Rowland Penny
2015-Apr-14 20:49 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
On 14/04/15 20:59, Adam Tauno Williams wrote:> On Tue, 2015-04-14 at 15:20 +0100, Rowland Penny wrote: >> On 14/04/15 14:59, Adam Tauno Williams wrote: >>> On Thu, 2014-10-30 at 13:41 -0300, Horacio G. de Oro wrote: >>>> Hi! I'm trying to add a member to be used as fileserver, following the >>>> guides at: >>>> - https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >>>> - https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC >>>> The AD server has been in use for month, but I can't get user >>>> information from the new member. The new member was joined to the >>>> directory, and nsswitch was configured. Running 'id username' returns >>>> 'No such user'. >>>> Running 'wbinfo -u' and 'wbinfo -g', 'wbinfo -n username' and 'wbinfo >>>> --sid-to-uid' works OK. Also 'wbinfo --online-status' and 'wbinfo >>>> --ping-dc' >>>> But, when I try 'id username', or 'wbinfo -i username', it fails with >>>> WBC_ERR_DOMAIN_NOT_FOUND >>>> $ wbinfo -i username >>>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND >>>> Could not get info for user username >>>> $ wbinfo -n username >>>> S-1-5-21-3087569779-2873525441-767630994-1118 SID_USER (1) >>>> And using '--sid-to-uid' I got the UID: >>>> $ wbinfo --sid-to-uid S-1-5-21-3087569779-2873525441-767630994-1118 >>>> 10000 Servers ? Web Development in Python & Java ? DevOps ? Big Data >>> I am experiencing much the same issue; wbinfo -u/-g works but getent >>> passwd/group only contains a very partial user list and querying a >>> specific user causes the WBC_ERR_DOMAIN_NOT_FOUND error. Although >>> otherwise the domain is functional and there are active workstations. >>> Did you every identify a solution? >> It should work, it sounds like a mis-configuration somewhere, can you >> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and >> /etc/krb5.conf from the member server. > "wbinfo -u" lists 415 lines > > "getent passwd" returns 93 lines > > A host configured to use nslcd and LDAP directory returns 560 lines for > "getent passwd". > > Samba on client is sernet-samba-4.1.17-11.el6.x86_64, AD DCs are all > sernet-samba-4.0.21-7.el6.x86_64 > > [root at barbel profiles]# wbinfo -i cleslie > failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE > > > /etc/samba/smb.conf > ################### > > idmap_ldb:use rfc2307 = yes > idmap config *:backend = tdb > idmap config *:range = 4000001-4999999 > idmap config BACKBONE:backend = ad > idmap config BACKBONE:schema_mode = rfc2307 > idmap config BACKBONE:range = 100-400000 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = Yes > winbind expand groups = 4 > winbind normalize names = Yes > domain master = no > local master = no > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > >Is this the smb.conf from the AD DC or the member server ? If it is the later, you don't need this : idmap_ldb:use rfc2307 = yes It should only be on the DC. wbinfo connects to the AD DC differently to the way getent does, so the fact that another machine lists the users, shows that the backend is setup correctly (unless nlscd is creating the IDs on the fly). winbind relies on the uidNumber & gidNumber attributes being in smb.conf and the attributes being inside the range you set in smb.conf '100-400000' (by the way, you do know that this could pull in some of the local system users). What are the 'passwd' & 'group' lines in /etc/nsswitch.conf ? What is in /etc/krb5.conf ? what kerberos have you got installed ? (don't know if this makes any difference, but would be good to know) Does /etc/resolv.conf point to the samba4 AD DC ? Can you 'kinit' as Administrator ? and as a normal user? finally, why 'whitemice' ??? Rowland
Adam Tauno Williams
2015-Apr-15 20:01 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
