known issues with the server we need to fix. They are all related to provision and AD schema extension, but anyway prevent the NSPI server from working properly and are causing the bugs you detailed in your email.
1. Jelmer is currently migrating Samba4 provisioning scripts from
Javascript to Python. OpenChange will have to migrate its scripts too,
but we are waiting for his work to be merged within samba4 trunk prior
working on it.
2. Andrew Bartlett has been working on improving Active Directory
support/database and the LDIF files we use to extend AD schema need to
be reviewed and patched properly.
3. We need to nail down a fixed Samba4 version and plan to develop
openchange over samba4-alpha2 (planned for January 2008).
When all the different points explained above are committed/released in
Samba4, we'll be able to put resources on the server code again and fix
these issues for real and for a long time.
If everything is OK, we should be able to provide a production release
of the MAPI library for the end of January and then work almost
full-time on the server.
However, I could not conclude this email without providing you a
workaround, even if it's only a temporary solution... If you are
interested in testing openchange server and see how it should work
(again) within a couple of weeks, you can try the following
configuration:
a. Use openchange libmapi-0.4 based code
b. Use Samba4 TP4 or TP5 (will check tonight which one you
should be using)
c. follow the how-to server part
I'll give it a look tonight and post more detailed information.
Furthermore, I will probably record a screencast about server
configuration and usage on openchange.org as soon as I have time.
Hope this helps ...
Cheers,
Julien.
On Mon, 2007-11-12 at 16:10 +0100, Mike Kretlow wrote:
> Hello *,
>
> for testing purposes I wanted to set up the oc-server, and samba4 works
> properly
> as far as I see, but I cannot add new users to samba and I cannot create
> profiles (even not for the Samba Administrator account).
>
> I tried provisioning according oc-howto:
> # ./setup/provision --domain=OPENCHANGE --realm=OPENCHANGE.LOCAL
> --adminpass=secret
>
> and also with --server-role='domain controller' (as mentioned in
> samba4-howto)
>
> Provisioning finished successfully.
>
> But I was not able no add new user with:
>
> # ./setup/newuser --username=mike --unixname=mike --password=secret
>
> (and trying this with swat also failed with same error message)
> I got following error message:
>
> Adding user CN=mike,CN=Users,DC=openchange,DC=local
> Failed to add CN=mike,CN=Users,DC=openchange,DC=local - attribute memberOf
> must
> not be modified directly, it is a linked attribute
>
> The Administrator account works (with this I can login in swat).
>
> Second: I am not able to create a profile, even not for the existing
> Administrator account (creating profile store was ok), e.g. with
>
> $ mapiprofile --database=/tmp/profiles.ldb \
> --profile=testuser \
> --username=Administrator \
> --password=secret \
> --workstation=OPENCHANGE.LOCAL \
> --domain=OPENCHANGE \
> -I 192.168.0.107 \
> --create
>
>
> I got following error message:
> ProcessNetworkProfile : MAPI_E_NOT_FOUND (0x8004010F)
> Deleting profile
>
>
>
> This is the smbd logfile/backtrace:
>
> Initialising global parameters
> lp_load: refreshing parameters from /usr/local/samba4/etc/smb.conf
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba4/etc/smb.conf"
> Processing section "[globals]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[test]"
> pm_process() returned Yes
> adding hidden service IPC$
> adding hidden service ADMIN$
> smbd version 4.0.0alpha2-SVN-build-25756 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2007
> SHARE backend [ldb] registered.
> SHARE backend [classic] registered.
