thr3ads.net - samba - [Samba] Winbind not working on Ubuntu 18.04 Samba 4.8.0 File Sever [Mar 2018]

If this information is useful, please help other people find it:
Share via:

Bob Thomas

2018-Mar-28 15:02 UTC

[Samba] Winbind not working on Ubuntu 18.04 Samba 4.8.0 File Sever

Good Morning, Ive been trying to test Samba AD on Ubuntu 18.04 using 
samba version 4.8.0  The DC seems to be working fine all tests have 
passed.  I was able to connect Win7 RSAT, a Ubuntu workstation and a 
File server.  My problem is the file server will not give response to 
'sudo getent passwd' with or with out username or DOMAIN\username. 
Everything else works as far as I can tell.

Prior to build I installed the following dependencies:

  apt install ntpdate acl attr autoconf bison build-essential debhelper 
dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev krb5-user 
libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev 
libbsd-dev libcap-dev libcups2-dev libgnutls28-dev libgpgme11-dev 
libjson-perl libldap2-dev libncurses5-dev libpam0g-dev 
libparse-yapp-perl libpopt-dev libreadline-dev nettle-dev perl 
perl-modules pkg-config python-all-dev python-crypto python-dbg 
python-dev python-dnspython python3-dnspython python-markdown 
python3-markdown python3-dev xsltproc zlib1g-dev

Symbolic links are set correctly:

root at files:~# smbd -b | grep LIBDIR
    LIBDIR: /usr/lib

ln -s /usr/lib/libnss_winbind.so.2 /lib/x86_64-linus-gnu/
ln -s /lib/x86_64-linus-gnu/libnss_winbind.so.2 
/lib/x86_64-linus-gnu/libnss_winbind.so
ldconfig

nssswitch.conf have tried these three combinations:

passwd:         compat winbind systemd
group:          compat winbind systemd

passwd:        compat systemd winbind
group:          compat systemd winbind

passwd:         compat winbind
group :         compat winbind

Here are my configs:

Samba 4.8.0 AD DC smb.conf using Bind9:

# Global parameters
[global]
         netbios name = DC-TEST
         realm = TEST.COM
         workgroup = TEST
         server role = active directory domain controller
         server services = -dns
         workgroup = TEST
         idmap_ldb:use rfc2307 = yes
         ldap server require strong auth = no
         allow dns updates = nonsecure and secure
         log level = 3

# stops cups errors in log file
         load printers = no
         printing = bsd
         printcap name = /dev/null
         disable spoolss = yes

[netlogon]
         path = /var/lib/samba/sysvol/test.com/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

########

Samba 4.8.0 Member Server smb.conf:

[global]
         realm = TEST.COM
         workgroup = TEST
         netbios name = files
         security = ADS
         server role = member server
         encrypt passwords = yes

         idmap config *:backend = tdb
         idmap config *:range = 2000-9999
         idmap config TEST:backend = ad
         idmap config TEST:schema_mode = rfc2307
         idmap config TEST:range = 10000-99999
         idmap config TEST:unix_nss_info = yes
         winbind use default domain = yes

         vfs objects = acl_xattr
         map acl inherit = Yes
         store dos attributes = Yes

         username map = /etc/samba/user.map

         log level=3 winbind:10
         log file = /var/log/samba/log.%m
         max log size = 500

  # Stops cups errors in log file
         load printers = no
         printing = bsd
         printcap name = /dev/null
         disable spoolss = yes


#============================ Share Definitions 
=============================
####### Profiles and Documents for Windows users ##########

[profiles]
     comment = Windows user profiles
     path = /var/shares/profiles
     level2 oplocks =no
     oplocks = no
     read only = no

[redirects]
     comment = windows user documents
     path = /var/shares/redirects
     level2 oplocks =no
     oplocks = no
     read only = no

##############

Kinit works from member:

root at files:/etc/samba# kinit bthomas
Password for bthomas at TEST.COM:
root at files:/etc/samba# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: bthomas at TEST.COM

