Chris Stankevitz
2015-Jan-26 20:27 UTC
[Samba] wbinfo -u and -t: works on one machine, fails on another
Hello,
On machine 1, running Fedora 20, I can get "wbinfo -u" to provide a
list of windows domain "MYCOMPANY.CORP" users by first launching
winbindd and passing this three line conf file:
[global]
workgroup = MYCOMPANY
security = ads
Note that I am somewhat curious as to how wbinfo is able to obtain
this user list even though nowhere do I supply a username or password
of any user or administrator on the MYCOMPANY.CORP domain. I'm also
curious why the conf file uses the term "workgroup" to refer to my
windows domain.
==
Strangely on my Fedora 21 machine, the same process does not work.
/var/log/samba/log.winbindd shows nothing of interest even up to -d
10. Even more strange is that "wbinfo -p" shows success on this
machine even when neither winbindd nor smbd are running.
==
Can you suggest logs/documentation to look at (on linux or windows) to
understand why wbinfo -u fails on one machine but succeeds on another?
FYI I have turned off selinux and firewall for the machine that
fails.
Thank you,
Chris
Rowland Penny
2015-Jan-26 20:45 UTC
[Samba] wbinfo -u and -t: works on one machine, fails on another
On 26/01/15 20:27, Chris Stankevitz wrote:> Hello, > > On machine 1, running Fedora 20, I can get "wbinfo -u" to provide a > list of windows domain "MYCOMPANY.CORP" users by first launching > winbindd and passing this three line conf file: > > [global] > workgroup = MYCOMPANY > security = ads > > Note that I am somewhat curious as to how wbinfo is able to obtain > this user list even though nowhere do I supply a username or password > of any user or administrator on the MYCOMPANY.CORP domain. I'm also > curious why the conf file uses the term "workgroup" to refer to my > windows domain. > > ==> > Strangely on my Fedora 21 machine, the same process does not work. > /var/log/samba/log.winbindd shows nothing of interest even up to -d > 10. Even more strange is that "wbinfo -p" shows success on this > machine even when neither winbindd nor smbd are running. > > ==> > Can you suggest logs/documentation to look at (on linux or windows) to > understand why wbinfo -u fails on one machine but succeeds on another? > FYI I have turned off selinux and firewall for the machine that > fails. > > Thank you, > > ChrisSeeing as how you are using Fedora, it is probably sssd. Rowland
Chris Stankevitz
2015-Jan-29 00:02 UTC
[Samba] wbinfo -u and -t: works on one machine, fails on another
On Mon, Jan 26, 2015 at 12:45 PM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> Seeing as how you are using Fedora, it is probably sssd.Rowland, You were correct. strace led me to a package called sssd-libwbclient which was the source of the problem. I uninstalled sssd-libwbclient (one of many sss-themed packages) and it worked. Afterward I googled "samba sssd-libwbclient" and uncovered a bug report which apparently identifies and fixes the underlying problem: https://bugzilla.redhat.com/show_bug.cgi?id=1175511 Thank you for your help. Had I held more faith in it I would have solved my problem sooner. Chris
Reasonably Related Threads
- wbinfo -u and -t: works on one machine, fails on another
- Winbind have repeat "wbinfo -u" before user can authentication
- net ads and wbinfo are painfully slow -- but they work
- One DC cannot authenticate off of another DC
- Problem mapping extended acls with sssd and samba