> AUTH backend 'winbind_samba3' registered
> AUTH backend 'winbind' registered
> AUTH backend 'name_to_ntstatus' registered
> AUTH backend 'fixed_challenge' registered
> AUTH backend 'unix' registered
> AUTH backend 'anonymous' registered
> AUTH backend 'sam' registered
> AUTH backend 'sam_ignoredomain' registered
> GENSEC backend 'krb5' registered
> gensec subsystem fake_gssapi_krb5 is disabled
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> gensec subsystem gssapi_spnego is disabled
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'ntlmssp' registered
> NTPTR backend 'simple_ldb'
> NTVFS backend 'simple' for type 0 registered
> NTVFS backend 'cifs' for type 0 registered
> NTVFS backend 'nbench' for type 0 registered
> NTVFS backend 'unixuid' for type 0 registered
> NTVFS backend 'unixuid' for type 1 registered
> NTVFS backend 'unixuid' for type 2 registered
> NTVFS backend 'cifsposix' for type 0 registered
> NTVFS backend 'default' for type 2 registered
> NTVFS backend 'xattr' registered
> NTVFS backend 'nfs4acl' registered
> NTVFS backend 'default' for type 1 registered
> NTVFS backend 'default' for type 0 registered
> NTVFS backend 'posix' for type 0 registered
> PROCESS_MODEL 'standard' registered
> PROCESS_MODEL 'single' registered
> Unable to open
> /usr/local/samba4/modules/dcerpc_server/dcesrv_exchange_remote.so:
> /usr/local/samba4/modules/dcerpc_server/dcesrv_exchange_remote.so: undefined
> symbol: librpc_register_interface
> DCERPC endpoint server 'wkssvc' registered
> DCERPC endpoint server 'drsuapi' registered
> DCERPC endpoint server 'spoolss' registered
> DCERPC endpoint server 'winreg' registered
> DCERPC endpoint server 'epmapper' registered
> DCERPC endpoint server 'srvsvc' registered
> DCERPC endpoint server 'netlogon' registered
> DCERPC endpoint server 'rpcecho' registered
> DCERPC endpoint server 'unixinfo' registered
> DCERPC endpoint server 'samr' registered
> DCERPC endpoint server 'remote' registered
> DCERPC endpoint server 'dssetup' registered
> DCERPC endpoint server 'lsarpc' registered
> DCERPC endpoint server 'exchange_store_admin3' registered
> DCERPC endpoint server 'exchange_store_admin2' registered
> DCERPC endpoint server 'exchange_store_admin1' registered
> DCERPC endpoint server 'exchange_ds_rfr' registered
> DCERPC endpoint server 'exchange_sysatt_cluster' registered
> DCERPC endpoint server 'exchange_system_attendant' registered
> DCERPC endpoint server 'exchange_mta' registered
> DCERPC endpoint server 'exchange_drs' registered
> DCERPC endpoint server 'exchange_xds' registered
> DCERPC endpoint server 'exchange_mta_qadmin' registered
> DCERPC endpoint server 'exchange_store_information' registered
> DCERPC endpoint server 'exchange_nsp' registered
> DCERPC endpoint server 'exchange_emsmdb' registered
> DCERPC endpoint server 'exchange_unknown' registered
> smbd: using 'single' process model
> ldb: schema_fsmo_init: we are master: yes
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> dcesrv_interface_register: interface 'exchange_nsp' registered on endpoint
> 'ncacn_np:[\pipe\lsass]'
> dcesrv_interface_register: interface 'exchange_nsp' registered on endpoint
> 'ncacn_np:[\pipe\protected_storage]'
> dcesrv_interface_register: interface 'exchange_nsp' registered on endpoint
> 'ncacn_ip_tcp:[]'
> dcesrv_interface_register: interface 'exchange_emsmdb' registered on endpoint
> 'ncacn_np:[\pipe\lsass]'
> dcesrv_interface_register: interface 'exchange_emsmdb' registered on endpoint
> 'ncacn_np:[\pipe\protected_storage]'
> dcesrv_interface_register: interface 'exchange_emsmdb' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'epmapper' registered on endpoint
> 'ncacn_np:[\pipe\epmapper]'
> dcesrv_interface_register: interface 'epmapper' registered on endpoint
