Re: [Samba] Configuration of idmap_ldap No backend defined
Hi, please check your ldap configuration in your smb.conf file. At first verify that your base-dn is really dc=example,dc=com. Than remove cn=Manager from each option that contains base_dn. As usual, make sure that your LDAP server is set up correctly and that everthing works fine. Than you can connect samba to your LDAP. Cheers, Christian Jon Theil Nielsen jonth...@gmail.com schrieb: Hi list, I can't make idmap talk to my LDAP server. And I haven't found an updated howto. Some entries from log.windbindd-imap: [2012/04/13 20:05:40.500475, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'ldap' [2012/04/13 20:05:40.501112, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'tdb' [2012/04/13 20:05:40.501318, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'passdb' [2012/04/13 20:05:40.501516, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'nss' [2012/04/13 20:05:40.540035, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/13 20:05:40.550305, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2012/04/13 20:05:40.592075, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.606655, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 548 [2012/04/13 20:06:23.629123, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1006 [2012/04/13 20:06:23.632141, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.637118, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1005 [2012/04/13 20:06:23.640003, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.653837, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287504, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287723, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN [2012/04/13 20:06:38.048645, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN Part of my smb.conf: [global] ldap admin dn = cn=Manager,dc=example,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=example,dc=com ldap user suffix = ou=People ldap debug level = 1 idmap config *:backend = ldap idmap config *:readonly = no idmap config *:range = 1000-199 idmap config *:ldap_url=ldap://localhost idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:backend = ldap idmap config MYDOMAIN:readonly = no idmap config MYDOMAIN:range = 1000-199 idmap config MYDOMAIN:ldap_url=ldap://localhost idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:ldap_user_dn = cn=admin,ou=Idmap,dc=example,dc=com I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems to work otherwise. At least, I can do user authentication this way. Of course, I can provide much more information from the logs and the configuration files. I just don't know where to start. And any help would be much appreciated. Best regards, Jon Theil Nielsen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen Fon: +49 2306 910 658 Fax: +48 2306 910 664 URL: www.rocon-it.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configuration of idmap_ldap No backend defined
Hi, your security concerns are welcome. Well I didn't use LDAP based idmap yet, but multiple entries returned could be a result of your duplicate settings for idmap config - one with the asterisk and the second with MYDOMAIN. Please read the docs to determine which of the entries is necessary. Cheers, Christian Jon Theil Nielsen jonth...@gmail.com schrieb: Hi and thanks, The base dn is not as shown. Might be some kind of paranoia... I changed the smb.conf as suggested. Did not change any other file. Now my log shows: [2012/04/14 20:29:36.891125, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/14 20:29:36.901600, 0] winbindd/idmap_ldap.c:192(verify_idpool) Multiple entries returned from (objectclass=sambaUnixIdPool) (base == dc=example,dc=com) [2012/04/14 20:29:36.901919, 1] winbindd/idmap_ldap.c:516(idmap_ldap_db_init) idmap_ldap_db_init: failed to verify ID pool (NT_STATUS_UNSUCCESSFUL) [2012/04/14 20:29:36.903646, 5] winbindd/idmap_ldap.c:421(idmap_ldap_close_destructor) The connection to the LDAP server was closed [2012/04/14 20:29:36.904039, 1] winbindd/idmap.c:249(idmap_init_domain) idmap initialization returned NT_STATUS_UNSUCCESSFUL Regards, Jon On 14 April 2012 20:14, Christian Rost christian.r...@rocon-it.de wrote: Hi, please check your ldap configuration in your smb.conf file. At first verify that your base-dn is really dc=example,dc=com. Than remove cn=Manager from each option that contains base_dn. As usual, make sure that your LDAP server is set up correctly and that everthing works fine. Than you can connect samba to your LDAP. Cheers, Christian Jon Theil Nielsen jonth...@gmail.com schrieb: Hi list, I can't make idmap talk to my LDAP server. And I haven't found an updated howto. Some entries from log.windbindd-imap: [2012/04/13 20:05:40.500475, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'ldap' [2012/04/13 20:05:40.501112, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'tdb' [2012/04/13 20:05:40.501318, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'passdb' [2012/04/13 20:05:40.501516, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'nss' [2012/04/13 20:05:40.540035, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/13 20:05:40.550305, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2012/04/13 20:05:40.592075, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.606655, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 548 [2012/04/13 20:06:23.629123, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1006 [2012/04/13 20:06:23.632141, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.637118, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1005 [2012/04/13 20:06:23.640003, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.653837, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287504, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287723, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN [2012/04/13 20:06:38.048645, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN Part of my smb.conf: [global] ldap admin dn = cn=Manager,dc=example,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=example,dc=com ldap user suffix = ou=People ldap debug level = 1 idmap config *:backend = ldap idmap config *:readonly = no idmap config *:range = 1000-199 idmap config *:ldap_url=ldap://localhost idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:backend = ldap idmap config MYDOMAIN:readonly = no idmap config MYDOMAIN:range = 1000-199 idmap config MYDOMAIN:ldap_url=ldap://localhost idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:ldap_user_dn = cn=admin,ou=Idmap,dc=example,dc=com I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems to work otherwise. At least, I can do user authentication this way. Of course, I can provide much more information from the
Re: [Samba] Configuration of idmap_ldap No backend defined
Hi and thanks, The base dn is not as shown. Might be some kind of paranoia... I changed the smb.conf as suggested. Did not change any other file. Now my log shows: [2012/04/14 20:29:36.891125, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/14 20:29:36.901600, 0] winbindd/idmap_ldap.c:192(verify_idpool) Multiple entries returned from (objectclass=sambaUnixIdPool) (base == dc=example,dc=com) [2012/04/14 20:29:36.901919, 1] winbindd/idmap_ldap.c:516(idmap_ldap_db_init) idmap_ldap_db_init: failed to verify ID pool (NT_STATUS_UNSUCCESSFUL) [2012/04/14 20:29:36.903646, 5] winbindd/idmap_ldap.c:421(idmap_ldap_close_destructor) The connection to the LDAP server was closed [2012/04/14 20:29:36.904039, 1] winbindd/idmap.c:249(idmap_init_domain) idmap initialization returned NT_STATUS_UNSUCCESSFUL Regards, Jon On 14 April 2012 20:14, Christian Rost christian.r...@rocon-it.de wrote: Hi, please check your ldap configuration in your smb.conf file. At first verify that your base-dn is really dc=example,dc=com. Than remove cn=Manager from each option that contains base_dn. As usual, make sure that your LDAP server is set up correctly and that everthing works fine. Than you can connect samba to your LDAP. Cheers, Christian Jon Theil Nielsen jonth...@gmail.com schrieb: Hi list, I can't make idmap talk to my LDAP server. And I haven't found an updated howto. Some entries from log.windbindd-imap: [2012/04/13 20:05:40.500475, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'ldap' [2012/04/13 20:05:40.501112, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'tdb' [2012/04/13 20:05:40.501318, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'passdb' [2012/04/13 20:05:40.501516, 5] winbindd/idmap.c:153(smb_register_idmap) Successfully added idmap backend 'nss' [2012/04/13 20:05:40.540035, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/13 20:05:40.550305, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2012/04/13 20:05:40.592075, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.606655, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 548 [2012/04/13 20:06:23.629123, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1006 [2012/04/13 20:06:23.632141, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.637118, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1005 [2012/04/13 20:06:23.640003, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:23.653837, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287504, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN [2012/04/13 20:06:33.287723, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN [2012/04/13 20:06:38.048645, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config MYDOMAIN Part of my smb.conf: [global] ldap admin dn = cn=Manager,dc=example,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=example,dc=com ldap user suffix = ou=People ldap debug level = 1 idmap config *:backend = ldap idmap config *:readonly = no idmap config *:range = 1000-199 idmap config *:ldap_url=ldap://localhost idmap config *:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:backend = ldap idmap config MYDOMAIN:readonly = no idmap config MYDOMAIN:range = 1000-199 idmap config MYDOMAIN:ldap_url=ldap://localhost idmap config MYDOMAIN:ldap_base_dn = cn=Manager,dc=example,dc=com idmap config MYDOMAIN:ldap_user_dn = cn=admin,ou=Idmap,dc=example,dc=com I'm running samba 3.6.3 on FreeBSD 9.0-RELEASE and my LDAP server seems to work otherwise. At least, I can do user authentication this way. Of course, I can provide much more information from the logs and the configuration files. I just don't know where to start. And any help would be much appreciated. Best regards, Jon Theil Nielsen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534