329383 – net-fs/samba doesn't install rid.so

Bug 329383 - net-fs/samba doesn't install rid.so

Summary: net-fs/samba doesn't install rid.so

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Unspecified (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo's SAMBA Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-07-22 05:36 UTC by Joe Breuer
Modified:	2010-12-22 19:37 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
samba-3.4.9.ebuild.patch (samba-3.4.9.ebuild.patch,1.03 KB, patch) 2010-12-21 10:27 UTC, Azamat H. Hackimov	Details \| Diff
Patch adding suport for various idmap modules and manpages (samba-3.4.9.ebuild.patch,2.07 KB, patch) 2010-12-22 19:31 UTC, Víctor Ostorga (RETIRED)	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joe Breuer 2010-07-22 05:36:36 UTC

The problem described in bug #301968 also applies to the currently-stable samba-3.4.6: With the 'winbind' use flag turned on, the idmap_rid and idmap_ad modules are not built and installed. [This is even mentioned in that bug report...]

This means that winbind-attached users cannot be "connected" as system users when trying to use either of these backends - which would be the "normal" case IMO.

In other words: The system does not know about domain users with any version of samba installed that exhibits this problem.


Reproducible: Always

Steps to Reproduce:
1. Install net-fs/samba-3.4.6, with winbind enabled
2. Configure samba with winbind and the idmap_rid backend
[see current 'man smb.conf', docs on the net are for the most part outdated regarding required syntax]
3. Configure nsswitch.conf to use winbind for passwd, shadow, group

Actual Results:  
a) 'wbinfo -u' will work as expected - showing that the samba-side winbind setup itself is working correctly

b) 'wbinfo -S <domainUser>' will complain about not being able to convert sid -> uid

c) 'getent passwd' will NOT show any domain users


Expected Results:  
a) same as above

b) 'wbinfo -S ...' will return the SID of the given user

c) domain users are shown with 'gentent passwd'


This is the same problem described in bug #301968, but pertaining to samba-3.4.6.

I'd guess this applies to any version of samba >= 3.4.0, which does not include specific code in its ebuild to enable '--with-shared-modules=idmap_rid,idmap_ad' when calling 'configure'.

I've applied the patch given in bug #301968 to the current samba-3.4.6.ebuild, this resulted in a samba-3.4.6 working correctly (i.e., "Expected Results" above) on my system.

Looking at current net-fs/samba-3.5.4.ebuild: The code there seems cleaner than the patch from bug #301968, perhaps that should be backported rather than using my quick-and-dirty apply of the above-mentioned patch to samba-3.4.6.ebuild:

--- net-fs/samba/samba-3.4.6.ebuild   2010-07-22 07:15:22.000000000 +0200
+++ /usr/portage/net-fs/samba/samba-3.4.6.ebuild        2010-06-05 21:37:11.000000000 +0200
@@ -71,11 +71,6 @@
 use cups && BINPROGS="${BINPROGS} bin/smbspool"
 use ldb && BINPROGS="${BINPROGS} bin/ldbedit bin/ldbsearch bin/ldbadd bin/ldbdel bin/ldbmodify bin/ldbrename";
 use winbind && BINPROGS="${BINPROGS} bin/wbinfo"
-use winbind && mymod_shared="--with-shared-modules=idmap_rid"
-if use ldap ; then
-       use winbind && mymod_shared="${mymod_shared},idmap_ad"
-fi
-
 
 S="${WORKDIR}/${MY_P}/source3"
 
@@ -182,7 +177,6 @@
                $(use_with aio aio-support) \
                --with-sendfile-support \
                $(use_with winbind) \
-               ${mymod_shared} \
                --without-included-popt \
                --without-included-iniparser
 }

Comment 1 Joe Breuer 2010-07-22 05:38:48 UTC

- IMPORTANT - The diff given above is backwards, here's the correct one:

--- /usr/portage/net-fs/samba/samba-3.4.6.ebuild        2010-06-05 21:37:11.000000000 +0200
+++ net-fs/samba/samba-3.4.6.ebuild     2010-07-22 07:15:22.000000000 +0200
@@ -71,6 +71,11 @@
 use cups && BINPROGS="${BINPROGS} bin/smbspool"
 use ldb && BINPROGS="${BINPROGS} bin/ldbedit bin/ldbsearch bin/ldbadd bin/ldbdel bin/ldbmodify bin/ldbrename";
 use winbind && BINPROGS="${BINPROGS} bin/wbinfo"
+use winbind && mymod_shared="--with-shared-modules=idmap_rid"
+if use ldap ; then
+       use winbind && mymod_shared="${mymod_shared},idmap_ad"
+fi
+
 
 S="${WORKDIR}/${MY_P}/source3"
 
@@ -177,6 +182,7 @@
                $(use_with aio aio-support) \
                --with-sendfile-support \
                $(use_with winbind) \
+               ${mymod_shared} \
                --without-included-popt \
                --without-included-iniparser
 }

Comment 2 Azamat H. Hackimov 2010-12-20 13:55:08 UTC

This is ugly bug. I updated my samba servers and they broke all my IDMAP bindings and permissions on shares.
Please fix 3.4.x version as it hit all stable systems without alternatives.

Comment 3 Azamat H. Hackimov 2010-12-21 10:27:31 UTC

Created attachment 257664 [details, diff]
samba-3.4.9.ebuild.patch

Here patch for 3.4.9 ebuild. It install idmap_adex, idmap_ldap, idmap_rid, idmap_hash as shared modules.
At last I recovered my IDMAP bindings and permissions.

Comment 4 Víctor Ostorga (RETIRED) gentoo-dev

2010-12-22 19:31:23 UTC

Created attachment 257778 [details, diff]
Patch adding suport for various idmap modules and manpages

Attached is the updated patch applied to the ebuild

Comment 5 Víctor Ostorga (RETIRED) gentoo-dev

2010-12-22 19:37:43 UTC

+  22 Dec 2010; Víctor Ostorga <vostorga@gentoo.org> samba-3.4.9.ebuild,
+  samba-3.5.6.ebuild:
+  Adding idmap (rid,adex,ldap,hash,ad) modules support, bugs #329383 #285814
+  #290265 Adding manpages for idmap modules bug #281262
+  Based on patch thanks to Azamat H. Hackimov <azamat.hackimov@gmail.com>