Hi Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The log.winbindd-idmap is filled with this: [2010/01/28 10:32:56, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=* [2010/01/28 10:32:56, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: ", *" [2010/01/28 10:32:56, 3] libads/dns.c:343(dns_send_req) ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success) [2010/01/28 10:32:56, 3] libads/dns.c:413(ads_dns_lookup_srv) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) [2010/01/28 10:32:56, 4] libsmb/namequery.c:2004(get_dc_list) get_dc_list: no servers found [2010/01/28 10:32:56, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: ", *" [2010/01/28 10:32:56, 3] libsmb/namequery.c:1225(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c> [2010/01/28 10:32:56, 4] libsmb/namequery.c:839(startlmhosts) startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory [2010/01/28 10:32:56, 3] libsmb/namequery.c:1089(resolve_wins) resolve_wins: Attempting wins lookup for name *<0x1c> [2010/01/28 10:32:56, 3] libsmb/namequery.c:1093(resolve_wins) resolve_wins: WINS server resolution selected and no WINS servers listed. [2010/01/28 10:32:56, 3] libsmb/namequery.c:1016(name_resolve_bcast) name_resolve_bcast: Attempting broadcast lookup for name *<0x1c> [2010/01/28 10:32:57, 4] libsmb/namequery.c:2004(get_dc_list) get_dc_list: no servers found [2010/01/28 10:32:58, 3] libsmb/namequery_dc.c:167(rpc_dc_name) Could not look up dc's for domain * [2010/01/28 10:32:58, 1] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal) ad_idmap_init: failed to connect to AD [2010/01/28 10:32:58, 1] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids) ADS uninitialized: No logon servers The first one is alarming. Why does it try a wildcard? Especially since log.winbindd-dc-connect has this: [2010/01/28 10:41:10, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=AALTO [2010/01/28 10:41:10, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: "DC04.org.aalto.fi, *" [2010/01/28 10:41:10, 4] libsmb/namequery.c:2105(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2010/01/28 10:41:10, 4] libsmb/namequery.c:2106(get_dc_list) get_dc_list: 130.233.251.7:389 130.233.251.6:389 130.233.251.5:389 130.233.251.4:389 [2010/01/28 10:41:10, 3] libads/ldap.c:621(ads_connect) Successfully contacted LDAP server 130.233.251.7 . . . ?? running 3.4.3 on ubuntu devel release. t
On Thu, 28 Jan 2010, Timo Aaltonen wrote:> > Hi > > Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The > log.winbindd-idmap is filled with this:More verbose part of the log where it goes wrong: [2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:479(set_domain_online_request) set_domain_online_request: called for domain AALTO [2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:508(set_domain_online_request) set_domain_online_request: domain AALTO was globally offline. [2010/01/28 13:29:52, 10] lib/events.c:287(s3_event_debug) s3_event: Added timed event "check_domain_online_handler": 0x25635b0 [2010/01/28 13:29:52, 10] lib/events.c:148(get_timed_events_timeout) timed_events_timeout: 4/999954 [2010/01/28 13:29:52, 4] winbindd/winbindd_dual.c:1452(fork_domain_child) child daemon request 51 [2010/01/28 13:29:52, 10] winbindd/winbindd_dual.c:452(child_process_request) child_process_request: request fn DUAL_SID2UID [2010/01/28 13:29:52, 3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid) [26144]: sid to uid S-1-5-21-2413826791-1553473826-2432194272-1265 [2010/01/28 13:29:52, 10] winbindd/idmap_util.c:157(idmap_sid_to_uid) idmap_sid_to_uid: sid = [S-1-5-21-2413826791-1553473826-2432194272-1265], domain = '' [2010/01/28 13:29:52, 10] winbindd/idmap.c:765(idmap_backends_sid_to_unixid) idmap_backends_sid_to_unixid: domain = '', sid = [S-1-5-21-2413826791-1553473826-2432194272-1265] [2010/01/28 13:29:52, 10] winbindd/idmap.c:465(idmap_find_domain) idmap_find_domain called for domain '' I've tried to debug it by setting the breakpoint at winbindd_dual_sid2uid, but couldn't make anything of the backtrace. Suggestions? -- Timo Aaltonen Systems Specialist IT Services, Aalto University School of Science and Technology
On Thu, 28 Jan 2010, Timo Aaltonen wrote:> On Thu, 28 Jan 2010, Timo Aaltonen wrote: > >> >> Hi >> >> Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. >> The log.winbindd-idmap is filled with this: > > More verbose part of the log where it goes wrong:Bollocks. I had to change the config, this works: [global] workgroup = AALTO realm = ORG.AALTO.FI security = ADS kerberos method = system keytab idmap config AALTO : backend = ad idmap config AALTO : readonly = yes idmap config AALTO : schema_mode = rfc2307 idmap config AALTO : range = 1000-4000000000 idmap uid = 1000-4000000000 idmap gid = 1000-4000000000 winbind nss info = rfc2307 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true A summary of the changes: - idmap backend = ad -> idmap config AALTO : backend = ad - add range & idmap uid/gid (- added winbind offline/cache/refresh, but they are irrelevant here) Without setting the range the uid would be mapped to the default value (which I asked about last fall). -- Timo Aaltonen Systems Specialist IT Services, Aalto University School of Science and Technology