Valid starting       Expires              Service principal
03/28/2018 09:57:35  03/28/2018 19:57:35 krbtgt/TEST.COM at TEST.COM
         renew until 03/29/2018 
09:57:25root at files:/home/cyadmin/source/samba-4.8.0# ps axf | egrep 
"samba|smbd|nmbd|winbindd"

Service are Running:

  1777 pts/1    S+     0:00 \_ grep -E --color=auto samba|smbd|nmbd|winbindd
   643 ?        Ss     0:00 smbd
   645 ?        S      0:00  \_ smbd
   646 ?        S      0:00  \_ smbd
   651 ?        Ss     0:00 nmbd
  1774 ?        Ss     0:00 winbindd
  1775 ?        S      0:00  \_ winbindd: domain child [TEST]

Logs from log.wb-TEST (from starting 'winbindd' and doing one
'getent
passwd bthomas'

[2018/03/28 10:20:11.856393,  4, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
   child daemon request 20
[2018/03/28 10:20:11.856478, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:665(child_process_request)
   child_process_request: request fn LIST_TRUSTDOM
[2018/03/28 10:20:11.856515,  3, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_misc.c:288(winbindd_dual_list_trusted_domains)
   [ 1304]: list trusted domains
[2018/03/28 10:20:11.856550, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:2825(wb_cache_trusted_domains)
   trusted_domains: [Cached] - doing backend query for info for domain TEST
[2018/03/28 10:20:11.856584,  3, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_ads.c:1390(trusted_domains)
   ads: trusted_domains
[2018/03/28 10:20:11.860494, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_ads.c:1475(trusted_domains)
   trusted_domains(ads):  Searching trusted domain list of TEST and 
storing trust flags for domain test.com
[2018/03/28 10:20:11.860570, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:4567(wcache_tdc_add_domain)
   wcache_tdc_add_domain: Adding domain TEST (test.com), SID 
S-1-5-21-2280622806-4116776946-4167826043, flags = 0x1d, attributes = 
0x0, type = 0x2
[2018/03/28 10:20:11.860659, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:4277(add_wbdomain_to_tdc_array)
   add_wbdomain_to_tdc_array: Found existing record for TEST
[2018/03/28 10:20:11.860701, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4370(pack_tdc_domains)
   pack_tdc_domains: Packing 3 trusted domains
[2018/03/28 10:20:11.860764, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2018/03/28 10:20:11.860797, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain FILES (UNKNOWN)
[2018/03/28 10:20:11.860829, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain TEST (test.com)
[2018/03/28 10:20:11.860891,  4, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
   Finished processing child request 20
[2018/03/28 10:20:11.860923, 10, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
   Writing 4071 bytes to parent
[2018/03/28 10:22:38.330478,  0, pid=1305, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)
   Got sig[15] terminate (is_parent=0)
[2018/03/28 10:23:35.728834, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cm.c:569(set_domain_online_request)
   set_domain_online_request: called for domain TEST
[2018/03/28 10:23:35.729529, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cm.c:604(set_domain_online_request)
   set_domain_online_request: domain TEST was globally offline.
[2018/03/28 10:23:35.729584, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:1166(calculate_next_machine_pwd_change)
   password last changed 2018/03/27 17:19:46
   password valid until 2018/04/03 17:19:46
[2018/03/28 10:23:35.729606, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:1174(calculate_next_machine_pwd_change)
   machine password still valid until: Tue, 03 Apr 2018 17:19:46 EDT
[2018/03/28 10:23:35.729643,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
   child daemon request 48
[2018/03/28 10:23:35.729657, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:665(child_process_request)
   child_process_request: request fn INIT_CONNECTION
[2018/03/28 10:23:35.729676,  3, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:2126(connection_ok)
   connection_ok: Connection to (null) for domain TEST is not connected
[2018/03/28 10:23:35.729883, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:1888(cm_open_connection)
   cm_open_connection: saf_servername is 'dc-test.test.com' for domain
TEST
[2018/03/28 10:23:35.732586,  3] ../source3/libads/ldap.c:634(ads_connect)
   Successfully contacted LDAP server 10.157.0.19
[2018/03/28 10:23:35.743725, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:1426(dcip_check_name)
   dcip_check_name: flags = 0x13fd
[2018/03/28 10:23:35.743803,  3] 
../source3/libsmb/namequery.c:3159(get_dc_list)
   get_dc_list: preferred server list: "dc-test.test.com, *"
[2018/03/28 10:23:35.758898,  3] 
../source3/libsmb/namequery.c:3159(get_dc_list)
   get_dc_list: preferred server list: "dc-test.test.com, *"
[2018/03/28 10:23:35.764434, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:1926(cm_open_connection)
   cm_open_connection: dcname is 'dc-test.test.com' for domain TEST
[2018/03/28 10:23:35.765062,  3] 
../source3/lib/util_sock.c:515(open_socket_out_send)
   Connecting to 10.157.0.19 at port 445
[2018/03/28 10:23:35.765518, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:1045(cm_prepare_connection)
   cm_prepare_connection: connecting to DC dc-test.test.com for domain TEST
[2018/03/28 10:23:35.788305,  3] 
