In testing samba 3.3.0pre2 it looks like the adex plugin is not supporting groups, or users from trusted domains. root@egr214-01:/usr/local/samba/var$ getent passwd 'NAU-STUDENTS\mcm75' mcm75:*:62107:10000:mcm75:/home/mcm75:/bin/bash root@egr214-01:/usr/local/samba/var$ getent passwd 'NAU\mcm75' root@egr214-01:/usr/local/samba/var$ getent group 'NAU-STUDENTS\cefns-it_staff' root@egr214-01:/usr/local/samba/var$ getent group 'NAU-STUDENTS\cefns-cefnsweb' root@egr214-01:/usr/local/samba/var$
Created attachment 3653 [details] log files
This is strange. It works fine for me in a 2003R2 forest. $ wbinfo -m --verbose Domain Name DNS Domain Trust Type Transitive In Out BUILTIN None Yes Yes Yes GARRYCK None Yes Yes Yes HEADQ sales.plainjoe.org None Yes Yes Yes US us.sales.plainjoe.org In-Forest Yes Yes Yes $ wbinfo -i HEADQ\\gcarter gcarter:*:10000:10000:Gerald W. Carter:/home/sales/gcarter:/bin/bash $ wbinfo -i US\\Administrator Administrator:*:20001:20000:Administrator:/home/Administrator:/bin/bash I remember a bug that we Simo and I discussed last week. I'll try to track that down and see if that could explain your failures.
Created attachment 3655 [details] Semantic fix for idmap_passdb to allow other backends to continue the search This is a patch against v3-3-test. It's semantically correctly I believe and may fix your problem. I'm still not sure why my setup is working and yours is failing. Seems that we both should be hitting the failure path. But try this patch and let me know.
Still having problems. Applied the patch to 3.3.0pre2 [2008/10/04 03:34:56, 5] winbindd/winbindd_idmap.c:winbindd_sid2uid_recv(187) sid2uid returned an error [2008/10/04 03:34:56, 5] winbindd/winbindd_user.c:getpwsid_sid2uid_recv(338) Could not query uid for user NAU\mcm75 Failed! (NT_STATUS_OBJECT_NAME_NOT_FOUND) [2008/10/04 03:34:47, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = IDMAP/SID2UID/S-1-5-21-2129867641-1992771036-1243820751-513; value = -1 and timeout = Sat Oct 4 03:36:47 2008
Created attachment 3656 [details] logs Logs of running root@egr214-01:/usr/local/samba/var$ /etc/init.d/NAUsamba start root@egr214-01:/usr/local/samba/var$ ../bin/wbinfo -i NAU-STUDENTS\\mmchugh mmchugh:*:62107:10000:Christian McHugh:/home/mcm75:/bin/bash root@egr214-01:/usr/local/samba/var$ ../bin/wbinfo -i NAU-STUDENTS\\mcm75 mcm75:*:62107:10000:mcm75:/home/mcm75:/bin/bash root@egr214-01:/usr/local/samba/var$ ../bin/wbinfo -i NAU\\mcm75 Could not get info for user NAU\mcm75 root@egr214-01:/usr/local/samba/var$ ../bin/wbinfo -m --verbose Domain Name DNS Domain Trust Type Transitive In Out BUILTIN None Yes Yes Yes EGR214-01 None Yes Yes Yes NAU-STUDENTS students.froot.nau.edu None Yes Yes Yes FROOT froot.nau.edu In-Forest Yes Yes Yes ADROOT adroot.azwestern.edu None Yes Yes No NAU nau.froot.nau.edu In-Forest Yes Yes Yes root@egr214-01:/usr/local/samba/var$ /etc/init.d/NAUsamba stop
We keep hitting new problems apparently. This time: [ 3366]: sid to uid S-1-5-21-20713206-1263413069-421607344-35508 idmap_sid_to_uid: sid = [S-1-5-21-20713206-1263413069-421607344-35508] Cache entry with key = IDMAP/SID2UID/S-1-5-21-20713206-1263413069-421607344-35508 couldn't be found cell_do_search: Base = , Filter = (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\F6\0E\3C\01\4D\27\4E\4B\B0\37\21\19\B4\8A\00\00), Scope = 2, GC = yes Failed! (NT_STATUS_TRUSTED_DOMAIN_FAILURE) This code is only hit when find fine the partial record via a GC search and then attempt to connect to the associated domain to get the complete record and we cannot find the domain.
