Rob Carlson
2007-Oct-11 15:48 UTC
[Samba] Half of visible AD user accounts have no info using wbinfo -i, logins fail
I have a Debian server linked to Active Directory for authentication using winbindd. About a month after installation one of the users reported not being able to access a share on this machine. The same user is able to use AD credentials to access all shares on a practically identical second server. I couldn't swear that all config files are identical down to the line, but it is also using winbindd and Samba for file share access and was set up the same day as the non-working one. Other users on the same machine are not having access issues.>From that server I run the following command:# for user in `wbinfo -u`; do wbinfo -i $user; done I get a list of the 70-some usernames, about half of which are: Could not get info for user NETWORKPUB\user1 and half of which come up with the correct info line of: DOMAIN\user2:*:515:500:User Two:/home/DOMAIN/user2:/bin/false On the working machine, this command returns all correct info lines. I can't see any particular pattern to which usernames fail, but a number of them _may_ be recently added users. A test user that I added this morning is one of the failures. The Samba logs when the authentication fails look like this: [2007/10/11 09:19:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows Server 2003 R2 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/10/11 09:19:51, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[user1] domain=[DOMAIN] workstation=[WS01] len1=24 len2=24 [2007/10/11 09:19:51, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [DOMAIN]\[user1]@[WS01] with the new password interface [2007/10/11 09:19:51, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [DOMAIN]\[user1]@[WS01] [2007/10/11 09:19:51, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/10/11 09:19:51, 3] smbd/uid.c:push_conn_ctx(353) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/10/11 09:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/10/11 09:19:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/10/11 09:19:58, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_NO_SUCH_USER [2007/10/11 09:19:58, 3] smbd/error.c:error_packet(146) I have restarted winbindd, samba, refreshed my Kerberos tickets, and rebooted the machine (in various combinations) to no avail. Any advice would be greatly appreciated. -- Rob Carlson rob@vees.net http://vees.net/