Bluehost.com Web Hosting $6.95

Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind

This is a discussion on Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind within the Samba forums, part of the Networking and Network Related category; Hello, Ok, so I fixed the ACL to your example #access to dn.base="" by * read #access to ...


Go Back   Usenet Forums > Networking and Network Related > Samba

Reload this Page Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-29-2005
Kristof Bruyninckx
 
Posts: n/a
Default Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind
Hello,

Ok, so I fixed the ACL to your example

#access to dn.base="" by * read
#access to dn.base="cn=subschema" by * read
access to attr=userPassword
by dn.base="uid=samba,ou=Idmap,dc=thales,dc=be" write
by self write
by anonymous auth
by * none
access to *
by dn.base="uid=samba,ou=Idmap,dc=thales,dc=be" write
by self write
by users read



, but now the following occurs:

When I launch the smb & winbind instances :

>From the LDAP /var/log/messages, debug lvl 220:
snip"
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f6dc38 ptr=0x08f6dc38
end=0x08f6dc84 len=76
Sep 29 10:59:52 linux14 slapd: 0000: 02 01 01 60 47 02 01 03 04 1a
63 6e 3d 4d 61 6e ...`G.....cn=Man
Sep 29 10:59:52 linux14 slapd: 0010: 61 67 65 72 2c 64 63 3d 74 68
61 6c 65 73 2c 64 ager,dc=thales,d
Sep 29 10:59:52 linux14 slapd: 0020: 63 3d 62 65 80 26 7b 53 53 48
41 7d 37 41 52 32 c=be.&{SSHA}7AR2
Sep 29 10:59:52 linux14 slapd: 0030: 53 6c 30 53 45 69 46 57 46 75
4a 52 78 38 62 56 Sl0SEiFWFuJRx8bV
Sep 29 10:59:52 linux14 slapd: 0040: 78 41 63 68 55 35 4d 4e 73 6c
4d 76 xAchU5MNslMv
Sep 29 10:59:52 linux14 slapd: daemon: select: listen=6 active_threads=0
tvp=NULL
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f6dc38 ptr=0x08f6dc3b
end=0x08f6dc84 len=73
Sep 29 10:59:52 linux14 slapd: 0000: 60 47 02 01 03 04 1a 63 6e 3d
4d 61 6e 61 67 65 `G.....cn=Manage
Sep 29 10:59:52 linux14 slapd: 0010: 72 2c 64 63 3d 74 68 61 6c 65
73 2c 64 63 3d 62 r,dc=thales,dc=b
Sep 29 10:59:52 linux14 slapd: 0020: 65 80 26 7b 53 53 48 41 7d 37
41 52 32 53 6c 30 e.&{SSHA}7AR2Sl0
Sep 29 10:59:52 linux14 slapd: 0030: 53 45 69 46 57 46 75 4a 52 78
38 62 56 78 41 63 SEiFWFuJRx8bVxAc
Sep 29 10:59:52 linux14 slapd: 0040: 68 55 35 4d 4e 73 6c 4d 76
hU5MNslMv
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f6dc38 ptr=0x08f6dc5c
end=0x08f6dc84 len=40
Sep 29 10:59:52 linux14 slapd: 0000: 00 26 7b 53 53 48 41 7d 37 41
52 32 53 6c 30 53 .&{SSHA}7AR2Sl0S
Sep 29 10:59:52 linux14 slapd: 0010: 45 69 46 57 46 75 4a 52 78 38
62 56 78 41 63 68 EiFWFuJRx8bVxAch
Sep 29 10:59:52 linux14 slapd: 0020: 55 35 4d 4e 73 6c 4d 76
U5MNslMv
Sep 29 10:59:52 linux14 slapd: ==> ldbm_back_bind: dn:
cn=Manager,dc=thales,dc=be
Sep 29 10:59:52 linux14 slapd: send_ldap_result: err=49 matched=""
text=""
Sep 29 10:59:52 linux14 slapd: daemon: select: listen=7 active_threads=0
tvp=NULL
Sep 29 10:59:52 linux14 slapd: daemon: activity on 1 descriptors
Sep 29 10:59:52 linux14 slapd: daemon: activity on: 8r
Sep 29 10:59:52 linux14 slapd: daemon: read activity on 8
Sep 29 10:59:52 linux14 slapd: connection_get(8)
snip"

which to my opinion is odd since it is no longer used in samba. And it
fails to authenticate. I tried a reset off the password, and changed the
entries in ldap.conf and slapd.conf. Once done, I tried to modify an
existing entry with ldapmodify which was successfully. Is samba here
still trying to access the LDAP with this account?