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2018/03/28 10:23:35.788448,  5, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:1144(cm_prepare_connection)
   connecting to dc-test.test.com (TEST, TEST.COM) with account 
[TEST\FILES$] principal [FILES$@TEST.COM] and realm [TEST.COM]
[2018/03/28 10:23:35.788511,  3] 
../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
   got OID=1.2.840.48018.1.2.2
[2018/03/28 10:23:36.090404,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'gssapi_spnego' registered
[2018/03/28 10:23:36.090425,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'gssapi_krb5' registered
[2018/03/28 10:23:36.090434,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'gssapi_krb5_sasl' registered
[2018/03/28 10:23:36.090442,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'spnego' registered
[2018/03/28 10:23:36.090449,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'schannel' registered
[2018/03/28 10:23:36.090459,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'naclrpc_as_system' registered
[2018/03/28 10:23:36.090467,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'sasl-EXTERNAL' registered
[2018/03/28 10:23:36.090475,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'ntlmssp' registered
[2018/03/28 10:23:36.090482,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'ntlmssp_resume_ccache' registered
[2018/03/28 10:23:36.090489,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'http_basic' registered
[2018/03/28 10:23:36.090497,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'http_ntlm' registered
[2018/03/28 10:23:36.090505,  3] 
../auth/gensec/gensec_start.c:977(gensec_register)
   GENSEC backend 'http_negotiate' registered
[2018/03/28 10:23:36.124186, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:3534(set_global_winbindd_state_online)
   set_global_winbindd_state_online: online requested.
[2018/03/28 10:23:36.124249, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:3537(set_global_winbindd_state_online)
   set_global_winbindd_state_online: rejecting.
[2018/03/28 10:23:36.124282, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:483(set_domain_online)
   set_domain_online: called for domain TEST
[2018/03/28 10:23:36.124445, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:2646(set_dc_type_and_flags)
   set_dc_type_and_flags: setting up flags for primary or internal domain
[2018/03/28 10:23:36.124486,  5, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cm.c:2374(set_dc_type_and_flags_connect)
   set_dc_type_and_flags_connect: domain TEST
[2018/03/28 10:23:36.138678,  5, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cm.c:2613(set_dc_type_and_flags_connect)
   set_dc_type_and_flags_connect: domain TEST is in native mode.
[2018/03/28 10:23:36.138746,  5, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cm.c:2616(set_dc_type_and_flags_connect)
   set_dc_type_and_flags_connect: domain TEST is running active directory.
[2018/03/28 10:23:36.139214,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
   Finished processing child request 48
[2018/03/28 10:23:36.139260, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
   Writing 4008 bytes to parent
[2018/03/28 10:23:36.139407,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
   child daemon request 20
[2018/03/28 10:23:36.139443, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:665(child_process_request)
   child_process_request: request fn LIST_TRUSTDOM
[2018/03/28 10:23:36.139488,  3, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_misc.c:288(winbindd_dual_list_trusted_domains)
   [  699]: list trusted domains
[2018/03/28 10:23:36.139524,  5, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:166(winbindd_domain_init_backend)
   winbindd_domain_init_backend: Setting ADS methods for domain TEST
[2018/03/28 10:23:36.139554, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:2825(wb_cache_trusted_domains)
   trusted_domains: [Cached] - doing backend query for info for domain TEST
[2018/03/28 10:23:36.139597,  3, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_ads.c:1390(trusted_domains)
   ads: trusted_domains
[2018/03/28 10:23:36.140264,  3] 
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2018/03/28 10:23:36.141050,  3] 
../source3/lib/util_sock.c:515(open_socket_out_send)
   Connecting to 10.157.0.19 at port 135
[2018/03/28 10:23:36.143752,  3] 
../source3/lib/util_sock.c:515(open_socket_out_send)
   Connecting to 10.157.0.19 at port 49153
[2018/03/28 10:23:36.152863,  3] 
../source3/lib/util_sock.c:515(open_socket_out_send)
   Connecting to 10.157.0.19 at port 135
[2018/03/28 10:23:36.155888,  3] 
../source3/lib/util_sock.c:515(open_socket_out_send)
   Connecting to 10.157.0.19 at port 49153
[2018/03/28 10:23:36.166627, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_ads.c:1475(trusted_domains)
   trusted_domains(ads):  Searching trusted domain list of TEST and 
storing trust flags for domain test.com
[2018/03/28 10:23:36.166697, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:4567(wcache_tdc_add_domain)
   wcache_tdc_add_domain: Adding domain TEST (test.com), SID 
S-1-5-21-2280622806-4116776946-4167826043, flags = 0x1d, attributes = 
0x0, type = 0x2
[2018/03/28 10:23:36.166791, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:4277(add_wbdomain_to_tdc_array)
   add_wbdomain_to_tdc_array: Found existing record for TEST
[2018/03/28 10:23:36.166829, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4370(pack_tdc_domains)
