Bug 5468 - NSSwitch/idmap core dump
Summary: NSSwitch/idmap core dump
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.28
Hardware: x86 FreeBSD
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2008-05-16 16:44 UTC by Aaron Holmes
Modified: 2013-02-05 13:49 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Aaron Holmes 2008-05-16 16:44:11 UTC
First off I wasn't sure who to report this bug to - it might be the freebsd dev teams responsibility..

wbinfo -u shows AD users, however pw user show -a only shows local users (same with group lists)

/var/log/messages is filled with
May 16 14:35:19 fileserver winbindd[15426]: [2008/05/16 14:35:19, 0] nsswitch/idmap.c:idmap_alloc_init(750)
May 16 14:35:19 fileserver winbindd[15426]:   ERROR: Initialization failed for alloc backend, deferred!

]# cat /etc/nsswitch.conf
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1 2006/05/03 15:14:47 ume Exp $
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files

# cat /usr/local/etc/smb.conf
workgroup = COTN
security = ADS
password server = cotn-fs.internationaloffice.cotni.org
encrypt passwords = yes

use kerberos keytab = Yes
allow trusted domains = No
idmap backend = ldap
idmap uid = 1000-100000
idmap gid = 1000-100000
log level = 100
syslog only = Yes
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = sfu
winbind offline logon = Yes
winbind refresh tickets = True
winbind use default domain = Yes

changing security = ldap to security = ad results in...
May 16 14:41:58 fileserver winbindd[91046]:   ERROR: Could not get methods for backend ad
May 16 14:41:58 fileserver winbindd[91046]: [2008/05/16 14:41:58, 0] nsswitch/idmap.c:idmap_init(728)
May 16 14:41:58 fileserver winbindd[91046]:   Aborting IDMAP Initialization ...

I found (via google) the same issue on a number of systems but for older versions of samba - no idea if the issue persists, or if it's fixed in 3.0.28a (waiting on port update if so)
Comment 1 Aaron Holmes 2008-05-16 16:48:25 UTC
Sorry, forgot to change the OS
Comment 2 Aaron Holmes 2008-05-19 17:31:40 UTC
I changed "idmap backend" to "idmap backend = tdb" and it seems to be working with samba-3.0.28a. "ad" still returns the same errors, so i'll leave this bug open if someone else wants to pick it up.
Comment 3 Björn Jacke 2013-02-05 13:49:47 UTC
sorry for not coming to this earlier. I think this is not an isue any more. In any case, don't use the deprecated parameters "winbind use default domain" and "winbind enum users/groups". Also "password server" should be automatically got via DNS and not set manually. If you still see the problem with a cleared config with 3.6 or 4.0 please reopen this bug! Thanks.