Hi
Oracle Linux Server client with Samba 3.6.23 (file server) joined to the
Samba4 AD domain.
----------------
smb.conf
[global]
#--authconfig--start-line--
netbios name = FS
server string = "GSDAD Fileserver"
workgroup = GSDAD
realm = AD.GSD.LAN
security = ads
winbind use default domain = yes
idmap config * : backend = rid
idmap config * : range = 16777216-33554431
template shell = /sbin/nologin
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
idmap cache time = 15
idmap negative cache time = 15
log level = 2
hide dot files = yes
hide unreadable = yes
access based share enum = yes
wide links = Yes
unix extensions = No
follow symlinks = Yes
socket options = TCP_NODELAY IPTOS_THROUGHPUT
vfs objects = full_audit
full_audit:prefix = %u|%I|%S
full_audit:success = mkdir rename rmdir write unlink pwrite
full_audit:failure = none
recycle:repository = .deleted/%U
recycle:keeptree = No
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsixe = 0
;recycle:exclude = *.tmp *.ini *.dat
;recycle:exclude_dir = /tmp /home /home/* /storage/samba/homes
/storage/samba/homes/*
keepalive = 300
deadtime = 10
include = /etc/samba/smb.conf.shares
#--authconfig--end-line--
----------------
getent passwd and wbinfo -u returns all AD users correctly
wbinfo -g returns all AD groups correctly
getent group fails. Only local groups are returned.
------------
log.winbindd
winbindd/winbindd_group.c:45(fill_grent)
winbindd Failed to find domain 'GSD-DOK'. Check connection to
trusted
domains!
------------
'GSD-DOK' it is group in AD
I set log level = 10
----------
log.winbindd
2015/05/15 12:28:38.557668, 6] winbindd/winbindd.c:822(new_connection)
accepted socket 23
[2015/05/15 12:28:38.558409, 10] winbindd/winbindd.c:672(process_request)
process_request: request fn INTERFACE_VERSION
[2015/05/15 12:28:38.558654, 3]
winbindd/winbindd_misc.c:384(winbindd_interface_version)
[ 2718]: request interface version
[2015/05/15 12:28:38.558905, 10]
winbindd/winbindd.c:768(winbind_client_response_written)
winbind_client_response_written[2718:INTERFACE_VERSION]: delivered
response to client
[2015/05/15 12:28:38.559251, 10] winbindd/winbindd.c:672(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2015/05/15 12:28:38.559482, 3]
winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
[ 2718]: request location of privileged pipe
[2015/05/15 12:28:38.559999, 10]
winbindd/winbindd.c:768(winbind_client_response_written)
winbind_client_response_written[2718:WINBINDD_PRIV_PIPE_DIR]: delivered
response to client
[2015/05/15 12:28:38.560401, 6] winbindd/winbindd.c:822(new_connection)
accepted socket 30
[2015/05/15 12:28:38.560682, 6]
winbindd/winbindd.c:870(winbind_client_request_read)
closing socket 23, client exited
[2015/05/15 12:28:38.560948, 10] winbindd/winbindd.c:645(process_request)
process_request: Handling async request 2718:GETGRNAM
[2015/05/15 12:28:38.561267, 3]
winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
getgrnam GSD-it
[2015/05/15 12:28:38.561509, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'GSDAD'
name : *
name : 'GSD-IT'
flags : 0x00000000 (0)
[2015/05/15 12:28:38.562552, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_DOM_GRP (2)
sid : *
sid :
S-1-5-21-678467049-2606551726-923385481-1113
result : NT_STATUS_OK
[2015/05/15 12:28:38.563484, 10]
winbindd/winbindd_util.c:787(find_lookup_domain_from_sid)
find_lookup_domain_from_sid(S-1-5-21-678467049-2606551726-923385481-1113)
[2015/05/15 12:28:38.563779, 10]
winbindd/winbindd_util.c:797(find_lookup_domain_from_sid)