   pack_tdc_domains: Packing 3 trusted domains
[2018/03/28 10:23:36.166870, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2018/03/28 10:23:36.166903, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain FILES (UNKNOWN)
[2018/03/28 10:23:36.166934, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain TEST (test.com)
[2018/03/28 10:23:36.167006,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
   Finished processing child request 20
[2018/03/28 10:23:36.167038, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
   Writing 4071 bytes to parent
[2018/03/28 10:23:36.167255,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
   child daemon request 20
[2018/03/28 10:23:36.167290, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:665(child_process_request)
   child_process_request: request fn LIST_TRUSTDOM
[2018/03/28 10:23:36.167319,  3, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_misc.c:288(winbindd_dual_list_trusted_domains)
   [  699]: list trusted domains
[2018/03/28 10:23:36.167348, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:2825(wb_cache_trusted_domains)
   trusted_domains: [Cached] - doing backend query for info for domain TEST
[2018/03/28 10:23:36.167393,  3, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_ads.c:1390(trusted_domains)
   ads: trusted_domains
[2018/03/28 10:23:36.170050, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_ads.c:1475(trusted_domains)
   trusted_domains(ads):  Searching trusted domain list of TEST and 
storing trust flags for domain test.com
[2018/03/28 10:23:36.170119, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:4567(wcache_tdc_add_domain)
   wcache_tdc_add_domain: Adding domain TEST (test.com), SID 
S-1-5-21-2280622806-4116776946-4167826043, flags = 0x1d, attributes = 
0x0, type = 0x2
[2018/03/28 10:23:36.170194, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:4277(add_wbdomain_to_tdc_array)
   add_wbdomain_to_tdc_array: Found existing record for TEST
[2018/03/28 10:23:36.170231, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4370(pack_tdc_domains)
   pack_tdc_domains: Packing 3 trusted domains
[2018/03/28 10:23:36.170272, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2018/03/28 10:23:36.170304, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain FILES (UNKNOWN)
[2018/03/28 10:23:36.170335, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
   pack_tdc_domains: Packing domain TEST (test.com)
[2018/03/28 10:23:36.170394,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
   Finished processing child request 20
[2018/03/28 10:23:36.170425, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
   Writing 4071 bytes to parent
[2018/03/28 10:24:31.424478, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:69(child_read_request)
   Need to read 44 extra bytes
[2018/03/28 10:24:31.424567,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
   child daemon request 56
[2018/03/28 10:24:31.424606, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:665(child_process_request)
   child_process_request: request fn NDRCMD
[2018/03/28 10:24:31.424639, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual_ndr.c:362(winbindd_dual_ndrcmd)
   winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (TEST)
[2018/03/28 10:24:31.424789, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:1770(wcache_name_to_sid)
   wcache_name_to_sid: namemap_cache_find_name failed
[2018/03/28 10:24:31.424831, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:1817(wb_cache_name_to_sid)
   name_to_sid: [Cached] - doing backend query for name for domain TEST
[2018/03/28 10:24:31.424867,  3, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid)
   msrpc_name_to_sid: name=TEST\BTHOMAS
[2018/03/28 10:24:31.424900,  3, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid)
   name_to_sid [rpc] TEST\BTHOMAS for domain TEST
[2018/03/28 10:24:31.424933, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:2973(cm_connect_lsa_tcp)
   cm_connect_lsa_tcp
[2018/03/28 10:24:31.425082,  3] 
../source3/lib/util_sock.c:515(open_socket_out_send)
   Connecting to 10.157.0.19 at port 135
[2018/03/28 10:24:31.428731,  3] 
../source3/lib/util_sock.c:515(open_socket_out_send)
   Connecting to 10.157.0.19 at port 49152
[2018/03/28 10:24:31.435308,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
   Finished processing child request 56
[2018/03/28 10:24:31.435376, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
   Writing 4044 bytes to parent
[2018/03/28 10:24:31.821764, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:69(child_read_request)
   Need to read 48 extra bytes
[2018/03/28 10:24:31.821840,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
   child daemon request 56
[2018/03/28 10:24:31.821875, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual.c:665(child_process_request)
   child_process_request: request fn NDRCMD
[2018/03/28 10:24:31.821905, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_dual_ndr.c:362(winbindd_dual_ndrcmd)
   winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSIDS (TEST)
[2018/03/28 10:24:31.821957, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cm.c:2973(cm_connect_lsa_tcp)
   cm_connect_lsa_tcp
[2018/03/28 10:24:31.825945,  4, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
   Finished processing child request 56
[2018/03/28 10:24:31.826013, 10, pid=700, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
   Writing 4152 bytes to parent

######################

And from log.winbindd:

[2018/03/28 10:24:31.423718,  3, pid=699, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
   getpwnam bthomas
[2018/03/28 10:24:31.435508, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4802(wcache_store_ndr)
   could not fetch seqnum for domain TEST
[2018/03/28 10:24:31.435577, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
   SID 0: S-1-5-21-2280622806-4116776946-4167826043-1108
[2018/03/28 10:24:31.436381, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1578(fork_domain_child)
   fork_domain_child called without domain.
[2018/03/28 10:24:31.437336, 10, pid=707, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_dual.c:1632(fork_domain_child)
   Child process 707
[2018/03/28 10:24:31.821385, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
   SID 0: S-1-5-21-2280622806-4116776946-4167826043-513
[2018/03/28 10:24:31.821530, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_util.c:1467(find_lookup_domain_from_sid)
   find_lookup_domain_from_sid: SID 
[S-1-5-21-2280622806-4116776946-4167826043-513]
[2018/03/28 10:24:31.821585, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_util.c:1512(find_lookup_domain_from_sid)
   calling find_our_domain
[2018/03/28 10:24:31.826194, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd_cache.c:4802(wcache_store_ndr)
   could not fetch seqnum for domain TEST
[2018/03/28 10:24:31.828528,  5, pid=699, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_getpwnam.c:128(winbindd_getpwnam_recv)
   Could not convert sid S-1-5-21-2280622806-4116776946-4167826043-1108: 
NT_STATUS_NO_SUCH_USER
[2018/03/28 10:24:31.829171, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] ../source3/winbindd/winbindd.c:757(wb_request_done)
   wb_request_done[706:GETPWNAM]: NT_STATUS_NO_SUCH_USER
[2018/03/28 10:24:31.829219, 10, pid=699, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd.c:825(winbind_client_response_written)
   winbind_client_response_written[706:GETPWNAM]: delivered response to 
client
[2018/03/28 10:24:31.829328,  6, pid=699, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd.c:930(winbind_client_request_read)
   closing socket 25, client exited

root at files:/var/log/samba# net ads testjoin
Join is OK

root at files:/var/log/samba# net ads info
LDAP server: 10.157.0.19
LDAP server name: dc-test.test.com
Realm: TEST.COM
Bind Path: dc=TEST,dc=COM
LDAP port: 389
Server time: Wed, 28 Mar 2018 10:42:57 EDT
KDC server: 10.157.0.19
Server time offset: 0
Last machine account password change: Tue, 27 Mar 2018 17:19:46 EDT

root at files:/var/log/samba# wbinfo -p
Ping to winbindd succeeded

root at files:/var/log/samba# wbinfo --ping-dc
checking the NETLOGON for domain[TEST] dc connection to 
"dc-test.test.com" succeeded

root at files:~# wbinfo -u
krbtgt
dns-dc-test
guest
administrator
bthomas

root at files:~# wbinfo -g
denied rodc password replication group
domain admins
domain guests
schema admins
allowed rodc password replication group
domain computers
enterprise read-only domain controllers
read-only domain controllers
ras and ias servers
test domain admin
group policy creator owners
domain controllers
dnsadmins
cert publishers
domain users
enterprise admins
dnsupdateproxy

Any help would be greatly apprceated as always.

Thank You, Bob Thomas

Rowland Penny

2018-Mar-28 15:54 UTC

head link

[Samba] Winbind not working on Ubuntu 18.04 Samba 4.8.0 File Sever

On Wed, 28 Mar 2018 11:02:49 -0400
Bob Thomas via samba <samba at lists.samba.org> wrote:
> Good Morning, Ive been trying to test Samba AD on Ubuntu 18.04 using 
> samba version 4.8.0  The DC seems to be working fine all tests have 
> passed.  I was able to connect Win7 RSAT, a Ubuntu workstation and a 
> File server.  My problem is the file server will not give response to 
> 'sudo getent passwd' with or with out username or DOMAIN\username. 
> Everything else works as far as I can tell.
> 
> 
> Service are Running:
> 
>   1777 pts/1    S+     0:00 \_ grep -E --color=auto
> samba|smbd|nmbd|winbindd 643 ?        Ss     0:00 smbd
>    645 ?        S      0:00  \_ smbd
>    646 ?        S      0:00  \_ smbd
>    651 ?        Ss     0:00 nmbd
>   1774 ?        Ss     0:00 winbindd
>   1775 ?        S      0:00  \_ winbindd: domain child [TEST]
> 
> ../source3/winbindd/winbindd_cm.c:569(set_domain_online_request)
>    set_domain_online_request: called for domain TEST
> [2018/03/28 10:23:35.729529, 10, pid=700, effective(0, 0), real(0,
> 0), class=winbind] 
> ../source3/winbindd/winbindd_cm.c:604(set_domain_online_request)
>    set_domain_online_request: domain TEST was globally offline.
>    child_process_request: request fn INIT_CONNECTION
> [2018/03/28 10:23:35.729676,  3, pid=700, effective(0, 0), real(0,
> 0),
> class=winbind] ../source3/winbindd/winbindd_cm.c:2126(connection_ok)
> connection_ok: Connection to (null) for domain TEST is not connected
> [2018/03/28 10:23:35.729883, 10, pid=700, effective(0, 0), real(0,
> 0),
There doesn't seem to be anything really wrong with the conf
files, but winbind appears to be 'offline'

There are known problems with 4.8.0, I wonder if this is linked to
these ?

Rowland

Reasonably Related Threads

Search for more seemingly similar threads

samba - Mar 2018 - Winbind not working on Ubuntu 18.04 Samba 4.8.0 File Sever

[Samba] Winbind not working on Ubuntu 18.04 Samba 4.8.0 File Sever

[Samba] Winbind not working on Ubuntu 18.04 Samba 4.8.0 File Sever

Reasonably Related Threads