Forums

Resolved
0 votes
Hi,

I've just changed the LAN's domain and most things now work (after a bit of effort). One thing has broken which I cannot fix. I can no longer access my samba shares and I am getting a lot of logged error messages In /var/log/samba/log.winbindd-idmap I initially got:
[2014/05/26 17:12:29.450009,  1] winbindd/idmap.c:288(idmap_init_named_domain)
no backend defined for idmap config HOME
[2014/05/26 17:12:29.450879, 0] lib/smbldap.c:1225(smbldap_connect_system)
failed to bind to server ldap://127.0.0.1 with dn="cn=manager,ou=Internal,dc=howitts,dc=lan" Error: Invalid credentials
(unknown)
followed by a lot of:
[2014/05/26 17:12:29.451119,  1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 1 try!
[2014/05/26 17:12:30.452021, 1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 2 try!
Rebooting the server (to try to fix an e-mail authentication issue) stopped these messages but now I get a lot of:
[2014/05/26 19:34:33.504639,  0] winbindd/idmap_ldap.c:113(get_credentials)
get_credentials: Unable to fetch auth credentials for cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk in *
[2014/05/26 19:34:33.504732, 1] winbindd/idmap_ldap.c:501(idmap_ldap_db_init)
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
[2014/05/26 19:34:33.504782, 1] winbindd/idmap.c:249(idmap_init_domain)
idmap initialization returned NT_STATUS_ACCESS_DENIED
whenever I try to map a drive and I can no longer map to my shares.

This one is beyond me. Can anyone please help me?

TIA,

Nick
Monday, May 26 2014, 07:31 PM
Like
1
Share this post:
Responses (4)
  • Accepted Answer

    Tuesday, May 27 2014, 02:41 PM - #Permalink
    Resolved
    0 votes
    Glad its working now!

    Odd...as it exists on my system here as part of app-samba-core
    [root@leonardo ~]# rpm -qf /var/clearos/events/openldap_configuration/samba
    app-samba-core-1.6.0-1.v6.noarch

    The contents of the script call the two scripts you have found anyway :)

    #!/bin/sh -x

    if [ -e /var/clearos/samba/initialized_openldap ]; then
    /usr/clearos/apps/samba/deploy/cleanup-ldap
    /usr/clearos/apps/samba/deploy/cleanup-sids
    # Seems to do some sort of LDAP sync, there's a better way no doubt
    /usr/bin/pdbedit -L -v >/dev/null 2>&1

    /sbin/service winbind condrestart
    /sbin/service nmb condrestart
    /sbin/service smb condrestart
    fi
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, May 27 2014, 02:09 PM - #Permalink
    Resolved
    0 votes
    Tim,
    Thanks for the reply.
    clearsyncd is running (and I believe was before I rebooted)
    There is nothing obvious in /var/clearos/events/* - not an openldap_configuration. Did you perhaps mean /usr/clearos/apps/samba/deploy? There are a couple of scripts there (/usr/clearos/apps/samba/deploy/cleanup-ldap and /usr/clearos/apps/samba/deploy/cleanup-sids) which clean up something. I've just tried them (again?) ..... and it seems to work this time. :kiss: I don't know which one of them did it. I did file a bug report earlier. I'll add a note to it to that effect.

    I had been through the syncaction file with parameters to call up the various subroutines and that did nothing and I'd worked my way through the upgrade script.

    This has been a bit painful as I also hit a problem with all my e-mails when changing domain and it was fixed by a reboot. That was another bug report!

    Thanks a bunch. I had been staring at a complete reinstall.

    Nick
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, May 27 2014, 12:43 PM - #Permalink
    Resolved
    1 votes
    Hi Nick - I'm not 100% sure, but I think this sort of thing should be handled by the clearsyncd daemon (is it running?)

    There are several watch events that should trigger a 'sync' action of sorts between LDAP and Samba. These actions are stored as PHP scripts in /var/clearos/events/xxx

    You could try running this one manually which would appear to run two subscripts to cleanup LDAP and SIDS (both stored in the samba deploy subfolder. The script is here:-
    /var/clearos/events/openldap_configuration/samba
    In particular it calls pdbedit which appears to carry out some sort of LDAP sync too...might help?

    Samba also stored it's config within local databases (tdb files) contained at /var/lib/samba/
    http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html

    FYI apps contain their own setup scripts, and these are usually located within the deploy subfolder, e.g. /usr/clearos/apps/appname/deploy/install. Removal of the app (not necessarily the base samba package) and reinstalling is sometimes enough to reset things

    PS The ClearSync configs are stored in /etc/clearsync.d/
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, May 27 2014, 10:48 AM - #Permalink
    Resolved
    0 votes
    Bump. I'd love some help with this one.

    I've tried searching the many samba rpm's for all their post-install scripts and nothing obvious shown up on how the credentials initially get set up.
    I am not sure if removing and reinstalling all the samba packages will help.
    There is virtually nothing on the internet - the only thing I found is that the bind password should be stored with a "net idmap secret * password".
    The /etc/samba/smb.winbind.conf appears to be set correctly (i.e it is like the old one but dc=lan now reads dc=co,dc=uk which is as I'd expect)
    'ldapsearch -D "cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk" -b "" objectclass=* -w PASSWORD' successfully runs.
    Everything else on the server appears to work so it appears to be some sort of problem between samba and ldap only

    Although I backed up LDAP before I did the change, restoring the backup is unlikely to help because of the syncactions the change triggered.
    The reply is currently minimized Show
Your Reply