snip"
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f4ce60 ptr=0x08f4ce60
end=0x08f4ce97 len=55
Sep 29 10:59:52 linux14 slapd: 0000: 02 01 01 60 32 02 01 03 04 22
75 69 64 3d 73 61 ...`2...."uid=sa
Sep 29 10:59:52 linux14 slapd: 0010: 6d 62 61 2c 6f 75 3d 49 64 6d
61 70 2c 64 63 3d mba,ou=Idmap,dc=
Sep 29 10:59:52 linux14 slapd: 0020: 74 68 61 6c 65 73 2c 64 63 3d
62 65 80 09 61 71 thales,dc=be..secret
Sep 29 10:59:52 linux14 slapd: 0030: 77 31 32 33 7a 73
78
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f4ce60 ptr=0x08f4ce63
end=0x08f4ce97 len=52
Sep 29 10:59:52 linux14 slapd: 0000: 60 32 02 01 03 04 22 75 69 64
3d 73 61 6d 62 61 `2...."uid=samba
Sep 29 10:59:52 linux14 slapd: 0010: 2c 6f 75 3d 49 64 6d 61 70 2c
64 63 3d 74 68 61 ,ou=Idmap,dc=tha
Sep 29 10:59:52 linux14 slapd: 0020: 6c 65 73 2c 64 63 3d 62 65 80
09 61 71 77 31 32 les,dc=be..secret
Sep 29 10:59:52 linux14 slapd: 0030: 33 7a 73
78
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f4ce60 ptr=0x08f4ce8c
end=0x08f4ce97 len=11
Sep 29 10:59:52 linux14 slapd: 0000: 00 09 61 71 77 31 32 33 7a 73
78 ..secret
Sep 29 10:59:52 linux14 slapd: ==> ldbm_back_bind: dn:
uid=samba,ou=Idmap,dc=thales,dc=be
Sep 29 10:59:52 linux14 slapd: daemon: select: listen=6 active_threads=0
tvp=NULL
Sep 29 10:59:52 linux14 slapd: => access_allowed: auth access to
"uid=samba,ou=Idmap,dc=thales,dc=be" "userPassword" requested
Sep 29 10:59:52 linux14 slapd: => acl_get: [1] attr userPassword
Sep 29 10:59:52 linux14 slapd: => acl_mask: access to entry
"uid=samba,ou=Idmap,dc=thales,dc=be", attr "userPassword" requested
Sep 29 10:59:52 linux14 slapd: => acl_mask: to all values by "", (=n)
Sep 29 10:59:52 linux14 slapd: <= check a_dn_pat:
uid=samba,ou=idmap,dc=thales,dc=be
Sep 29 10:59:52 linux14 slapd: <= check a_dn_pat: self
Sep 29 10:59:52 linux14 slapd: <= check a_dn_pat: anonymous
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [3] applying auth(=x) (stop)
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [3] mask: auth(=x)
Sep 29 10:59:52 linux14 slapd: => access_allowed: auth access granted by
auth(=x)
Sep 29 10:59:52 linux14 slapd: daemon: select: listen=7 active_threads=0
tvp=NULL
Sep 29 10:59:52 linux14 slapd: send_ldap_result: err=0 matched=""
text=""
Sep 29 10:59:52 linux14 slapd: daemon: activity on 1 descriptors
Sep 29 10:59:52 linux14 slapd: daemon: activity on:
snip"

What ever is happening here, it seems that the samba users is not
getting write permissions.

third part
snip"

Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f4ce60 ptr=0x08f4ce60
end=0x08f4ce97 len=55
Sep 29 10:59:52 linux14 slapd: 0000: 02 01 02 63 32 04 00 0a 01 00
0a 01 00 02 01 00 ...c2...........
Sep 29 10:59:52 linux14 slapd: 0010: 02 01 00 01 01 00 87 0b 6f 62
6a 65 63 74 63 6c ........objectcl
Sep 29 10:59:52 linux14 slapd: 0020: 61 73 73 30 12 04 10 73 75 70
70 6f 72 74 65 64 ass0...supported
Sep 29 10:59:52 linux14 slapd: 0030: 43 6f 6e 74 72 6f 6c
Control
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f4ce60 ptr=0x08f4ce63
end=0x08f4ce97 len=52
Sep 29 10:59:52 linux14 slapd: 0000: 63 32 04 00 0a 01 00 0a 01 00
02 01 00 02 01 00 c2..............
Sep 29 10:59:52 linux14 slapd: 0010: 01 01 00 87 0b 6f 62 6a 65 63
74 63 6c 61 73 73 .....objectclass
Sep 29 10:59:52 linux14 slapd: 0020: 30 12 04 10 73 75 70 70 6f 72
74 65 64 43 6f 6e 0...supportedCon
Sep 29 10:59:52 linux14 slapd: 0030: 74 72 6f 6c
trol
Sep 29 10:59:52 linux14 slapd: daemon: select: listen=6 active_threads=0
tvp=NULL
Sep 29 10:59:52 linux14 slapd: SRCH "" 0 0 0 0 0
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f4ce60 ptr=0x08f4ce76
end=0x08f4ce97 len=33
Sep 29 10:59:52 linux14 slapd: 0000: 87 0b 6f 62 6a 65 63 74 63 6c
61 73 73 30 12 04 ..objectclass0..
Sep 29 10:59:52 linux14 slapd: 0010: 10 73 75 70 70 6f 72 74 65 64
43 6f 6e 74 72 6f .supportedContro
Sep 29 10:59:52 linux14 slapd: 0020: 6c
l
Sep 29 10:59:52 linux14 slapd: filter: (objectClass=*)
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f4ce60 ptr=0x08f4ce83
end=0x08f4ce97 len=20
Sep 29 10:59:52 linux14 slapd: 0000: 00 12 04 10 73 75 70 70 6f 72
74 65 64 43 6f 6e ....supportedCon
Sep 29 10:59:52 linux14 slapd: 0010: 74 72 6f 6c
trol
Sep 29 10:59:52 linux14 slapd: attrs: supportedControl
Sep 29 10:59:52 linux14 slapd: => access_allowed: search access to ""
"objectClass" requested
Sep 29 10:59:52 linux14 slapd: => acl_get: [2] attr objectClass
Sep 29 10:59:52 linux14 slapd: => acl_mask: access to entry "", attr
"objectClass" requested
Sep 29 10:59:52 linux14 slapd: => acl_mask: to all values by
"uid=samba,ou=idmap,dc=thales,dc=be", (=n)
Sep 29 10:59:52 linux14 slapd: <= check a_dn_pat:
uid=samba,ou=idmap,dc=thales,dc=be
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] applying write(=wrscx)
(stop)
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] mask: write(=wrscx)
Sep 29 10:59:52 linux14 slapd: => access_allowed: search access granted
by write(=wrscx)
Sep 29 10:59:52 linux14 slapd: => access_allowed: read access to ""
"entry" requested
Sep 29 10:59:52 linux14 slapd: => acl_get: [2] attr entry
Sep 29 10:59:52 linux14 slapd: => acl_mask: access to entry "", attr
"entry" requested
Sep 29 10:59:52 linux14 slapd: => acl_mask: to all values by
"uid=samba,ou=idmap,dc=thales,dc=be", (=n)
Sep 29 10:59:52 linux14 slapd: <= check a_dn_pat:
uid=samba,ou=idmap,dc=thales,dc=be
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] applying write(=wrscx)
(stop)
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] mask: write(=wrscx)
Sep 29 10:59:52 linux14 slapd: => access_allowed: read access granted by
write(=wrscx)
Sep 29 10:59:52 linux14 slapd: => access_allowed: read access to ""
"supportedControl" requested
Sep 29 10:59:52 linux14 slapd: => acl_get: [2] attr supportedControl
Sep 29 10:59:52 linux14 slapd: daemon: select: listen=7 active_threads=0
tvp=NULL
Sep 29 10:59:52 linux14 slapd: access_allowed: no res from state
(supportedControl)
Sep 29 10:59:52 linux14 slapd: => acl_mask: access to entry "", attr
"supportedControl" requested
Sep 29 10:59:52 linux14 slapd: => acl_mask: to value by
"uid=samba,ou=idmap,dc=thales,dc=be", (=n)
Sep 29 10:59:52 linux14 slapd: <= check a_dn_pat:
uid=samba,ou=idmap,dc=thales,dc=be
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] applying write(=wrscx)
(stop)
Sep 29 10:59:52 linux14 slapd: <= acl_mask: [1] mask: write(=wrscx)
Sep 29 10:59:52 linux14 slapd: => access_allowed: read access granted by
write(=wrscx)
Sep 29 10:59:52 linux14 slapd: send_ldap_result: err=0 matched=""
text=""
snip"

