Kevin Elliott
2012-Jul-10 17:56 UTC
[Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND
Hello all,
I recently upgraded from Samba 3.5.6 (the version contained in Debian Stable) to
Samba 3.6.5 (the version from Debian Backports) in an effort to closer track the
current development to try and chase some long standing bugs out.
I think I've resolved one problem but introduced another. I'm getting
the "WBC_ERR_DOMAIN_NOT_FOUND" when I try to perform a SID to UID
lookup much like so:
city-liza-lnx:/var/log/samba# wbinfo -t
checking the trust secret for domain CBJ_NT via RPC calls succeeded
city-liza-lnx:/var/log/samba# wbinfo -n CBJ_NT+kevin_elliott
S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1)
city-liza-lnx:/var/log/samba# wbinfo -s
S-1-5-21-505306839-1977890393-20515302-14949
CBJ_NT+kevin_elliott 1
city-liza-lnx:/var/log/samba# wbinfo -S
S-1-5-21-505306839-1977890393-20515302-14949
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-505306839-1977890393-20515302-14949 to uid
This looks like it has all the markings of following bugreport:
https://bugzilla.samba.org/show_bug.cgi?id=8371#c5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679
Before I follow this upstream can someone sanity check my configs for me? I
understand that much has changed between 3.5 and 3.6 regarding the idmaping.
[global]
workgroup = CBJ_NT
realm = CBJ.LOCAL
netbios aliases = CITY-LIZA-L90, CITY-LIZA
server string = External FTP Server
interfaces = 199.58.55.87/22, lo
bind interfaces only = Yes
security = ADS
obey pam restrictions = Yes
passdb backend = tdbsam
password server = 199.58.55.25, 199.58.55.50
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client NTLMv2 auth = Yes
log level = 10
log file = /var/log/samba/log.%m
max log size = 2500
printcap name = cups
os level = 5
local master = No
domain master = No
wins server = 199.58.55.25
ldap ssl = no
winbind enum users = Yes
winbind enum groups = Yes
panic action = /usr/share/samba/panic-action %d
idmap config CBJ_NT:backend = rid
idmap config CBJ_NT:base_rid = 0
idmap config CBJ_NT:range = 10000-65533
idmap config LIBRARY:backend = rid
idmap config LIBRARY:base_rid = 0
idmap config LIBRARY:range = 65535-79999
winbind separator = +
winbind use default domain = Yes
[ftp]
comment = FTP directory
path = /var/ftp/pub/
valid users = "@CBJ_NT+domain users"
read only = No
create mask = 0775
directory mask = 0775
hide unreadable = Yes
Thank you for your consideration.
--
Kevin Elliott
Network Specialist
City and Borough of Juneau, MIS
(907) 586 - 0905
Dale Schroeder
2012-Jul-10 19:18 UTC
[Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND
On 07/10/2012 12:56 PM, Kevin Elliott wrote:> Hello all, > > I recently upgraded from Samba 3.5.6 (the version contained in Debian Stable) to Samba 3.6.5 (the version from Debian Backports) in an effort to closer track the current development to try and chase some long standing bugs out. > > I think I've resolved one problem but introduced another. I'm getting the "WBC_ERR_DOMAIN_NOT_FOUND" when I try to perform a SID to UID lookup much like so: > > city-liza-lnx:/var/log/samba# wbinfo -t > checking the trust secret for domain CBJ_NT via RPC calls succeeded > city-liza-lnx:/var/log/samba# wbinfo -n CBJ_NT+kevin_elliott > S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1) > city-liza-lnx:/var/log/samba# wbinfo -s S-1-5-21-505306839-1977890393-20515302-14949 > CBJ_NT+kevin_elliott 1 > city-liza-lnx:/var/log/samba# wbinfo -S S-1-5-21-505306839-1977890393-20515302-14949 > failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND > Could not convert sid S-1-5-21-505306839-1977890393-20515302-14949 to uid > > > This looks like it has all the markings of following bugreport: > > https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 > > > > Before I follow this upstream can someone sanity check my configs for me? I understand that much has changed between 3.5 and 3.6 regarding the idmaping. > > > [global] > workgroup = CBJ_NT > realm = CBJ.LOCAL > netbios aliases = CITY-LIZA-L90, CITY-LIZA > server string = External FTP Server > interfaces = 199.58.55.87/22, lo > bind interfaces only = Yes > security = ADS > obey pam restrictions = Yes > passdb backend = tdbsam > password server = 199.58.55.25, 199.58.55.50 > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . > client NTLMv2 auth = Yes > log level = 10 > log file = /var/log/samba/log.%m > max log size = 2500 > printcap name = cups > os level = 5 > local master = No > domain master = No > wins server = 199.58.55.25 > ldap ssl = no > winbind enum users = Yes > winbind enum groups = Yes > panic action = /usr/share/samba/panic-action %d > idmap config CBJ_NT:backend = rid > idmap config CBJ_NT:base_rid = 0 > idmap config CBJ_NT:range = 10000-65533 > idmap config LIBRARY:backend = rid > idmap config LIBRARY:base_rid = 0 > idmap config LIBRARY:range = 65535-79999 > winbind separator = + > winbind use default domain = Yes > > [ftp] > comment = FTP directory > path = /var/ftp/pub/ > valid users = "@CBJ_NT+domain users" > read only = No > create mask = 0775 > directory mask = 0775 > hide unreadable = Yes > > > > Thank you for your consideration. >Kevin, With idmap rid, it could also be this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 This bug has been in every version of 3.6. For me, a reboot of the system usually will fix the problem until the next samba/winbind restart is required; others have not been so fortunate. Dale