197320 – net/samba41: "pkg install samba41" (or samba4) pre-compiled install missing idmap_ad / ad.so shared-module!

Bug 197320 - net/samba41: "pkg install samba41" (or samba4) pre-compiled install missing idmap_ad / ad.so shared-module!

Summary: net/samba41: "pkg install samba41" (or samba4) pre-compiled install missing i...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Timur I. Bakeyev

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-04 15:46 UTC by Xenomorph
Modified:	2015-05-22 12:11 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (timur)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xenomorph 2015-02-04 15:46:33 UTC

It seems like the binary/pre-compiled install of both Samba 4.0.x and Samba 4.1.x lack required modules for using Active Directory / rfc2307 id mapping.

With a very simple smb4.conf configuration, I should be able to pull up the UID, GID, and other rfc2307 information from my Active Directory using the "ad" backend.

----------
# server info
workgroup = DOMAIN
realm = DOMAIN.LOCAL
netbios name = Server
security = ads

# uid and gid is in ad
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-19999
idmap config DOMAIN : schema_mode = rfc2307
----------

Querying a user doesn't give me any of the information that I'm expecting. My logs are filled with dozens of complaints about a missing "ad.so" idmap shared module.

----------
[2015/02/03 17:00:47.849685,  3] ../source3/winbindd/idmap.c:230(idmap_init_domain)
  idmap backend ad not found
[2015/02/03 17:00:47.849727,  5] ../lib/util/modules.c:174(do_smb_load_module)
  Probing module 'ad'
[2015/02/03 17:00:47.849763,  5] ../lib/util/modules.c:188(do_smb_load_module)
  Probing module 'ad': Trying to load from /usr/local/lib/shared-modules/idmap/ad.so
[2015/02/03 17:00:47.849958,  5] ../lib/util/modules.c:56(load_module)
  Error loading module '/usr/local/lib/shared-modules/idmap/ad.so': Cannot open "/usr/local/lib/shared-modules/idmap/ad.so"
[2015/02/03 17:00:47.849985,  3] ../source3/winbindd/idmap.c:235(idmap_init_domain)
  Could not probe idmap module ad
----------

The directory "/usr/local/lib/shared-modules/idmap/" only contains four files:
----
autorid.so
hash.so
rfc2307.so
rid.so
tdb2.so
-----

Where is "ad.so"?

Compiling samba41 or samba4 from scratch does build and install "ad.so" (and my above configuration then works as expected). Shouldn't ad.so be included by default in the pre-compiled Samba packages? ("pkg install samba41" and "pkg install samba4").

Comment 1 Bugzilla Automation freebsd_committer

2015-02-04 15:46:33 UTC

Auto-assigned to maintainer timur@FreeBSD.org

Comment 2 Dron 2015-04-30 11:43:33 UTC

This affects not only you.
Version compiled from ports is also lack of ad.so.
As you noted in your article http://xenomorph.net/linux/samba/issues/rfc2307-just-wont-work/ enabling experimental modules flag resolves the issue, but ad.so needs to be compiled with ADS flag. Timur needs to fix this, becouse in current situation Samba4 as AD client is unusable with winbind to resolve right uid/gid from AD.

I tested it on FreeBSD 10.1 with samba41 port. And it was really hard to find root of the problem.

Comment 3 Timur I. Bakeyev freebsd_committer

2015-05-22 12:11:28 UTC

I hope that last update of the port addresses this problem. Had to explicitly enable ad.so when AD option is selected.