But here LDAP does grant the samba user the proper permissions.

the log ends with the following:
Sep 29 10:59:52 linux14 slapd: do_modify: dn (ou=Idmap,dc=thales,dc=be)
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f6df28 ptr=0x08f6df49
end=0x08f6dfa6 len=93
Sep 29 10:59:52 linux14 slapd: 0000: 30 25 0a 01 00 30 20 04 0b 6f
62 6a 65 63 74 43 0%...0 ..objectC
Sep 29 10:59:52 linux14 slapd: 0010: 6c 61 73 73 31 11 04 0f 73 61
6d 62 61 55 6e 69 lass1...sambaUni
Sep 29 10:59:52 linux14 slapd: 0020: 78 49 64 50 6f 6f 6c 30 19 0a
01 00 30 14 04 09 xIdPool0....0...
Sep 29 10:59:52 linux14 slapd: 0030: 75 69 64 4e 75 6d 62 65 72 31
07 04 05 31 30 30 uidNumber1...100
Sep 29 10:59:52 linux14 slapd: 0040: 30 30 30 19 0a 01 00 30 14 04
09 67 69 64 4e 75 000....0...gidNu
Sep 29 10:59:52 linux14 slapd: 0050: 6d 62 65 72 31 07 04 05 31 30
30 30 30 mber1...10000
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f6df28 ptr=0x08f6df70
end=0x08f6dfa6 len=54
Sep 29 10:59:52 linux14 slapd: 0000: 30 19 0a 01 00 30 14 04 09 75
69 64 4e 75 6d 62 0....0...uidNumb
Sep 29 10:59:52 linux14 slapd: 0010: 65 72 31 07 04 05 31 30 30 30
30 30 19 0a 01 00 er1...100000....
Sep 29 10:59:52 linux14 slapd: 0020: 30 14 04 09 67 69 64 4e 75 6d
62 65 72 31 07 04 0...gidNumber1..
Sep 29 10:59:52 linux14 slapd: 0030: 05 31 30 30 30
30 .10000
Sep 29 10:59:52 linux14 slapd: ber_dump: buf=0x08f6df28 ptr=0x08f6df8b
end=0x08f6dfa6 len=27
Sep 29 10:59:52 linux14 slapd: 0000: 30 19 0a 01 00 30 14 04 09 67
69 64 4e 75 6d 62 0....0...gidNumb
Sep 29 10:59:52 linux14 slapd: 0010: 65 72 31 07 04 05 31 30 30 30
30 er1...10000
Sep 29 10:59:52 linux14 slapd: modifications:
Sep 29 10:59:52 linux14 slapd: add: objectClass
Sep 29 10:59:52 linux14 slapd: one value, length 15
Sep 29 10:59:53 linux14 slapd: add: uidNumber
Sep 29 10:59:53 linux14 slapd: one value, length 5
Sep 29 10:59:53 linux14 slapd: add: gidNumber
Sep 29 10:59:53 linux14 slapd: one value, length 5
Sep 29 10:59:53 linux14 slapd: send_ldap_result: err=21 matched=""
text="objectClass: value #0 invalid per syntax"

entry from the smbd.log


[2005/09/29 10:59:52, 3] sam/idmap.c:idmap_init(132)
idmap_init: using 'ldap' as remote backend
[2005/09/29 10:59:52, 2] lib/smbldap.c:smbldap_open_connection(630)
smbldap_open_connection: connection opened
[2005/09/29 10:59:52, 3] lib/smbldap.c:smbldap_connect_system(805)
ldap_connect_system: succesful connection to the LDAP server
[2005/09/29 10:59:52, 4] lib/smbldap.c:smbldap_open(869)
The LDAP server is succesfully connected
[2005/09/29 10:59:52, 0] sam/idmap.c:idmap_init(138)
idmap_init: failed to initialize remote backend!
[2005/09/29 10:59:52, 1] nsswitch/winbindd.c:main(968)
Could not init idmap -- netlogon proxy only

Any thoughts on this problem?

Kind regards


--
Bruyninckx Kristof
Thales Services Division
GNU&Linux/Unix System Administrator / Test developer
Tel: 02/674.76.49.19
kristof.bruyninckx@thales-is.com

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 06:57 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0