Bug 1580281
| Summary: | Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Oneata Mircea Teodor <toneata> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.5 | CC: | fidencio, grajaiya, jhrozek, lmanasko, lslebodn, mkosek, mniranja, mpanaous, mzidek, nsoman, pbrezina, sbose, sgoveas, tscherf |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.16.0-19.el7_5.3 | Doc Type: | Bug Fix |
| Doc Text: |
Previously, the new Samba version in Red Hat Enterprise Linux 7.5 used a newer version of the idmap plug-in interface and SSSD still provided a plug-in with an older version. If Samba was configured to use SSSD's idmap plug-in, smdb and winbind services failed to start due to the version mismatch. With this update, SSSD provides a plug-in with a matching version. As a result, smdb and winbind run as expected.
|
Story Points: | --- |
| Clone Of: | 1578291 | Environment: | |
| Last Closed: | 2018-06-26 16:49:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1578291 | ||
| Bug Blocks: | |||
|
Description
Oneata Mircea Teodor
2018-05-21 07:19:20 UTC
Versions:
=========
libsss_idmap-1.16.0-19.el7_5.5.x86_64
libsss_sudo-1.16.0-19.el7_5.5.x86_64
libsss_autofs-1.16.0-19.el7_5.5.x86_64
libsss_nss_idmap-1.16.0-19.el7_5.5.x86_64
sssd-common-1.16.0-19.el7_5.5.x86_64
sssd-ipa-1.16.0-19.el7_5.5.x86_64
sssd-1.16.0-19.el7_5.5.x86_64
sssd-winbind-idmap-1.16.0-19.el7_5.5.x86_64
libsss_certmap-1.16.0-19.el7_5.5.x86_64
python-sssdconfig-1.16.0-19.el7_5.5.noarch
sssd-client-1.16.0-19.el7_5.5.x86_64
sssd-krb5-common-1.16.0-19.el7_5.5.x86_64
sssd-ad-1.16.0-19.el7_5.5.x86_64
sssd-ldap-1.16.0-19.el7_5.5.x86_64
sssd-proxy-1.16.0-19.el7_5.5.x86_64
sssd-kcm-1.16.0-19.el7_5.5.x86_64
sssd-common-pac-1.16.0-19.el7_5.5.x86_64
sssd-krb5-1.16.0-19.el7_5.5.x86_64
[sssd]
domains = testrelm.test
config_file_version = 2
services = nss, pam
[domain/testrelm.test]
ad_domain = testrelm.test
krb5_realm = TESTRELM.TEST
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
debug_level = 9
Steps:
1. Join RHEL7.5 system to windows AD domain using below command
realm join -v TESTRELM.TEST --membership-software=samba
2. Configure smb.conf as below
cat /etc/samba/smb.conf
[global]
workgroup = TESTRELM
realm = TESTRELM.TEST
security = ads
client signing = yes
client use spnego = yes
idmap config * : backend = sss
idmap config * : range = 200000-2147483647
log level = 9
3. restart winbind
$ systemctl restart winbind
4. Run wbinfo
[root@host-8-242-110 sssd]# wbinfo -i TESTRELM\\administrator
TESTRELM\administrator:*:1507800500:1507800513::/home/TESTRELM/administrator:/bin/false
[root@host-8-242-110 sssd]# systemctl status winbind
● winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-06-04 23:37:19 EDT; 8min ago
Main PID: 11675 (winbindd)
Status: "winbindd: ready to serve connections..."
CGroup: /system.slice/winbind.service
├─11675 /usr/sbin/winbindd --foreground --no-process-group
├─11677 /usr/sbin/winbindd --foreground --no-process-group
└─22302 /usr/sbin/winbindd --foreground --no-process-group
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com systemd[1]: Starting Samba Winbind Daemon...
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: [2018/06/04 23:37:19.089894, 0] ../source3/winbindd/winbindd_cache.c:3170(initialize_winbindd_cache)
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: [2018/06/04 23:37:19.094727, 0] ../lib/util/become_daemon.c:124(daemon_ready)
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com systemd[1]: Started Samba Winbind Daemon.
Jun 04 23:37:19 host-8-242-110.host.centralci.eng.rdu2.redhat.com winbindd[11675]: STATUS=daemon 'winbindd' finished starting up and ready to serve connection
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1986 |