Quoting Rowland Penny <rowlandpenny at googlemail.com>:> On 14/04/15 20:59, Adam Tauno Williams wrote: >> On Tue, 2015-04-14 at 15:20 +0100, Rowland Penny wrote: >>> On 14/04/15 14:59, Adam Tauno Williams wrote: >>>> On Thu, 2014-10-30 at 13:41 -0300, Horacio G. de Oro wrote: >>>>> Hi! I'm trying to add a member to be used as fileserver, following the >>>>> guides at: >>>>> - https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >>>>> - https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC >>>>> The AD server has been in use for month, but I can't get user >>>>> information from the new member. The new member was joined to the >>>>> directory, and nsswitch was configured. Running 'id username' returns >>>>> 'No such user'. >>>>> Running 'wbinfo -u' and 'wbinfo -g', 'wbinfo -n username' and 'wbinfo >>>>> --sid-to-uid' works OK. Also 'wbinfo --online-status' and 'wbinfo >>>>> --ping-dc' >>>>> But, when I try 'id username', or 'wbinfo -i username', it fails with >>>>> WBC_ERR_DOMAIN_NOT_FOUND >>>>> $ wbinfo -i username >>>>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND >>>>> Could not get info for user username >>>>> $ wbinfo -n username >>>>> S-1-5-21-3087569779-2873525441-767630994-1118 SID_USER (1) >>>>> And using '--sid-to-uid' I got the UID: >>>>> $ wbinfo --sid-to-uid S-1-5-21-3087569779-2873525441-767630994-1118 >>>>> 10000 Servers ? Web Development in Python & Java ? DevOps ? Big Data >>>> I am experiencing much the same issue; wbinfo -u/-g works but getent >>>> passwd/group only contains a very partial user list and querying a >>>> specific user causes the WBC_ERR_DOMAIN_NOT_FOUND error. Although >>>> otherwise the domain is functional and there are active workstations. >>>> Did you every identify a solution? >>> It should work, it sounds like a mis-configuration somewhere, can you >>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and >>> /etc/krb5.conf from the member server. >> "wbinfo -u" lists 415 lines >> "getent passwd" returns 93 lines >> A host configured to use nslcd and LDAP directory returns 560 lines for >> "getent passwd". >> Samba on client is sernet-samba-4.1.17-11.el6.x86_64, AD DCs are all >> sernet-samba-4.0.21-7.el6.x86_64 >> [root at barbel profiles]# wbinfo -i cleslie >> failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE > Is this the smb.conf from the AD DC or the member server ? > If it is the later, you don't need this : idmap_ldb:use rfc2307 = yes > It should only be on the DC.Removed that, it has no effect. [root at test123 ~]# wbinfo -i steve failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user steve [root at test123 ~]# id steve id: steve: No such user [root at test123 ~]# wbinfo -u | grep steve steve> wbinfo connects to the AD DC differently to the way getent does, so > the fact that another machine lists the users, shows that the > backend is setup correctly (unless nlscd is creating the IDs on the > fly). winbind relies on the uidNumber & gidNumber attributes being > in smb.conf and the attributes being inside the range you set in > smb.conf '100-400000' (by the way, you do know that this could pull > in some of the local system users).I'm aware of the overlap issues, this is an ancient site, all those ids are managed.> What are the 'passwd' & 'group' lines in /etc/nsswitch.conf ?passwd: files winbind group: files winbind> What is in /etc/krb5.conf ? > what kerberos have you got installed ? (don't know if this makes any > difference, but would be good to know)Kerberos works. [root at test123 ~]# kinit adam at MICORE.US Password for adam at MICORE.US: [root at test123 ~]# [root at test123 ~]# kinit Administrator at MICORE.US Password for Administrator at MICORE.US: Warning: Your password will expire in 147 days on Wed Sep 9 21:13:23 2015 [root at test123 ~> Does /etc/resolv.conf point to the samba4 AD DC ?Yes.> Can you 'kinit' as Administrator ? > and as a normal user?See above.> finally, why 'whitemice' ???Long story. :)
Rowland Penny
2015-Apr-15 20:21 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
On 15/04/15 21:01, Adam Tauno Williams wrote:> Quoting Rowland Penny <rowlandpenny at googlemail.com>: > >> On 14/04/15 20:59, Adam Tauno Williams wrote: >>> On Tue, 2015-04-14 at 15:20 +0100, Rowland Penny wrote: >>>> On 14/04/15 14:59, Adam Tauno Williams wrote: >>>>> On Thu, 2014-10-30 at 13:41 -0300, Horacio G. de Oro wrote: >>>>>> Hi! I'm trying to add a member to be used as fileserver, >>>>>> following the >>>>>> guides at: >>>>>> - https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >>>>>> - https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC >>>>>> The AD server has been in use for month, but I can't get user >>>>>> information from the new member. The new member was joined to the >>>>>> directory, and nsswitch was configured. Running 'id username' >>>>>> returns >>>>>> 'No such user'. >>>>>> Running 'wbinfo -u' and 'wbinfo -g', 'wbinfo -n username' and >>>>>> 'wbinfo >>>>>> --sid-to-uid' works OK. Also 