Bug 1578291
| Summary: | Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Thorsten Scherf <tscherf> | ||||
| Component: | sssd | Assignee: | Sumit Bose <sbose> | ||||
| Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 7.5 | CC: | fidencio, grajaiya, jhrozek, lslebodn, mkosek, mniranja, mpanaous, mzidek, nsoman, pbrezina, sbose, sgoveas, tscherf | ||||
| Target Milestone: | rc | Keywords: | ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | sssd-1.16.0-24.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1580281 (view as bug list) | Environment: | |||||
| Last Closed: | 2018-10-30 10:42:30 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1580281 | ||||||
| Attachments: |
|
||||||
Upstream ticket: https://pagure.io/SSSD/sssd/issue/3741 Created attachment 1436755 [details]
tar-ball with a test build which should fix the idmap version issue
master: c6b99b0 And also: 095bbe1 Versions:
=========
libsss_idmap-1.16.0-19.el7_5.5.x86_64
libsss_sudo-1.16.0-19.el7_5.5.x86_64
libsss_autofs-1.16.0-19.el7_5.5.x86_64
libsss_nss_idmap-1.16.0-19.el7_5.5.x86_64
sssd-common-1.16.0-19.el7_5.5.x86_64
sssd-ipa-1.16.0-19.el7_5.5.x86_64
sssd-1.16.0-19.el7_5.5.x86_64
sssd-winbind-idmap-1.16.0-19.el7_5.5.x86_64
libsss_certmap-1.16.0-19.el7_5.5.x86_64
python-sssdconfig-1.16.0-19.el7_5.5.noarch
sssd-client-1.16.0-19.el7_5.5.x86_64
sssd-krb5-common-1.16.0-19.el7_5.5.x86_64
sssd-ad-1.16.0-19.el7_5.5.x86_64
sssd-ldap-1.16.0-19.el7_5.5.x86_64
sssd-proxy-1.16.0-19.el7_5.5.x86_64
sssd-kcm-1.16.0-19.el7_5.5.x86_64
sssd-common-pac-1.16.0-19.el7_5.5.x86_64
sssd-krb5-1.16.0-19.el7_5.5.x86_64
[sssd]
domains = testrelm.test
config_file_version = 2
services = nss, pam
[domain/testrelm.test]
ad_domain = testrelm.test
krb5_realm = TESTRELM.TEST
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
debug_level = 9
Steps:
1. Join RHEL7.5 system to windows AD domain using below command
realm join -v TESTRELM.TEST --membership-software=samba
2. Configure smb.conf as below
cat /etc/samba/smb.conf
[global]
workgroup = TESTRELM
realm = TESTRELM.TEST
security = ads
client signing = yes
client use spnego = yes
idmap config * : backend = sss
idmap config * : range = 200000-2147483647
log level = 9
3. restart winbind
$ systemctl restart winbind
4. Run wbinfo
[root@host-8-242-110 sssd]# wbinfo -i TESTRELM\\administrator
TESTRELM\administrator:*:1507800500:1507800513::/home/TESTRELM/administrator:/bin/false
[root@host-8-242-110 sssd]# systemctl status winbind
● winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-06-04 23:37:19 EDT; 8min ago
Main PID: 11675 (winbindd)
Status: "winbindd: ready to serve connections..."
CGroup: /system.slice/winbind.service
├─11675 /usr/sbin/winbindd --foreground --no-process-group
├─11677 /usr/sbin/winbindd --foreground --no-process-group
└─22302 /usr/sbin/winbindd --foreground --no-process-group
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com systemd[1]: Starting Samba Winbind Daemon...
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: [2018/06/04 23:37:19.089894, 0] ../source3/winbindd/winbindd_cache.c:3170(initialize_winbindd_cache)
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: [2018/06/04 23:37:19.094727, 0] ../lib/util/become_daemon.c:124(daemon_ready)
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com systemd[1]: Started Samba Winbind Daemon.