calling find_our_domain
[2015/05/15 12:28:38.564038, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
in: struct wbint_LookupSid
sid : *
sid :
S-1-5-21-678467049-2606551726-923385481-1113
[2015/05/15 12:28:38.564524, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
out: struct wbint_LookupSid
type : *
type : SID_NAME_DOM_GRP (2)
domain : *
domain : *
domain : 'GSD-IT'
name : *
name : *
name : ''
result : NT_STATUS_OK
[2015/05/15 12:28:38.565800, 10] lib/gencache.c:183(gencache_set_data_blob)
Adding cache entry with key
IDMAP/SID2GID/S-1-5-21-678467049-2606551726-923385481-1113 and timeout Thu Jan
1 01:00:00 1970
(-1431685718 seconds in the past)
[2015/05/15 12:28:38.566636, 10]
winbindd/winbindd_util.c:787(find_lookup_domain_from_sid)
find_lookup_domain_from_sid(S-1-5-21-678467049-2606551726-923385481-1113)
[2015/05/15 12:28:38.566880, 10]
winbindd/winbindd_util.c:797(find_lookup_domain_from_sid)
calling find_our_domain
[2015/05/15 12:28:38.567127, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
in: struct wbint_LookupSid
sid : *
sid :
S-1-5-21-678467049-2606551726-923385481-1113
[2015/05/15 12:28:38.567677, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
out: struct wbint_LookupSid
type : *
type : SID_NAME_DOM_GRP (2)
domain : *
domain : *
domain : 'GSD-IT'
name : *
name : *
name : ''
result : NT_STATUS_OK
[2015/05/15 12:28:38.568904, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_Sid2Gid: struct wbint_Sid2Gid
in: struct wbint_Sid2Gid
dom_name : NULL
sid : *
sid :
S-1-5-21-678467049-2606551726-923385481-1113
[2015/05/15 12:28:38.575264, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_Sid2Gid: struct wbint_Sid2Gid
out: struct wbint_Sid2Gid
gid : *
gid : 0x0000000001000459 (16778329)
result : NT_STATUS_OK
[2015/05/15 12:28:38.575852, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupGroupMembers: struct wbint_LookupGroupMembers
in: struct wbint_LookupGroupMembers
sid : *
sid :
S-1-5-21-678467049-2606551726-923385481-1113
type : SID_NAME_DOM_GRP (2)
[2015/05/15 12:28:38.576075, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupGroupMembers: struct wbint_LookupGroupMembers
out: struct wbint_LookupGroupMembers
members : *
members: struct wbint_Principals
num_principals : 4
principals: ARRAY(4)
principals: struct wbint_Principal
sid :
S-1-5-21-678467049-2606551726-923385481-1613
type : SID_NAME_USER (1)
name : *
name : 'tnowak'
principals: struct wbint_Principal
sid :
S-1-5-21-678467049-2606551726-923385481-1108
type : SID_NAME_USER (1)
name : *
name :
'plewandowski'
principals: struct wbint_Principal
sid :
S-1-5-21-678467049-2606551726-923385481-1602
type : SID_NAME_USER (1)
name : *
name : 'kbet'
principals: struct wbint_Principal
sid :
S-1-5-21-678467049-2606551726-923385481-1625
type : SID_NAME_USER (1)
name : *
name : 'drukGSD'
result : NT_STATUS_OK
[2015/05/15 12:28:38.579554, 0] winbindd/winbindd_group.c:45(fill_grent)
Failed to find domain 'GSD-IT'. Check connection to trusted domains!
[2015/05/15 12:28:38.580456, 5]
winbindd/winbindd_getgrnam.c:152(winbindd_getgrnam_recv)
fill_grent failed
[2015/05/15 12:28:38.581716, 10] winbindd/winbindd.c:707(wb_request_done)
wb_request_done[2718:GETGRNAM]: NT_STATUS_NO_MEMORY
[2015/05/15 12:28:38.589246, 10]
winbindd/winbindd.c:768(winbind_client_response_written)
winbind_client_response_written[2718:GETGRNAM]: delivered response to
client
[2015/05/15 12:28:38.589653, 6]
winbindd/winbindd.c:870(winbind_client_request_read)
closing socket 30, client exited
----------
Any ideas anyone?
