No builtin nor plugin backend for ipasam found

Bug #1552249 reported by moritz.kuehner
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

My samba server configured by freeipa-server-trust-ad spits out during start:

smbd: [2016/03/02 13:54:52.349799, 0, pid=14393] ../source3/passdb/pdb_interface.c:170(make_pdb_method_name)
smbd: No builtin nor plugin backend for ipasam found

running "sudo smbd -i -d 10" outputs:

...
Attempting to find a passdb backend to match ipasam:ldapi://%2fvar%2frun%2fslapd-TEN-LOCAL.socket (ipasam)
No builtin backend found, trying to load plugin
Probing module 'ipasam'
Probing module 'ipasam': Trying to load from /usr/lib/x86_64-linux-gnu/samba/pdb/ipasam.so
Error loading module '/usr/lib/x86_64-linux-gnu/samba/pdb/ipasam.so': libpdb.so.0: cannot open shared object file: No such file or directory
No builtin nor plugin backend for ipasam found
...

ipasam.so is installed from freeipa-server-trust-ad and tries to open libpdb.so, but libpdb.so seems to got removes from samba-libs in 16.04. I can still find old btrfs snapshots before upgrading. Also "apt-file search libpdb.so" finds the package samba-libs on 15.10 but comes up empty on 16.04.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: samba-libs 2:4.3.3+dfsg-1ubuntu3
ProcVersionSignature: Ubuntu 4.4.0-8.23-generic 4.4.2
Uname: Linux 4.4.0-8-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
BothFailedConnect: Yes
Date: Wed Mar 2 14:28:26 2016
InstallationDate: Installed on 2016-01-19 (43 days ago)
InstallationMedia: Ubuntu-Server 15.10 "Wily Werewolf" - Release amd64 (20151021)
NmbdLog:

ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SambaServerRegression: Yes
SmbConfIncluded: No
SmbLog:

SourcePackage: samba
UpgradeStatus: Upgraded to xenial on 2016-02-05 (25 days ago)

Revision history for this message
moritz.kuehner (moritz-kuehner) wrote :
Revision history for this message
Alexander Bokovoy (abbra) wrote :

Let me comment as FreeIPA and Samba upstream developer.

Ubuntu's Samba build is done with Heimdal and you cannot build ipasam.so against Heimdal, only MIT Kerberos. So you cannot use Ubuntu-provided Samba build this way even if you'd recompile FreeIPA with patches we have upstream to deal with libpdb -> libsamba-pdb library name change.

So until Samba in Debian and Ubuntu is built against Heimdal Kerberos (this is due to Debian/Ubuntu packaging Samba AD, not just Samba) it is unlikely to have FreeIPA trust to AD working in Ubuntu. We are fairly close with completing port of Samba AD to MIT Kerberos upstream, this should happen in Samba 4.5-4.6 timeframe. Once that is done, we can expect FreeIPA with trust to AD working on Debian-based platforms as well.

Revision history for this message
James Harrison (jamesaharrisonuk) wrote :

Hello,
Is there a date when we will see Ubuntu (Xenial) Samba packages to install/update?

Regards,
James Harrison

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi James,
Alexander summarized great what needs to be done for this specific bug and that is not yet complete. Your comment is rather unspecific, it seems to be not for this bug a different issue as the one discussed here is not breaking on install/upgrade.
Could you please file a new bug and share more details what is affecting you there?

Revision history for this message
James Harrison (jamesaharrisonuk) wrote :

Hello,

In Alexander's comment, "We are fairly close with completing port of Samba AD to MIT Kerberos upstream, this should happen in Samba 4.5-4.6 timeframe. "

My comment is for this bug. When he says "fairly close" is there any time scale when we will see Xenial Samba packages compiled with MIT Kerberos support. Samba 4.5 is public now.

Looking to use CentOS if this cant be resolved quickly.

Thanks

Revision history for this message
Dmitriy Malimon (dmalimon) wrote :

Samba 4.6 released
Did anyone find a solution to this problem?

Revision history for this message
Stefan Metzmacher (metze) wrote :

The MIT KDC might make it with 4.7, but maybe with a reduced feature set compared
to the Heimdal based kdc. But there's a bit of time for 4.7 and the feature difference might
be resolved by then.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers