Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1449133
Description of problem: Update samba config file and use sss idmap module Version-Release number of selected component (if applicable): samba-4.6.2-1.el7.x86_64 samba-python-4.6.2-1.el7.x86_64 samba-common-4.6.2-1.el7.noarch samba-client-4.6.2-1.el7.x86_64 ipa-server-4.5.0-9.el7.x86_64 ipa-server-trust-ad-4.5.0-9.el7.x86_64 samba-winbind-modules-4.6.2-1.el7.x86_64 samba-winbind-4.6.2-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install IPA Server. 2. ipa-adtrust-install -a Secret123 --add-sids -U 3. Run testparm Actual results: [root@master ~]# ipa-adtrust-install -a Secret123 --add-sids -U The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. Configuring CIFS [1/23]: validate server hostname [2/23]: stopping smbd [3/23]: creating samba domain object [4/23]: creating samba config registry [5/23]: writing samba config file [6/23]: adding cifs Kerberos principal [7/23]: adding cifs and host Kerberos principals to the adtrust agents group [8/23]: check for cifs services defined on other replicas [9/23]: adding cifs principal to S4U2Proxy targets [10/23]: adding admin(group) SIDs [11/23]: adding RID bases [12/23]: updating Kerberos config 'dns_lookup_kdc' already set to 'true', nothing to do. [13/23]: activating CLDAP plugin [14/23]: activating sidgen task [15/23]: configuring smbd to start on boot [16/23]: adding special DNS service records [17/23]: restarting Directory Server to take MS PAC and LDAP plugins changes into account [18/23]: adding fallback group [19/23]: adding Default Trust View [20/23]: setting SELinux booleans [21/23]: starting CIFS services [22/23]: adding SIDs to existing users and groups This step may take considerable amount of time, please wait.. [23/23]: restarting smbd Done configuring CIFS. ======================================================= Setup complete You must make sure these network ports are open: TCP Ports: * 135: epmap * 138: netbios-dgm * 139: netbios-ssn * 445: microsoft-ds * 1024..1300: epmap listener range * 3268: msft-gc UDP Ports: * 138: netbios-dgm * 139: netbios-ssn * 389: (C)LDAP * 445: microsoft-ds See the ipa-adtrust-install(1) man page for more details ============================================================================= [root@master ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) lp_load_ex: changing to config backend registry rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Loaded services file OK. idmap range not specified for domain '*' ERROR: Invalid idmap range for domain *! Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] realm = TESTRELM.TEST workgroup = TESTRELM domain master = Yes ldap group suffix = cn=groups,cn=accounts ldap machine suffix = cn=computers,cn=accounts ldap ssl = no ldap suffix = dc=testrelm,dc=test ldap user suffix = cn=users,cn=accounts log file = /var/log/samba/log.%m max log size = 100000 domain logons = Yes registry shares = Yes disable spoolss = Yes dedicated keytab file = /etc/samba/samba.keytab kerberos method = dedicated keytab passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-TESTRELM-TEST.socket security = USER create krb5 conf = No rpc_daemon:lsasd = fork rpc_daemon:epmd = fork rpc_server:tcpip = yes rpc_server:netlogon = external rpc_server:samr = external rpc_server:lsasd = external rpc_server:lsass = external rpc_server:lsarpc = external rpc_server:epmapper = external ldapsam:trusted = yes idmap config * : backend = tdb Expected results: Fix the below messages displayed in testparm command. idmap range not specified for domain '*' ERROR: Invalid idmap range for domain *! Additional info:
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1449133
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.7
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
master:
ipa-4-6:
ipa-4-7:
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-8:
Login to comment on this ticket.