Cheers,
Tom
On 18/05/15 09:08, Tomasz B?asiak wrote:> Hi > Oracle Linux Server client with Samba 3.6.23 (file server) joined to the > Samba4 AD domain. > ---------------- > smb.conf > [global] > #--authconfig--start-line-- > netbios name = FS > server string = "GSDAD Fileserver" > workgroup = GSDAD > realm = AD.GSD.LAN > security = ads > winbind use default domain = yes > idmap config * : backend = rid > idmap config * : range = 16777216-33554431 > template shell = /sbin/nologin > winbind offline logon = false > winbind enum users = yes > winbind enum groups = yes > idmap cache time = 15 > idmap negative cache time = 15 > log level = 2 > > hide dot files = yes > hide unreadable = yes > access based share enum = yes > > wide links = Yes > unix extensions = No > follow symlinks = Yes > socket options = TCP_NODELAY IPTOS_THROUGHPUT > > vfs objects = full_audit > full_audit:prefix = %u|%I|%S > full_audit:success = mkdir rename rmdir write unlink pwrite > full_audit:failure = none > recycle:repository = .deleted/%U > recycle:keeptree = No > recycle:touch = Yes > recycle:versions = Yes > recycle:maxsixe = 0 > ;recycle:exclude = *.tmp *.ini *.dat > ;recycle:exclude_dir = /tmp /home /home/* /storage/samba/homes > /storage/samba/homes/* > > keepalive = 300 > deadtime = 10 > > include = /etc/samba/smb.conf.shares > #--authconfig--end-line-- > ---------------- > > getent passwd and wbinfo -u returns all AD users correctly > wbinfo -g returns all AD groups correctly > getent group fails. Only local groups are returned. > > ------------ > log.winbindd > winbindd/winbindd_group.c:45(fill_grent) > winbindd Failed to find domain 'GSD-DOK'. Check connection to trusted > domains! > ------------ > > 'GSD-DOK' it is group in AD > I set log level = 10 > > ---------- > log.winbindd > > 2015/05/15 12:28:38.557668, 6] winbindd/winbindd.c:822(new_connection) > accepted socket 23 > [2015/05/15 12:28:38.558409, 10] winbindd/winbindd.c:672(process_request) > process_request: request fn INTERFACE_VERSION > [2015/05/15 12:28:38.558654, 3] > winbindd/winbindd_misc.c:384(winbindd_interface_version) > [ 2718]: request interface version > [2015/05/15 12:28:38.558905, 10] > winbindd/winbindd.c:768(winbind_client_response_written) > winbind_client_response_written[2718:INTERFACE_VERSION]: delivered > response to client > [2015/05/15 12:28:38.559251, 10] winbindd/winbindd.c:672(process_request) > process_request: request fn WINBINDD_PRIV_PIPE_DIR > [2015/05/15 12:28:38.559482, 3] > winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) > [ 2718]: request location of privileged pipe > [2015/05/15 12:28:38.559999, 10] > winbindd/winbindd.c:768(winbind_client_response_written) > winbind_client_response_written[2718:WINBINDD_PRIV_PIPE_DIR]: delivered > response to client > [2015/05/15 12:28:38.560401, 6] winbindd/winbindd.c:822(new_connection) > accepted socket 30 > [2015/05/15 12:28:38.560682, 6] > winbindd/winbindd.c:870(winbind_client_request_read) > closing socket 23, client exited > [2015/05/15 12:28:38.560948, 10] winbindd/winbindd.c:645(process_request) > process_request: Handling async request 2718:GETGRNAM > [2015/05/15 12:28:38.561267, 3] > winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) > getgrnam GSD-it > [2015/05/15 12:28:38.561509, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'GSDAD' > name : * > name : 'GSD-IT' > flags : 0x00000000 (0) > [2015/05/15 12:28:38.562552, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_DOM_GRP (2) > sid : * > sid : > S-1-5-21-678467049-2606551726-923385481-1113 > result : NT_STATUS_OK > [2015/05/15 12:28:38.563484, 10] > winbindd/winbindd_util.c:787(find_lookup_domain_from_sid) > find_lookup_domain_from_sid(S-1-5-21-678467049-2606551726-923385481-1113) > [2015/05/15 12:28:38.563779, 10] > winbindd/winbindd_util.c:797(find_lookup_domain_from_sid) > calling find_our_domain > [2015/05/15 12:28:38.564038, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : > S-1-5-21-678467049-2606551726-923385481-1113 > [2015/05/15 12:28:38.564524, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'GSD-IT' > name : * > name : * > name : '' > result : NT_STATUS_OK > [2015/05/15 12:28:38.565800, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key > IDMAP/SID2GID/S-1-5-21-678467049-2606551726-923385481-1113 and timeout > Thu Jan 1 01:00:00 1970 > (-1431685718 seconds in the past) > [2015/05/15 12:28:38.566636, 10] > winbindd/winbindd_util.c:787(find_lookup_domain_from_sid) > find_lookup_domain_from_sid(S-1-5-21-678467049-2606551726-923385481-1113) > [2015/05/15 12:28:38.566880, 10] > winbindd/winbindd_util.c:797(find_lookup_domain_from_sid) > calling find_our_domain > [2015/05/15 12:28:38.567127, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : > S-1-5-21-678467049-2606551726-923385481-1113 > [2015/05/15 12:28:38.567677, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'GSD-IT' > name : * > name : * > name : '' > result : NT_STATUS_OK > [2015/05/15 12:28:38.568904, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_Sid2Gid: struct wbint_Sid2Gid > in: struct wbint_Sid2Gid > dom_name : NULL > sid : * > sid : > S-1-5-21-678467049-2606551726-923385481-1113 > [2015/05/15 12:28:38.575264, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_Sid2Gid: struct wbint_Sid2Gid > out: struct wbint_Sid2Gid > gid : * > gid : 0x0000000001000459 (16778329) > result : NT_STATUS_OK > [2015/05/15 12:28:38.575852, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupGroupMembers: struct wbint_LookupGroupMembers > in: struct wbint_LookupGroupMembers > sid : * > sid : > S-1-5-21-678467049-2606551726-923385481-1113 > type : SID_NAME_DOM_GRP (2) > [2015/05/15 12:28:38.576075, 1] > ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > wbint_LookupGroupMembers: struct wbint_LookupGroupMembers > out: struct wbint_LookupGroupMembers > members : * > members: struct wbint_Principals > num_principals : 4 > principals: ARRAY(4) > principals: struct wbint_Principal > sid : > S-1-5-21-678467049-2606551726-923385481-1613 > type : SID_NAME_USER (1) > name : * > name : 'tnowak' > principals: struct wbint_Principal > sid : > S-1-5-21-678467049-2606551726-923385481-1108 > type : SID_NAME_USER (1) > name : * > name : 'plewandowski' > principals: struct wbint_Principal > sid : > S-1-5-21-678467049-2606551726-923385481-1602 > type : SID_NAME_USER (1) > name : * > name : 'kbet' > principals: struct wbint_Principal > sid : > S-1-5-21-678467049-2606551726-923385481-1625 > type : SID_NAME_USER (1) > name : * > name : 'drukGSD' > result : NT_STATUS_OK > [2015/05/15 12:28:38.579554, 0] winbindd/winbindd_group.c:45(fill_grent) > Failed to find domain 'GSD-IT'. Check connection to trusted domains! > [2015/05/15 12:28:38.580456, 5] > winbindd/winbindd_getgrnam.c:152(winbindd_getgrnam_recv) > fill_grent failed > [2015/05/15 12:28:38.581716, 10] winbindd/winbindd.c:707(wb_request_done) > wb_request_done[2718:GETGRNAM]: NT_STATUS_NO_MEMORY > [2015/05/15 12:28:38.589246, 10] > winbindd/winbindd.c:768(winbind_client_response_written) > winbind_client_response_written[2718:GETGRNAM]: delivered response to > client > [2015/05/15 12:28:38.589653, 6] > winbindd/winbindd.c:870(winbind_client_request_read) > closing socket 30, client exited > > ---------- > > > > Any ideas anyone? > Cheers, > TomKnow problem, does 'getent group <a domain group>' work ? Rowland