Tim Riley
2005-Sep-21 11:42 UTC
[Samba] wbinfo works for test authentication but cannot list users
Hi all, I have a Samba configuration that was in place on Ubuntu Warty (samba 3.0.7) workstations to allow winbind to authenticate domain users on them. These computers have since been re-installed with Ubuntu Hoary (samba 3.0.10) with the same configuration. The workstations have been successfully joined to the domain using `net rpc join`. `wbinfo -t` shows that the trust between the workstation and the domain is fine. `wbinfo -a user%pass` for a domain user reports successful authentication. However, `wbinfo -u` now reports that there is an "Error looking up domain users." Winbind is also configured in /etc/nsswitch.conf but due to the above problem, windows users are not listed in `getent passwd`. I then ran `wbinfo --set-auth-user` with the same username and password that was used to join the hosts to the domain, but this did not change the `wbinfo -u` behaviour. In the previous installation, this step was not needed -- user listing took place successfully after just joining the domain and nothing more. Since these machines were already attached to the domain in previous installations (same hostnames), I deleted the machine accounts in the domain and then re-added them, but to no change in the problem mentioned above. I am officially stumped. Any help or pointers on what to try next would be greatly appreciated! I have attached the smb.conf and relevant log file output below. The log file is saved from a host that did not have the --set-auth-user configured, but the behaviour with this is the same as when one has been set. Thanks much, Tim Riley -- [global] workgroup = PEMBROKE server string = %h (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m log level = winbind:10 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = domain password server = PHOENIX encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes invalid users = root socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template homedir = /home/%U winbind use default domain = yes -- [2005/09/21 17:35:28, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn LIST_USERS [2005/09/21 17:35:28, 3] nsswitch/winbindd_user.c:winbindd_list_users(587) [ 8224]: list users [2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(272) fetch_cache_seqnum: invalid data size key [SEQNUM/PEMBROKE] [2005/09/21 17:35:28, 10] nsswitch/winbindd_rpc.c:sequence_number(817) rpc: fetch sequence_number for PEMBROKE [2005/09/21 17:35:28, 8] nsswitch/winbindd_rpc.c:sequence_number(829) using get_ldap_seq() to retrieve the sequence number [2005/09/21 17:35:28, 3] nsswitch/winbindd_rpc.c:get_ldap_sequence_number(794) get_ldap_sequence_number: Retrieved sequence number for Domain (PEMBROKE) from DC (10.1.1.13:389) [2005/09/21 17:35:28, 10] nsswitch/winbindd_rpc.c:sequence_number(834) domain_sequence_number: LDAP for domain PEMBROKE is 17165694 [2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(325) store_cache_seqnum: success [PEMBROKE][17165694 @ 1127289928] [2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386) refresh_sequence_number: PEMBROKE seq number is now 17165694 [2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:query_user_list(727) query_user_list: [Cached] - doing backend query for list for domain PEMBROKE [2005/09/21 17:35:28, 3] nsswitch/winbindd_rpc.c:query_user_list(47) rpc: query_user_list [2005/09/21 17:35:28, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) IPC$ connections done anonymously [2005/09/21 17:35:28, 5] nsswitch/winbindd_cm.c:cm_open_connection(316) anonymous connection attempt to PHOENIX from GETUPDATES-TEST [2005/09/21 17:35:28, 3] nsswitch/winbindd_cache.c:query_user_list(731) query_user_list: returned 0xc0000022, retrying [2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(355) refresh_sequence_number: PEMBROKE time ok [2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386) refresh_sequence_number: PEMBROKE seq number is now 17165694 [2005/09/21 17:35:28, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/09/21 17:35:28, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/09/21 17:35:28, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 19, pid 8224: EOF [2005/09/21 17:35:30, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 18 [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn INTERFACE_VERSION [2005/09/21 17:35:30, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [ 8225]: request interface version [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/09/21 17:35:30, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [ 8225]: request location of privileged pipe [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(569) client_write: need to write 35 extra data bytes. [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 35 bytes. [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(558) client_write: client_write: complete response written. [2005/09/21 17:35:30, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 19 [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/09/21 17:35:30, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 18, pid 8225: EOF [2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request.
Tim Riley
2005-Sep-21 11:58 UTC
[Samba] Re: wbinfo works for test authentication but cannot list users
On 21/09/05, Tim Riley <tim.riley@gmail.com> wrote:> The workstations have been successfully joined to the domain using > `net rpc join`.Apologies- forgot to mention that this PDC is a Windows 2000 server.