'wbinfo --online-status' and 'wbinfo >>>>>> --ping-dc' >>>>>> But, when I try 'id username', or 'wbinfo -i username', it fails >>>>>> with >>>>>> WBC_ERR_DOMAIN_NOT_FOUND >>>>>> $ wbinfo -i username >>>>>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND >>>>>> Could not get info for user username >>>>>> $ wbinfo -n username >>>>>> S-1-5-21-3087569779-2873525441-767630994-1118 SID_USER (1) >>>>>> And using '--sid-to-uid' I got the UID: >>>>>> $ wbinfo --sid-to-uid S-1-5-21-3087569779-2873525441-767630994-1118 >>>>>> 10000 Servers ? Web Development in Python & Java ? DevOps ? Big Data >>>>> I am experiencing much the same issue; wbinfo -u/-g works but getent >>>>> passwd/group only contains a very partial user list and querying a >>>>> specific user causes the WBC_ERR_DOMAIN_NOT_FOUND error. Although >>>>> otherwise the domain is functional and there are active workstations. >>>>> Did you every identify a solution? >>>> It should work, it sounds like a mis-configuration somewhere, can you >>>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and >>>> /etc/krb5.conf from the member server. >>> "wbinfo -u" lists 415 lines >>> "getent passwd" returns 93 lines >>> A host configured to use nslcd and LDAP directory returns 560 lines for >>> "getent passwd". >>> Samba on client is sernet-samba-4.1.17-11.el6.x86_64, AD DCs are all >>> sernet-samba-4.0.21-7.el6.x86_64 >>> [root at barbel profiles]# wbinfo -i cleslie >>> failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE >> Is this the smb.conf from the AD DC or the member server ? >> If it is the later, you don't need this : idmap_ldb:use rfc2307 = yes >> It should only be on the DC. > > Removed that, it has no effect. > > [root at test123 ~]# wbinfo -i steve > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user steve > [root at test123 ~]# id steve > id: steve: No such user > [root at test123 ~]# wbinfo -u | grep steve > steve > >> wbinfo connects to the AD DC differently to the way getent does, so >> the fact that another machine lists the users, shows that the backend >> is setup correctly (unless nlscd is creating the IDs on the fly). >> winbind relies on the uidNumber & gidNumber attributes being in >> smb.conf and the attributes being inside the range you set in >> smb.conf '100-400000' (by the way, you do know that this could pull >> in some of the local system users). > > I'm aware of the overlap issues, this is an ancient site, all those > ids are managed. > >> What are the 'passwd' & 'group' lines in /etc/nsswitch.conf ? > > > passwd: files winbind > group: files winbind > >> What is in /etc/krb5.conf ? >> what kerberos have you got installed ? (don't know if this makes any >> difference, but would be good to know) > > Kerberos works. > > [root at test123 ~]# kinit adam at MICORE.US > Password for adam at MICORE.US: > [root at test123 ~]# > > [root at test123 ~]# kinit Administrator at MICORE.US > Password for Administrator at MICORE.US: > Warning: Your password will expire in 147 days on Wed Sep 9 21:13:23 > 2015 > [root at test123 ~ > >> Does /etc/resolv.conf point to the samba4 AD DC ? > > Yes. > >> Can you 'kinit' as Administrator ? >> and as a normal user? > > See above. > >> finally, why 'whitemice' ??? > > Long story. :) >Just had a thought, you say you set up the member server following this : https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server When did you follow this ? I added a part about a missing pam config file at the beginning of this month, the file is missing from the debian sernet packages, I wonder if the centos variant of the same file is also missing from the sernet centos packages ? without the file the sernet debian packages don't seem to work as member server. Rowland
Adam Tauno Williams
2015-Apr-15 20:26 UTC
[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