> 'ncacn_ip_tcp:[135]'
> dcesrv_interface_register: interface 'epmapper' registered on endpoint
> 'ncalrpc:[EPMAPPER]'
> dcesrv_interface_register: interface 'srvsvc' registered on endpoint
> 'ncacn_np:[\pipe\srvsvc]'
> dcesrv_interface_register: interface 'srvsvc' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'srvsvc' registered on endpoint
> 'ncalrpc:'
> dcesrv_interface_register: interface 'wkssvc' registered on endpoint
> 'ncacn_np:[\pipe\wkssvc]'
> dcesrv_interface_register: interface 'wkssvc' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'wkssvc' registered on endpoint
> 'ncalrpc:'
> dcesrv_interface_register: interface 'rpcecho' registered on endpoint
> 'ncacn_np:[\pipe\rpcecho]'
> dcesrv_interface_register: interface 'rpcecho' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'rpcecho' registered on endpoint
> 'ncalrpc:'
> dcesrv_interface_register: interface 'samr' registered on endpoint
> 'ncacn_np:[\pipe\samr]'
> dcesrv_interface_register: interface 'samr' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'samr' registered on endpoint 'ncalrpc:'
> dcesrv_interface_register: interface 'netlogon' registered on endpoint
> 'ncacn_np:[\pipe\netlogon]'
> dcesrv_interface_register: interface 'netlogon' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'netlogon' registered on endpoint
> 'ncalrpc:'
> dcesrv_interface_register: interface 'lsarpc' registered on endpoint
> 'ncacn_np:[\pipe\lsarpc]'
> dcesrv_interface_register: interface 'lsarpc' registered on endpoint
> 'ncacn_np:[\pipe\netlogon]'
> dcesrv_interface_register: interface 'lsarpc' registered on endpoint
> 'ncacn_np:[\pipe\lsass]'
> dcesrv_interface_register: interface 'lsarpc' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'lsarpc' registered on endpoint
> 'ncalrpc:'
> dcesrv_interface_register: interface 'spoolss' registered on endpoint
> 'ncacn_np:[\pipe\spoolss]'
> dcesrv_interface_register: interface 'drsuapi' registered on endpoint
> 'ncacn_np:[\pipe\lsass]'
> dcesrv_interface_register: interface 'drsuapi' registered on endpoint
> 'ncacn_np:[\pipe\protected_storage]'
> dcesrv_interface_register: interface 'drsuapi' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'drsuapi' registered on endpoint
> 'ncalrpc:'
> dcesrv_interface_register: interface 'winreg' registered on endpoint
> 'ncacn_np:[\pipe\winreg]'
> dcesrv_interface_register: interface 'winreg' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'winreg' registered on endpoint
> 'ncalrpc:'
> dcesrv_interface_register: interface 'dssetup' registered on endpoint
> 'ncacn_np:[\pipe\lsarpc]'
> dcesrv_interface_register: interface 'dssetup' registered on endpoint
> 'ncacn_np:[\pipe\lsass]'
> dcesrv_interface_register: interface 'dssetup' registered on endpoint
> 'ncacn_ip_tcp:'
> dcesrv_interface_register: interface 'dssetup' registered on endpoint
> 'ncalrpc:'
> added interface ip=192.168.0.107 nmask=255.255.255.0
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> Failed to listen on 0.0.0.0:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
> ldapsrv failed to bind to 0.0.0.0:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> dreplsrv_partition[CN=Schema,CN=Configuration,DC=openchange,DC=local] loaded
> dreplsrv_partition[CN=Configuration,DC=openchange,DC=local] loaded
> dreplsrv_partition[DC=openchange,DC=local] loaded
> dreplsrv_refresh_partition(DC=openchange,DC=local)
> dreplsrv_refresh_partition(CN=Configuration,DC=openchange,DC=local)
> dreplsrv_refresh_partition(CN=Schema,CN=Configuration,DC=openchange,DC=local)
> dreplsrv_periodic_schedule(15) scheduled for: Mon Nov 12 16:02:29 2007 CET
> single_terminate: reason[NT_STATUS_END_OF_FILE]
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism ntlmssp
> Got NTLMSSP neg_flags=0x60088205
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> Got user=[Administrator] domain=[OPENCHANGE] workstation=[openchange.local]
> len1=24 len2=24
> auth_check_password_send: Checking password for unmapped user
> [EMAIL PROTECTED]
> map_user_info: Mapping user [OPENCHANGE]\[Administrator] from workstation
> [openchange.local]
> auth_check_password_send: mapped user is:
> [EMAIL PROTECTED]
> auth_get_challenge: returning previous challenge by module NTLMSSP callback
> (NTLM2) (normal)
> [000] 62 2F 53 44 0C D9 50 27 b/SD..P'
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> ntlm_password_check: Checking NT MD4 password
> authsam_account_ok: Checking SMB password for user Administrator
> logon_hours_ok: No hours restrictions for user Administrator
> auth_check_password_recv: sam_ignoredomain authentication for user
> [OPENCHANGE\Administrator] succeeded
> ldb: naming_fsmo_init: we are master: yes
> ldb: pdc_fsmo_init: we are master: yes
> ##### in NspiBind ####
> NspiBind : Success
> ##### in NspiGetHierarchyInfo ####
> NspiGetHierarchyInfo : success
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> INTERNAL ERROR: Signal 11 in pid 14617 (4.0.0alpha2-SVN-build-25756)
> Please read the file BUGS.txt in the distribution
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> PANIC: internal error
> BACKTRACE: 23 stack frames:
> #0 /usr/local/samba4/sbin/smbd(call_backtrace+0x2b) [0x88bfa17]
> #1 /usr/local/samba4/sbin/smbd(smb_panic+0x21e) [0x88bfce4]
> #2 /usr/local/samba4/sbin/smbd [0x88bfe37]
> #3 /usr/local/samba4/sbin/smbd [0x88bfe78]
> #4 [0xb7f84420]
> #5 /usr/local/samba4/lib/libmapi.so.0(ndr_push_SRowSet+0x17d) [0xb7d9bc6d]
> #6 /usr/local/samba4/lib/libmapi.so.0 [0xb7d9c82d]
> #7 /usr/local/samba4/modules/dcerpc_server/dcesrv_exchange.so [0xb7de89d1]
> #8 /usr/local/samba4/sbin/smbd(dcesrv_reply+0x110) [0x829465c]
> #9 /usr/local/samba4/sbin/smbd [0x8294537]
> #10 /usr/local/samba4/sbin/smbd(dcesrv_input_process+0x4e6) [0x8294f4d]
> #11 /usr/local/samba4/sbin/smbd(dcesrv_input+0xc2) [0x829504e]
> #12 /usr/local/samba4/sbin/smbd [0x80daebc]
> #13 /usr/local/samba4/sbin/smbd [0x80dd841]
> #14 /usr/local/samba4/sbin/smbd [0x80dd8b1]
> #15 /usr/local/samba4/sbin/smbd [0x87baf4e]
> #16 /usr/local/samba4/sbin/smbd [0x87bb6e5]
> #17 /usr/local/samba4/sbin/smbd [0x87bb753]
> #18 /usr/local/samba4/sbin/smbd(event_loop_wait+0x16) [0x87ba6b4]
> #19 /usr/local/samba4/sbin/smbd [0x80ba910]
> #20 /usr/local/samba4/sbin/smbd [0x80ba96b]
> #21 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7e12ea8]
> #22 /usr/local/samba4/sbin/smbd [0x80b9ce1]
>
>
>
> Here's my smb.conf:
> [globals]
> netbios name = etch-0
> workgroup = OPENCHANGE
> realm = OPENCHANGE.LOCAL
> server role = domain controller
>
> dcerpc endpoint servers = exchange_nsp exchange_emsmdb epmapper
> srvsvc
> wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
>
> exchange:GUID = 1b940e13-14d3-4e2a-9711-e06a2def5dfd
> exchange:nspi_binding = ncacn_np:192.168.0.107[]
>
> mapi:profile_store = /tmp/profiles.ldb
> mapi:codepage = 0x4e4
> mapi:language = 0x409
> mapi:method = 0x0
>
>
> [netlogon]
> path = /usr/local/samba4/var/locks/sysvol/openchange.local/scripts
> read only = no
>
> [sysvol]
> path = /usr/local/samba4/var/locks/sysvol
> read only = no
>
> [test]
> path = /var/samba4/test
> read only = no
>
>
>
>
>
> Any help/suggestions would be appreciated very much.
>
> Thanx, Mike
>
>
> _______________________________________________
> devel mailing list
> [email protected]
> http://mailman.openchange.org/listinfo/devel
--
Julien Kerihuel
[EMAIL PROTECTED]
OpenChange Project Manager
GPG Fingerprint: 0B55 783D A781 6329 108A B609 7EF6 FE11 A35F 1F79
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list [email protected] http://mailman.openchange.org/listinfo/devel
