Hi,
I've just changed the LAN's domain and most things now work (after a bit of effort). One thing has broken which I cannot fix. I can no longer access my samba shares and I am getting a lot of logged error messages In /var/log/samba/log.winbindd-idmap I initially got:
This one is beyond me. Can anyone please help me?
TIA,
Nick
I've just changed the LAN's domain and most things now work (after a bit of effort). One thing has broken which I cannot fix. I can no longer access my samba shares and I am getting a lot of logged error messages In /var/log/samba/log.winbindd-idmap I initially got:
[2014/05/26 17:12:29.450009, 1] winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config HOME
[2014/05/26 17:12:29.450879, 0] lib/smbldap.c:1225(smbldap_connect_system)
failed to bind to server ldap://127.0.0.1 with dn="cn=manager,ou=Internal,dc=howitts,dc=lan" Error: Invalid credentials
(unknown)
followed by a lot of:[2014/05/26 17:12:29.451119, 1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 1 try!
[2014/05/26 17:12:30.452021, 1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 2 try!
Rebooting the server (to try to fix an e-mail authentication issue) stopped these messages but now I get a lot of:[2014/05/26 19:34:33.504639, 0] winbindd/idmap_ldap.c:113(get_credentials)
get_credentials: Unable to fetch auth credentials for cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk in *
[2014/05/26 19:34:33.504732, 1] winbindd/idmap_ldap.c:501(idmap_ldap_db_init)
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
[2014/05/26 19:34:33.504782, 1] winbindd/idmap.c:249(idmap_init_domain)
idmap initialization returned NT_STATUS_ACCESS_DENIED
whenever I try to map a drive and I can no longer map to my shares.This one is beyond me. Can anyone please help me?
TIA,
Nick
Share this post:
Responses (4)
-
Accepted Answer
Glad its working now!
Odd...as it exists on my system here as part of app-samba-core
[root@leonardo ~]# rpm -qf /var/clearos/events/openldap_configuration/samba
app-samba-core-1.6.0-1.v6.noarch
The contents of the script call the two scripts you have found anyway
#!/bin/sh -x
if [ -e /var/clearos/samba/initialized_openldap ]; then
/usr/clearos/apps/samba/deploy/cleanup-ldap
/usr/clearos/apps/samba/deploy/cleanup-sids
# Seems to do some sort of LDAP sync, there's a better way no doubt
/usr/bin/pdbedit -L -v >/dev/null 2>&1
/sbin/service winbind condrestart
/sbin/service nmb condrestart
/sbin/service smb condrestart
fi -
Accepted Answer
Tim,
Thanks for the reply.
clearsyncd is running (and I believe was before I rebooted)
There is nothing obvious in /var/clearos/events/* - not an openldap_configuration. Did you perhaps mean /usr/clearos/apps/samba/deploy? There are a couple of scripts there (/usr/clearos/apps/samba/deploy/cleanup-ldap and /usr/clearos/apps/samba/deploy/cleanup-sids) which clean up something. I've just tried them (again?) ..... and it seems to work this time. :kiss: I don't know which one of them did it. I did file a bug report earlier. I'll add a note to it to that effect.
I had been through the syncaction file with parameters to call up the various subroutines and that did nothing and I'd worked my way through the upgrade script.
This has been a bit painful as I also hit a problem with all my e-mails when changing domain and it was fixed by a reboot. That was another bug report!
Thanks a bunch. I had been staring at a complete reinstall.
Nick -
Accepted Answer
Hi Nick - I'm not 100% sure, but I think this sort of thing should be handled by the clearsyncd daemon (is it running?)
There are several watch events that should trigger a 'sync' action of sorts between LDAP and Samba. These actions are stored as PHP scripts in /var/clearos/events/xxx
You could try running this one manually which would appear to run two subscripts to cleanup LDAP and SIDS (both stored in the samba deploy subfolder. The script is here:-
/var/clearos/events/openldap_configuration/samba
In particular it calls pdbedit which appears to carry out some sort of LDAP sync too...might help?
Samba also stored it's config within local databases (tdb files) contained at /var/lib/samba/
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html
FYI apps contain their own setup scripts, and these are usually located within the deploy subfolder, e.g. /usr/clearos/apps/appname/deploy/install. Removal of the app (not necessarily the base samba package) and reinstalling is sometimes enough to reset things
PS The ClearSync configs are stored in /etc/clearsync.d/ -
Accepted Answer
Bump. I'd love some help with this one.
I've tried searching the many samba rpm's for all their post-install scripts and nothing obvious shown up on how the credentials initially get set up.
I am not sure if removing and reinstalling all the samba packages will help.
There is virtually nothing on the internet - the only thing I found is that the bind password should be stored with a "net idmap secret * password".
The /etc/samba/smb.winbind.conf appears to be set correctly (i.e it is like the old one but dc=lan now reads dc=co,dc=uk which is as I'd expect)
'ldapsearch -D "cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk" -b "" objectclass=* -w PASSWORD' successfully runs.
Everything else on the server appears to work so it appears to be some sort of problem between samba and ldap only
Although I backed up LDAP before I did the change, restoring the backup is unlikely to help because of the syncactions the change triggered.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »