samba - Oct 2007 - Win2003 ADS, wbinfo -u and -g almost works

I've been chasing this problem for several days.  I have taken the 
3.0.26a Fedora 7 SRPM from the Samba FTP site and rebuilt it on RedHat 
EL5 and installed it.  It runs, but it has exactly the same problem as 
the original 3.0.23c version.

I can join the domain and 'wbinfo -t' returns OK.

However, 'wbinfo -g' returns only two groups then gives a failure 
message and 'wbinfo -u', doesn't return anything.

So, it almost works.

Can anyone give me a clue on where to look for this problem?

Cheers,

Herman

> I can join the domain and 'wbinfo -t' returns OK.
>
> However, 'wbinfo -g' returns only two groups then gives a failure
> message and 'wbinfo -u', doesn't return anything.
>
> So, it almost works.
>
> Can anyone give me a clue on where to look for this problem?
>
Are there any errors in your samba logs? Can you post your smb.conf
file if it is not huge?

John

>>>>> "herman" == herman 
<herman@aeronetworks.ca> writes:
    herman> I can join the domain and 'wbinfo -t' returns OK.
    herman> However, 'wbinfo -g' returns only two groups then gives a
    herman> failure message and 'wbinfo -u', doesn't return
anything.

    herman> So, it almost works.

Do authentication etc work? My 'wbinfo -u' only return "Error
looking
up domain users" and always had.

I stoped caring when I realized that everything worked as I intended.
An answer to this is more on the 'would be nice to know' and sheer
curiosity so I'm not going to vaste any energy to try to find out.
If you're more curios than me, you migt push on to an answer, and
I might get one to :).


-- 
Why can't programmers tell the difference between
halloween and christmas day? Because 25 DEC = 31 OCT.

"Unless I'm overlooking it in your smb.conf, I don't see

    winbind enum users = Yes
    winbind enum groups = Yes

These should allow you to view the domain users and groups.
Keep in mind that if you have a large number of users, this will be slow."

---
FIXES:
Firstly, I forgot the parameters above.
Secondly, an upgrade to Samba 3.0.26a is also required.

RedHat EL5 ships with Samba 3.0.23c and this version is simply bad news 
when used with an Active Directory server.

The Fedora 7 RPM on the Samba FTP server does not work with RedHat 5, 
but the source RPM will recompile without any modifications and then it 
works.

Thanks guys!

H.

System: Win2003 ADS, Samba 3.0.26a on RHEL5.

I thought I had this fixed but sadly no - it came back.  The situation 
changes when I reboot the PC, or cycle power on the PC.  This indicates 
to me that there is a structure in winbind that is not initialized properly.

wbinfo -t: OK, shows domain joined fine.
wbinfo -g: Shows all groups, or only the first two BUILTIN groups, or 
nothing at all.
wbinfo -u: Shows all users, or no users.

Login works if wbinfo -g shows all groups, fails otherwise.

kinit  user@DOMAIN: works
wbinit -a user%domain: works

[root@ggg-mmm-w000048 ~]# wbinfo -t
checking the trust secret via RPC calls succeeded

[root@ggg-mmm-w000048 ~]# wbinfo -g
BUILTIN+administrators
BUILTIN+users

[root@ggg-mmm-w000048 ~]# wbinfo -u
Error looking up domain users

[root@ggg-mmm-w000048 pam.d]# tail -f /var/log/messages
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: [2007/10/03 15:29:51, 0] 
libsmb/smb_signing.c:signing_good(253)
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: signing_good: BAD SIG: seq 1
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: [2007/10/03 15:29:51, 0] 
libsmb/cliconnect.c:cli_session_setup_blob(586)
Oct 3 15:29:51 ggg-mmm-w000048 winbindd[3288]: cli_session_setup_blob: 
recieve failed (NT_STATUS_LOGON_TYPE_NOT_GRANTED)

Does anyone have any better ideas, or should I get the source code and 
debug it myself?

Cheers,

Herman