Created attachment 3660 [details] Log the domains we add to our internal list
Created attachment 3661 [details] Log the dn of ann located entries from the cell search function
Please try these two patches. The add more debug information. Also if possible to grant me remote access to a test machine build thje build environment, I can short circuit some of the latency with dealing with bugzilla.
After some private debugging on a problematic host, the issue appears to be working as expected. However, the assignment of duplicate name aliases (uid attribute), uidNumber, and gid Number values is not a supported environment. Waiting on more testing from Christian.
Christian, can we marked this as fixed now that the plugin appears to be functioning correctly (other than some configuration issues with the data stored in AD)?
Looks like I am getting crashes when attempting to connect to a file share. [2008/10/09 04:53:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (62107, 10000) - sec_ctx_stack_ndx = 0 [2008/10/09 04:53:54, 0] lib/util.c:smb_panic(1666) PANIC (pid 21466): sys_setgroups failed [2008/10/09 04:53:54, 0] lib/util.c:log_stack_trace(1820) unable to produce a stack trace on this platform [2008/10/09 04:53:54, 0] lib/fault.c:dump_core(206) dumping core in /usr/local/samba/var/cores/smbd [2008/10/09 04:53:54, 3] smbd/server.c:remove_child_pid(299) smbd/server.c:299 Unclean shutdown of pid 21466 [2008/10/09 04:53:54, 2] lib/messages_local.c:message_notify(270) message to process 21466 failed - No such process [2008/10/09 04:53:54, 2] lib/messages_local.c:messaging_tdb_send(358) pid 21466 doesn't exist - deleting messages record [2008/10/09 04:53:54, 2] lib/messages.c:traverse_fn(127) pid 21466 doesn't exist - deleting connections -1 []
Seeing the same problem with a git checkout.
(In reply to comment #12) > Looks like I am getting crashes when attempting to connect to a file share. > > [2008/10/09 04:53:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) > setting sec ctx (62107, 10000) - sec_ctx_stack_ndx = 0 > [2008/10/09 04:53:54, 0] lib/util.c:smb_panic(1666) > PANIC (pid 21466): sys_setgroups failed This is a different issue. But could you upload a complete level 10 debug file from smbd? Thanks.
Created attachment 3674 [details] Logs including crash
Just tried again with a git checkout. I'm still seeing a panic when trying to connect from a windows machine with sys_setgroups failed. Also, I seem to be unable to lookup users from a trusted domain. [2008/10/14 21:54:22, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2uid(234) [ 841]: sid to uid S-1-5-21-20713206-1263413069-421607344-35508 [2008/10/14 21:54:22, 3] winbindd/idmap_adex/provider_unified.c:search_cell_list(599) LWI (search_cell_list): NT_STATUS_TRUSTED_DOMAIN_FAILURE [2008/10/14 21:54:44, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2uid(234) [ 841]: sid to uid S-1-5-21-20713206-1263413069-421607344-35508 [2008/10/14 21:56:43, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2gid(305) [ 841]: sid to gid S-1-5-32-544 [2008/10/14 21:56:43, 2] lib/module.c:do_smb_load_module(64) Module '/usr/local/samba/lib/idmap/adex.so' loaded [2008/10/14 21:56:43, 1] winbindd/idmap.c:idmap_alloc_init(575) could not find idmap alloc module adex [2008/10/14 21:56:43, 3] winbindd/idmap.c:idmap_new_mapping(690) Could not allocate id: NT_STATUS_INVALID_PARAMETER [2008/10/14 21:56:43, 2] lib/module.c:do_smb_load_module(64) Module '/usr/local/samba/lib/idmap/adex.so' loaded [2008/10/14 21:56:43, 1] winbindd/idmap.c:idmap_alloc_init(575) could not find idmap alloc module adex [2008/10/14 