I added
log level = 10
log file = /var/log/samba/%m.log
to my smb.conf
in the logs when I run wbinfo -u I get
[2016/04/20 08:24:15.864222, 3, pid=19397, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
[19441]: domain_info [SUBDOMAIN]
[2016/04/20 08:24:15.864238, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[19441:DOMAIN_INFO]: delivered response to
client
[2016/04/20 08:24:15.864252, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
process_request: Handling async request 19441:LIST_USERS
[2016/04/20 08:24:15.864257, 3, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
list_users SUBDOMAIN
[2016/04/20 08:24:15.864264, 1, pid=19397, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
in: struct wbint_QueryUserList
[2016/04/20 08:24:15.864285, 1, pid=19397, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
out: struct wbint_QueryUserList
users : *
users: struct wbint_userinfos
num_userinfos : 0x00000000 (0)
userinfos: ARRAY(0)
result : NT_STATUS_IO_TIMEOUT
[2016/04/20 08:24:15.864306, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
Domain SUBDOMAIN returned 0 users
[2016/04/20 08:24:15.864310, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
List_users for domain SUBDOMAIN failed
[2016/04/20 08:24:15.864315, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:793(wb_request_done)
wb_request_done[19441:LIST_USERS]: NT_STATUS_OK
[2016/04/20 08:24:15.864324, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[19441:LIST_USERS]: delivered response to
client
[2016/04/20 08:24:15.864390, 6, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:965(winbind_client_request_read)
closing socket 28, client exited
If I run wbinfo -g I get
[2016/04/20 08:28:15.575371, 3, pid=19397, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
[19483]: domain_info [SUBDOMAIN]
[2016/04/20 08:28:15.575390, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[19483:DOMAIN_INFO]: delivered response to
client
[2016/04/20 08:28:15.575432, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
process_request: Handling async request 19483:LIST_GROUPS
[2016/04/20 08:28:15.575440, 3, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
list_groups SUBDOMAIN
[2016/04/20 08:28:15.575448, 1, pid=19397, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
in: struct wbint_QueryGroupList
[2016/04/20 08:28:15.575537, 1, pid=19397, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
out: struct wbint_QueryGroupList
groups : *
groups: struct wbint_Principals
num_principals : 213
principals: ARRAY(213)
principals: struct wbint_Principal
sid : S-X-X-X-X-X-X-X
type : SID_NAME_DOM_GRP
(2)
name : *
name : 'Domain
Users'
principals: struct wbint_Principal
sid : S-X-X-X-X-X-X-X
type : SID_NAME_DOM_GRP
(2)
name : *
name : 'Domain
Guests'
principals: struct wbint_Principal
sid : S-X-X-X-X-X-X-X
type : SID_NAME_DOM_GRP
(2)
name : *
name : 'Cert
Publishers'
...
result : NT_STATUS_OK
[2016/04/20 08:28:15.579824, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done)
Domain SUBDOMAIN returned 213 groups
[2016/04/20 08:28:15.579923, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:793(wb_request_done)
wb_request_done[19483:LIST_GROUPS]: NT_STATUS_OK
[2016/04/20 08:28:15.579942, 10, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[19483:LIST_GROUPS]: delivered response to
client
[2016/04/20 08:28:15.580234, 6, pid=19397, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:965(winbind_client_request_read)
closing socket 28, client exited
On Wed, Apr 20, 2016 at 8:05 AM, Jeff Sadowski <jeff.sadowski at
gmail.com>
wrote:
> I was looking at https://www.samba.org/samba/latest_news.html#4.4.2
>
> and added
>
> server signing = mandatory
> ntlm auth = no
>
> to smb.conf but that seems to have made it worse. Before adding that I was
> still able to do wbinfo -g and get a group listing
>
> Is there settings to set it back to the untrusted way before the security
> updates that happened?
> I'd like to set it up properly but I need to be able to get things
working
> for now.
>
>
> On Wed, Apr 20, 2016 at 7:51 AM, Jeff Sadowski <jeff.sadowski at
gmail.com>
> wrote:
>
>> When ubuntu 14.04 went from samba 4.1.6 to 4.3.8 it killed my setup.
>> Before the change I was able to run wbinfo -u and get a list of users.
Now
>> when I run wbinfo -u it returns nothing. I tried dis-joining and
rejoining
>> the domain with no luck,
>>
>> Here is my complete smb.conf
>> [global]
>> security = ads
>> realm = SUBDOMAIN.DOMAIN.TOP
>> workgroup = SUBDOMAIN
>> idmap config * : backend = tdb
>> idmap config * : range = 2000-7999
>> idmap config SUBDOMAIN:backend = ad
>> idmap config SUBDOMAIN:schema_mode = rfc2307
>> idmap config SUBDOMAIN:range = 8000-9999999
>> winbind nss info = rfc2307
>> winbind use default domain = yes
>>
>> Here is my script to connect to the domain. I call it net_join.sh
>>
>> echo Enter a Machine Name
>> read machine
>> echo $machine > /etc/hostname
>> hostname `cat /etc/hostname`
>> echo Enter a Domain Admin Account ex:Administrator
>> read admin
>> OSNAME="`lsb_release -a|grep "^Distributor ID:"|cut -d:
-f2|awk '{print
>> $1}'` joined `date "+%F"`"
>> OSVERSION="`lsb_release -a|grep "^Release:"|cut -d:
-f2|awk '{print $1}'`"
>> net ads join -U $admin osName="${OSNAME}"
osVersion="${OSVERSION}"
>>
>> Here is my script to leave the domain. I call it net_leave.sh
>>
>> read admin
>> net ads leave -U $admin
>>
>> Here is my script to clear the winbind cache with a change from samba
to
>> smb when samba changed. I call it winbind_clear.sh
>>
>> service winbind stop
>> service smbd stop
>> #service samba stop
>> net cache flush
>> rm -f /var/lib/samba/*.tdb
>> rm -f /var/lib/samba/group_mapping.ldb
>> sleep 1
>> #service samba start
>> service smbd start
>> service winbind start
>>
>> Can anyone point me to why my setup has stopped working? Or maybe some
>> steps I can take to learn why it is failing. Do I need to add something
for
>> debugging?
>> I also tried upgrading to the beta version of Ubuntu 16.04 to see if I
>> could get it working with it, no luck.
>>
>
>