Bug 12295 - id mapping lookup through idmap_ad broken for clustered setups
Summary: id mapping lookup through idmap_ad broken for clustered setups
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.5.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-09-27 19:02 UTC by Christof Schmitt
Modified: 2016-10-25 07:44 UTC (History)
2 users (show)

See Also:

Patches for 4.5 (3.19 KB, patch)
2016-09-30 16:39 UTC, Christof Schmitt
jra: review+
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Christof Schmitt 2016-09-27 19:02:52 UTC
Configuring winbindd to retrieve id mappings through idmap_ad does not
work in a clustered setup. log.winbindd-idmap shows:

[2016/09/27 20:55:51.624381,  2, pid=31988, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lib/samba/private/secrets.tdb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.tdb: No such file or directory
[2016/09/27 20:55:51.624440,  3, pid=31988, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:430(db_open_tdb)
  Could not open tdb: No such file or directory
[2016/09/27 20:55:51.624474,  1, pid=31988, effective(0, 0), real(0, 0)] ../auth/credentials/credentials_secrets.c:399(cli_credentials_set_machine_account_db_ctx)
  Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: error and failed to open /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[2016/09/27 20:55:51.624507, 10, pid=31988, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:314(idmap_ad_get_tldap_ctx)
  idmap_ad_get_tldap_ctx: cli_credentials_set_machine_account failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

The problem here is that idmap_ad only looks in a local tdb file for the
credential information, not a clustered tdb. A secondary problem is that
this error is incorrectly handled in the main thread.

Patches to follow.
Comment 1 Christof Schmitt 2016-09-30 16:39:07 UTC
Created attachment 12523 [details]
Patches for 4.5
Comment 2 Jeremy Allison 2016-10-03 18:48:36 UTC
Reassigning to Karolin for inclusion in 4.5.next.
Comment 3 Karolin Seeger 2016-10-19 07:53:06 UTC
(In reply to Jeremy Allison from comment #2)
Pushed to autobuild-v4-5-test.
Comment 4 Karolin Seeger 2016-10-25 07:44:35 UTC
(In reply to Karolin Seeger from comment #3)
Pushed to v4-5-test.
Closing out bug report.