21:56:43, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2gid(305) [ 841]: sid to gid S-1-5-32-545 [2008/10/14 21:56:43, 2] lib/module.c:do_smb_load_module(64) Module '/usr/local/samba/lib/idmap/adex.so' loaded [2008/10/14 21:56:43, 1] winbindd/idmap.c:idmap_alloc_init(575) could not find idmap alloc module adex [2008/10/14 21:56:43, 3] winbindd/idmap.c:idmap_new_mapping(690) Could not allocate id: NT_STATUS_INVALID_PARAMETER [2008/10/14 21:56:43, 2] lib/module.c:do_smb_load_module(64) Module '/usr/local/samba/lib/idmap/adex.so' loaded [2008/10/14 21:56:43, 1] winbindd/idmap.c:idmap_alloc_init(575) could not find idmap alloc module adex [2008/10/14 21:56:46, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2uid(234) [ 841]: sid to uid S-1-5-21-20713206-1263413069-421607344-35508 [2008/10/14 21:56:46, 3] winbindd/idmap_adex/provider_unified.c:search_cell_list(599) LWI (search_cell_list): NT_STATUS_TRUSTED_DOMAIN_FAILURE
Christian, Am at a conference this week. I'll pick back up as soon as I'm back in the office on Oct 16.
As of a git-fetch from this morning I'm still unable to lookup users from a trusted domain (such as NAU\\mcm75) and trying to connect from windows still makes smbd dump core.
(In reply to comment #18) > As of a git-fetch from this morning I'm still unable to lookup users from a > trusted domain (such as NAU\\mcm75) and trying to connect from windows still > makes smbd dump core. > I thought we already worked this out based on comment #10 and some private email. The duplicate uid values is not a supported config.
The thing is it used to work. A few git updates ago I was able to lookup users in both domains. Now I cannot. Also there is another problem of smbd crashing when I attempt to connect to the machine from windows.
To assist in clearing up the problems, I've opened new bug about the crashing problem. Bug 5848
So when I attempt to do a lookup on a user from a trusted domain I see: [2008/10/28 22:07:18, 3] winbindd/winbindd_util.c:init_child_recv(654) Could not init child [2008/10/28 22:07:18, 1] winbindd/winbindd_util.c:trustdom_recv(294) Could not receive trustdoms But wbinfo manages to see it as online root@egr214-01:/usr/local/samba/var$ ../bin/wbinfo --online-status BUILTIN : online EGR214-01 : online NAU-STUDENTS : online ADROOT : offline FROOT : online NAU : online BUS : offline
Users in other domains are still broken as of today's git checkout.
I just tried again with a git checkout, and I'm still having problems. I can lookup users in the domain to which the machine is joined, but not to any others. In the log.winbindd-idmap log I see entires for [2008/11/18 23:39:17, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2gid(305) [ 7381]: sid to gid S-1-5-21-2129867641-1992771036-1243820751-513 [2008/11/18 23:39:28, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2uid(234) [ 7381]: sid to uid S-1-5-21-20713206-1263413069-421607344-35431 [2008/11/18 23:39:28, 3] winbindd/idmap_adex/provider_unified.c:search_cell_list(599) LWI (search_cell_list): NT_STATUS_TRUSTED_DOMAIN_FAILURE [2008/11/18 23:39:32, 3] winbindd/winbindd_idmap.c:winbindd_dual_sid2uid(234) [ 7381]: sid to uid S-1-5-21-20713206-1263413069-421607344-13796 [2008/11/18 23:39:32, 3] winbindd/idmap_adex/provider_unified.c:search_cell_list(599) LWI (search_cell_list): NT_STATUS_TRUSTED_DOMAIN_FAILURE This worked for 3.3pre2, so I think something was broken shortly afterward.
Clearing out /usr/local/samba and installing again, from scratch seems to have fixed my lookup problems. I don't know what made it get confused, but both 3.3.0pre2 and a git checkout once again perform lookups for me.