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: STATUS=daemon 'winbindd' finished starting up and ready to serve connectio
Versions:
libsss_sudo-1.16.2-4.el7.x86_64
sssd-common-1.16.2-4.el7.x86_64
sssd-ad-1.16.2-4.el7.x86_64
sssd-proxy-1.16.2-4.el7.x86_64
sssd-winbind-idmap-1.16.2-4.el7.x86_64
libsss_nss_idmap-1.16.2-4.el7.x86_64
sssd-client-1.16.2-4.el7.x86_64
sssd-krb5-common-1.16.2-4.el7.x86_64
sssd-ldap-1.16.2-4.el7.x86_64
sssd-dbus-1.16.2-4.el7.x86_64
sssd-tools-1.16.2-4.el7.x86_64
libsss_certmap-1.16.2-4.el7.x86_64
sssd-libwbclient-1.16.2-4.el7.x86_64
sssd-common-pac-1.16.2-4.el7.x86_64
sssd-krb5-1.16.2-4.el7.x86_64
libsss_simpleifp-1.16.2-4.el7.x86_64
sssd-1.16.2-4.el7.x86_64
libsss_idmap-1.16.2-4.el7.x86_64
python-sssdconfig-1.16.2-4.el7.noarch
libsss_autofs-1.16.2-4.el7.x86_64
sssd-ipa-1.16.2-4.el7.x86_64
python-sss-1.16.2-4.el7.x86_64
sssd-kcm-1.16.2-4.el7.x86_64
samba-winbind-modules-4.8.3-1.el7.x86_64
samba-winbind-4.8.3-1.el7.x86_64
samba-winbind-clients-4.8.3-1.el7.x86_64
[root@smbclient01 samba]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 Beta (Maipo)
[root@smbclient01 samba]# echo "Secret123" | realm join -v JUNO.TEST --user Administrator --membership-software=samba
* Resolving: _ldap._tcp.juno.test
* Performing LDAP DSE lookup on: 10.65.223.136
* Successfully discovered: juno.test
Password for Administrator:
* Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.UXMULZ -U Administrator ads join juno.test
Enter Administrator's password:
Using short domain name -- JUNO
Joined 'SMBCLIENT01' to dns domain 'juno.test'
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.UXMULZ -U Administrator ads keytab create
Enter Administrator's password:
* /usr/bin/systemctl enable sssd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/sssd.service to /usr/lib/systemd/system/sssd.service.
* /usr/bin/systemctl restart sssd.service
* /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
* Successfully enrolled machine in realm
[root@smbclient01 samba]# systemctl restart sssd.service
[root@smbclient01 samba]# wbinfo -i JUNO\\administrator
administrator:*:842000500:842000513:Administrator:/home/administrator:/bin/bas
● winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-07-14 06:42:17 EDT; 33s ago
Docs: man:winbindd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 2592 (winbindd)
Status: "winbindd: ready to serve connections..."
CGroup: /system.slice/winbind.service
├─2592 /usr/sbin/winbindd --foreground --no-process-group
└─2594 /usr/sbin/winbindd --foreground --no-process-group
Jul 14 06:42:17 smbclient01.juno.test systemd[1]: Starting Samba Winbind Daemon...
Jul 14 06:42:17 smbclient01.juno.test winbindd[2592]: [2018/07/14 06:42:17.398879, 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Jul 14 06:42:17 smbclient01.juno.test winbindd[2592]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jul 14 06:42:17 smbclient01.juno.test winbindd[2592]: [2018/07/14 06:42:17.402583, 0] ../lib/util/become_daemon.c:138(daemon_ready)
Jul 14 06:42:17 smbclient01.juno.test winbindd[2592]: daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Jul 14 06:42:17 smbclient01.juno.test systemd[1]: Started Samba Winbind Daemon.
smb.conf used:
[global]
workgroup = JUNO
realm = JUNO.TEST
security = ads
client signing = yes
client use spnego = yes
idmap config * : backend = sss
idmap config * : range = 200000-2147483647
log level = 9
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3158 |
Description of problem: ../source3/winbindd/idmap.c:328(smb_register_idmap) Failed to register idmap module. The module was compiled against SMB_IDMAP_INTERFACE_VERSION 5, current SMB_IDMAP_INTERFACE_VERSION is 6. Please recompile against the current version of samba! ../lib/util/modules.c:173(load_module_absolute_path) load_module_absolute_path: Module '/usr/lib64/samba/idmap/sss.so' initialization failed: {Wrong Type} Version-Release number of selected component (if applicable): samba-4.7.1-6.el7.x86_64 libsss_idmap-1.16.0-19.el7.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: SSSD uses version 5: $ ▶ grep SMB_IDMAP_INTERFACE_VERSION src/lib/winbind_idmap_sss/winbind_idmap_sss.h #define SMB_IDMAP_INTERFACE_VERSION 5 while samba-4.7.1 requires version 6: $ ▶ grep SMB_IDMAP_INTERFACE_VERSION source3/include/idmap.h #define SMB_IDMAP_INTERFACE_VERSION 6