Quoting Adam Tauno Williams <awilliam at whitemice.org>:>>>> It should work, it sounds like a mis-configuration somewhere, can you >>>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and >>>> /etc/krb5.conf from the member server. >>> "wbinfo -u" lists 415 lines >>> "getent passwd" returns 93 lines >>> A host configured to use nslcd and LDAP directory returns 560 lines for >>> "getent passwd". >>> Samba on client is sernet-samba-4.1.17-11.el6.x86_64, AD DCs are all >>> sernet-samba-4.0.21-7.el6.x86_64 >>> [root at barbel profiles]# wbinfo -i cleslie >>> failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE >> Is this the smb.conf from the AD DC or the member server ? >> If it is the later, you don't need this : idmap_ldb:use rfc2307 = yes >> It should only be on the DC. > > Removed that, it has no effect. > > [root at test123 ~]# wbinfo -i steve > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user steve > [root at test123 ~]# id steve > id: steve: No such user > [root at test123 ~]# wbinfo -u | grep steve > steveHere is a debug level 10 from winbind when making the wbinfo -i request 2015/04/15 16:22:19.609439, 5, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:270(ads_try_connect) ads_try_connect: sending CLDAP request to 192.168.1.79 (realm: micore.us) [2015/04/15 16:22:19.613245, 1, pid=9576, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000003fc (1020) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : abebb63d-5fea-41fa-a061-36136b10964f forest : 'micore.us' dns_domain : 'micore.us' pdc_dns_name : 'larkin28.micore.us' domain_name : 'BACKBONE' pdc_name : 'LARKIN28' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2015/04/15 16:22:19.614906, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [BACKBONE], sitename = [Default-First-Site-Name], expire = [2085923199] [2015/04/15 16:22:19.615117, 10, pid=9576, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for AD_SITENAME/DOMAIN/BACKBONE, we already got it [2015/04/15 16:22:19.615196, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [micore.us], sitename = [Default-First-Site-Name], expire = [2085923199] [2015/04/15 16:22:19.615275, 10, pid=9576, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for AD_SITENAME/DOMAIN/MICORE.US, we already got it [2015/04/15 16:22:19.615373, 3, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:680(ads_connect) Successfully contacted LDAP server 192.168.1.79 [2015/04/15 16:22:19.615457, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:70(ldap_open_with_timeout) Opening connection to LDAP server 'larkin28.micore.us:389', timeout 15 seconds [2015/04/15 16:22:19.616733, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:118(ldap_open_with_timeout) Connected to LDAP server 'larkin28.micore.us:389' [2015/04/15 16:22:19.616830, 3, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:723(ads_connect) Connected to LDAP server larkin28.micore.us [2015/04/15 16:22:19.616903, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:222(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2015/04/15 16:22:19.617083, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:86(saf_store) saf_store: domain = [BACKBONE], server = [larkin28.micore.us], expire = [1429130239] [2015/04/15 16:22:19.617169, 10, pid=9576, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for SAF/DOMAIN/BACKBONE, we already got it [2015/04/15 16:22:19.617268, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libsmb/namequery.c:86(saf_store) saf_store: domain = [micore.us], server = [larkin28.micore.us], expire = [1429130239] [2015/04/15 16:22:19.617377, 10, pid=9576, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for SAF/DOMAIN/MICORE.US, we already got it [2015/04/15 16:22:19.623553, 4, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:3002(ads_current_time) KDC time offset is 0 seconds [2015/04/15 16:22:19.624101, 4, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:1312(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2015/04/15 16:22:19.625174, 3, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:963(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2015/04/15 16:22:19.625274, 3, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:963(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2015/04/15 16:22:19.625345, 3, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:963(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2015/04/15 16:22:19.625415, 3, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/sasl.c:972(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178 at please_ignore [2015/04/15 16:22:19.625600, 3, pid=9576, effective(0, 0), real(0, 0)] ../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Thu, 16 Apr 2015 02:22:19 EDT [2015/04/15 16:22:19.625695, 10, pid=9576, effective(0, 0), real(0, 0)] ../lib/krb5_wrap/krb5_samba.c:533(ads_krb5_mk_req) ads_krb5_mk_req: Ticket (ldap/larkin28.micore.us at MICORE.US) in ccache (MEMORY:winbind_ccache) is valid until: (Thu, 16 Apr 2015 02:22:19 EDT - 1429165339) [2015/04/15 16:22:19.625841, 10, pid=9576, effective(0, 0), real(0, 0)] ../lib/krb5_wrap/krb5_samba.c:776(get_krb5_smb_session_key) Got KRB5 session key of length 16 [2015/04/15 16:22:19.633477, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap_schema.c:231(ads_check_posix_schema_mapping) ads_check_posix_schema_mapping for schema mode: 3 [2015/04/15 16:22:19.725986, 5, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal) Search for (|(attributeId=1.3.6.1.1.1.1.0)(attributeId=1.3.6.1.1.1.1.1)(attributeId=1.3.6.1.1.1.1.3)(attributeId=1.3.6.1.1.1.1.4)(attributeId=1.3.6.1.1.1.1.2)(attributeId=0.9.2342.19200300.100.1.1)) in <CN=Schema,CN=Configuration,DC=micore,DC=us> gave 6 replies OID 1.3.6.1.1.1.1.0 has name: uidNumber OID 1.3.6.1.1.1.1.1 has name: gidNumber OID 0.9.2342.19200300.100.1.1 has name: uid OID 1.3.6.1.1.1.1.3 has name: unixHomeDirectory OID 1.3.6.1.1.1.1.2 has name: gecos OID 1.3.6.1.1.1.1.4 has name: loginShell [2015/04/15 16:22:19.870445, 5, pid=9576, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal) Search for (uid=steve) in <dc=MICORE,dc=US> gave 0 replies [2015/04/15 16:22:19.870701, 5, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1272(resolve_alias_to_username) resolve_alias_to_username: backend query returned NT_STATUS_OBJECT_NAME_NOT_FOUND [2015/04/15 16:22:19.871341, 1, pid=9576, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'BACKBONE' name : * name : 'STEVE' flags : 0x00000008 (8) [2015/04/15 16:22:19.918433, 1, pid=9576, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406 result : NT_STATUS_OK [2015/04/15 16:22:19.918869, 1, pid=9576, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) wbint_QueryUser: struct wbint_QueryUser in: struct wbint_QueryUser sid : * sid : S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406 [2015/04/15 16:22:20.124117, 1, pid=9576, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) wbint_QueryUser: struct wbint_QueryUser out: struct wbint_QueryUser info : * info: struct wbint_userinfo acct_name : * acct_name : 'steve' full_name : * full_name : 'steve' homedir : * homedir : '/home/steve' shell : * shell : '/bin/ksh' primary_gid : 0x00000000000000e6 (230) user_sid : S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406 group_sid : S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513 result : NT_STATUS_OK [2015/04/15 16:22:20.124742, 10, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send) SID 0: S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406 [2015/04/15 16:22:20.124897, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406]: value=[203:U] [2015/04/15 16:22:20.125024, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406]: id=[203], endptr=[:U] [2015/04/15 16:22:20.125185, 10, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:791(find_lookup_domain_from_sid) find_lookup_domain_from_sid(S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513) [2015/04/15 16:22:20.125326, 10, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:801(find_lookup_domain_from_sid) calling find_our_domain [2015/04/15 16:22:20.125420, 1, pid=9576, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513 [2015/04/15 16:22:20.139329, 1, pid=9576, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'BACKBONE' name : * name : * name : 'Domain_Users' result : NT_STATUS_OK [2015/04/15 16:22:20.139720, 10, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send) SID 0: S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513 [2015/04/15 16:22:20.139826, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513]: value=[-1:N] [2015/04/15 16:22:20.139900, 10, pid=9576, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513]: id=[4294967295], endptr=[:N] [2015/04/15 16:22:20.140053, 5, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv) Could not convert sid S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406: NT_STATUS_NONE_MAPPED [2015/04/15 16:22:20.140166, 10, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:755(wb_request_done) wb_request_done[9584:GETPWNAM]: NT_STATUS_NONE_MAPPED [2015/04/15 16:22:20.142258, 10, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:816(winbind_client_response_written) winbind_client_response_written[9584:GETPWNAM]: delivered response to client [2015/04/15 16:22:20.142450, 6, pid=9576, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:918(winbind_client_request_read)