Dimitar Hristov
2016-Apr-20 11:23 UTC
[Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
Hi list, I'd like to update you on the issue, as I did some more tests. First, I've added some directives to smb.conf (in italic): [global] netbios name = testserver security = ADS workgroup = EXAMPLE realm = EXAMPLE.COM log file = /var/log/samba/%m.log log level = 10 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind separator = + client ldap sasl wrapping = plain idmap config EXAMPLE : backend = ad idmap config EXAMPLE:schema_mode = rfc2307 idmap config EXAMPLE:range = 10000-99999 winbind nss info = rfc2307 load printers = no printing = bsd printcap name = /dev/null With "client ldap sasl wrapping = plain" set, the domain doesn't go "offline". This can be seen by comparing the partial log output after "wbinfo -g", with the one in my first email. Also, I have tested joining a newly provisioned machine to the domain with 4.2.3 and 4.2.10 - it works without any issues when using 4.2.3, and it doesn't work with 4.2.10. I used "net ads join" with debuglevel=1, please see the output (working one - with 4.2.3, and not working - with 4.2.10): ### Join with samba 4.2.10### net ads join -U Administrator --debuglevel=1 Enter Administrator's password: libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'TESTSERVER' domain_name : * domain_name : 'EXAMPLE.COM' account_ou : NULL admin_account : 'Administrator' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'EXAMPLE' dns_domain_name : 'example.com' forest_name : 'example.com' dn : NULL domain_sid : * domain_sid : S-1-5-21-1214440339-1979792683-1801674531 modified_config : 0x00 (0) error_string : 'Failed to set machine spn: Time limit exceeded Do you have sufficient permissions to create machine accounts?' domain_is_ad : 0x01 (1) result : WERR_GENERAL_FAILURE Failed to join domain: Failed to set machine spn: Time limit exceeded Do you have sufficient permissions to create machine accounts? ### End join with samba 4.2.10 ### ### Join with samba 4.2.3 ### net ads join -U Administrator --debuglevel=1 Enter Administrator's password: libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'TESTSERVER' domain_name : * domain_name : 'EXAMPLE.COM' account_ou : NULL admin_account : 'Administrator' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'EXAMPLE' dns_domain_name : 'example.com' forest_name : 'example.com' dn : 'CN=testserver,OU=DefaultBin,DC=example,DC=com' domain_sid : * domain_sid : S-1-5-21-1214440339-1979792683-1801674531 modified_config : 0x00 (0) error_string : NULL domain_is_ad : 0x01 (1) result : WERR_OK Using short domain name -- EXAMPLE Joined 'TESTSERVER' to dns domain 'example.com' ### End join with samba 4.2.3 ### ###/var/log/samba/winbind.log - after "wbinfo -g"### [2016/04/20 14:01:44.879293, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request) process_request: Handling async request 2429:LIST_GROUPS [2016/04/20 14:01:44.879299, 3, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) list_groups EXAMPLE [2016/04/20 14:01:44.879313, 1, pid=2301, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) wbint_QueryGroupList: struct wbint_QueryGroupList in: struct wbint_QueryGroupList [2016/04/20 14:01:44.879345, 1, pid=2301, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) wbint_QueryGroupList: struct wbint_QueryGroupList out: struct wbint_QueryGroupList groups : * groups: struct wbint_Principals num_principals : 0 principals: ARRAY(0) result : NT_STATUS_IO_TIMEOUT [2016/04/20 14:01:44.879368, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) Domain EXAMPLE returned 0 groups [2016/04/20 14:01:44.879373, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) list_groups for domain EXAMPLE failed [2016/04/20 14:01:44.879378, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) wb_request_done[2429:LIST_GROUPS]: NT_STATUS_OK ###End /var/log/samba/winbind.log - after "wbinfo -g" ### Hope that helps, as quite a lot of people are expiriencing the same issue. I missed to provide information about the distributions used for testing - CentOS 7.2, Debian Jessie 8.4 Regards, Dimitar> Date: Tue, 19 Apr 2016 08:40:45 -0500 > From: amartin at xes-inc.com > To: dimitar.hristov at outlook.com > CC: samba at lists.samba.org > Subject: Re: [Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10 > > I am also having this issue, however in my case it is worse - samba shares do not work > and "getent passwd <domain user>" also does not work. I tried adding the following to the > "[global]" section of my smb.conf as suggested elsewhere, but no improvement: > client ldap sasl wrapping = plain > > My smb.conf is very similar to yours, however I also have the following options set: > encrypt passwords = true > winbind nss info = rfc2307 > > Thanks, > > Andrew > > ----- Original Message ----- > > From: "Dimitar Hristov" <dimitar.hristov at outlook.com> > > To: samba at lists.samba.org > > Sent: Tuesday, April 19, 2016 8:23:50 AM > > Subject: [Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10 > > > > Hi list, > > > > > > > > > > > > After the badlock patching of all samba machines in our organization > > (all of them are domain members), some functionalities have stopped > > working, more particularly: > > > > > > - wbinfo -g (no output at all) > > > > > > - wbinfo -u (no output at all) > > > > > > - getent passwd (displays only local users) > > > > > > - getent group > > > > > > > > > > > > working functionalities: > > > > > > - samba shares are still accessible, with appropriate users set as > > "valid", "write users" etc > > > > > > - getent passwd <domain user> > > > > > > - wbinfo --name-to-sid > > > > > > > > > > > > > > > > > > Configuration files: > > > > > > - /etc/samba/smb.conf > > > > > > [global] > > > > > > workgroup = EXAMPLE > > > > > > realm = EXAMPLE.COM > > > > > > security = ADS > > > > > > dedicated keytab file = /etc/krb5.keytab > > > > > > kerberos method = secrets and keytab > > > > > > log file = /var/log/samba/%m.log > > > > > > load printers = No > > > > > > printcap name = /dev/null > > > > > > winbind separator = + > > > > > > winbind enum users = Yes > > > > > > winbind enum groups = Yes > > > > > > winbind use default domain = Yes > > > > > > winbind refresh tickets = Yes > > > > > > idmap config example : backend = ad > > > > > > idmap config * : backend = tdb > > > > > > printing = bsd > > > > > > > > > > > > - /etc/krb5.conf > > > > > > [logging] > > > > > > default = FILE:/var/log/krb5libs.log > > > > > > kdc = FILE:/var/log/krb5kdc.log > > > > > > admin_server = FILE:/var/log/kadmind.log > > > > > > > > > > > > [libdefaults] > > > > > > dns_lookup_kdc = false > > > > > > dns_lookup_realm = false > > > > > > ticket_lifetime = 24h > > > > > > renew_lifetime = 7d > > > > > > forwardable = true > > > > > > rdns = false > > > > > > default_realm = EXAMPLE.COM > > > > > > default_ccache_name = KEYRING:persistent:%{uid} > > > > > > > > > > > > [realms] > > > > > > EXAMPLE.COM = { > > > > > > kdc = example-adc01.example.com > > > > > > admin_server = example-adc01.example.com > > > > > > } > > > > > > > > > > > > [domain_realm] > > > > > > .example.com = EXAMPLE.COM > > > > > > example.com = EXAMPLE.COM > > > > > > > > > > > > - /etc/nsswitch.conf > > > > > > > > > > > > passwd: files winbind > > > > > > shadow: files winbind > > > > > > group: files winbind > > > > > > initgroups: files > > > > > > > > > > > > hosts: files dns myhostname > > > > > > > > > > > > bootparams: nisplus [NOTFOUND=return] files > > > > > > > > > > > > ethers: files > > > > > > netmasks: files > > > > > > networks: files > > > > > > protocols: files winbind > > > > > > rpc: files winbind > > > > > > services: files winbind > > > > > > > > > > > > netgroup: nisplus sss > > > > > > > > > > > > publickey: nisplus > > > > > > > > > > > > automount: files nisplus > > > > > > aliases: files nisplus > > > > > > > > > > > > Installed packages: > > > > > > - working environment > > > > > > samba-4.2.3-12.el7_2.x86_64 > > > > > > samba-common-4.2.3-12.el7_2.noarch > > > > > > samba-winbind-modules-4.2.3-12.el7_2.x86_64 > > > > > > samba-winbind-clients-4.2.3-12.el7_2.x86_64 > > > > > > samba-common-tools-4.2.3-12.el7_2.x86_64 > > > > > > samba-common-libs-4.2.3-12.el7_2.x86_64 > > > > > > samba-winbind-4.2.3-12.el7_2.x86_64 > > > > > > samba-libs-4.2.3-12.el7_2.x86_64 > > > > > > samba-client-libs-4.2.3-12.el7_2.x86_64 > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > - not working (after the update) > > > > > > samba-winbind-4.2.10-6.el7_2.x86_64 > > > > > > samba-libs-4.2.10-6.el7_2.x86_64 > > > > > > samba-common-4.2.10-6.el7_2.noarch > > > > > > samba-client-libs-4.2.10-6.el7_2.x86_64 > > > > > > samba-winbind-modules-4.2.10-6.el7_2.x86_64 > > > > > > samba-winbind-clients-4.2.10-6.el7_2.x86_64 > > > > > > samba-common-tools-4.2.10-6.el7_2.x86_64 > > > > > > samba-common-libs-4.2.10-6.el7_2.x86_64 > > > > > > samba-4.2.10-6.el7_2.x86_64 > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > --------------------- > > > > > > > > > > > > Partial log output after "wbinfo -g" - > > /var/log/samba/winbind.log: > > > > > > > > > > > > [2016/04/19 14:58:40.635486, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > process_request: Handling async request 3640:LIST_GROUPS > > > > > > [2016/04/19 14:58:40.635501, 3, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) > > > > > > list_groups EXAMPLE > > > > > > [2016/04/19 14:58:40.635520, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > in: struct wbint_QueryGroupList > > > > > > [2016/04/19 14:58:42.112485, 10, pid=3634, effective(0, 0), real(0, > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from > > 3635 > > > > > > [2016/04/19 14:58:42.112513, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > [2016/04/19 14:58:42.113574, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > out: struct wbint_QueryGroupList > > > > > > groups : * > > > > > > groups: struct wbint_Principals > > > > > > num_principals : 0 > > > > > > principals: ARRAY(0) > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > [2016/04/19 14:58:42.113616, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) > > > > > > Domain EXAMPLE returned 0 groups > > > > > > [2016/04/19 14:58:42.113623, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) > > > > > > list_groups for domain EXAMPLE failed > > > > > > [2016/04/19 14:58:42.113630, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > wb_request_done[3640:LIST_GROUPS]: NT_STATUS_OK > > > > > > [2016/04/19 14:58:42.113649, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > winbind_client_response_written[3640:LIST_GROUPS]: delivered > > response to client > > > > > > [2016/04/19 14:58:42.114552, 6, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > closing socket 28, client exited > > > > > > [2016/04/19 14:59:13.272624, 10, pid=3634, effective(0, 0), real(0, > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from > > 3635 > > > > > > [2016/04/19 14:59:13.272656, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > Partial log output after "wbinfo -u" - > > /var/log/samba/winbind.log: > > > > > > > > > > > > [2016/04/19 15:03:25.308776, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > process_request: Handling async request 3666:LIST_USERS > > > > > > [2016/04/19 15:03:25.308788, 3, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) > > > > > > list_users EXAMPLE > > > > > > [2016/04/19 15:03:25.308808, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > in: struct wbint_QueryUserList > > > > > > [2016/04/19 15:03:29.418016, 10, pid=3634, effective(0, 0), real(0, > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from > > 3635 > > > > > > [2016/04/19 15:03:29.418040, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > [2016/04/19 15:03:29.418101, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > out: struct wbint_QueryUserList > > > > > > users : * > > > > > > users: struct wbint_userinfos > > > > > > num_userinfos : 0x00000000 (0) > > > > > > userinfos: ARRAY(0) > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > [2016/04/19 15:03:29.418172, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) > > > > > > Domain EXAMPLE returned 0 users > > > > > > [2016/04/19 15:03:29.418180, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) > > > > > > List_users for domain EXAMPLE failed > > > > > > [2016/04/19 15:03:29.418187, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > wb_request_done[3666:LIST_USERS]: NT_STATUS_OK > > > > > > [2016/04/19 15:03:29.418206, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > winbind_client_response_written[3666:LIST_USERS]: delivered > > response to client > > > > > > [2016/04/19 15:03:29.420295, 6, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > closing socket 28, client exited > > > > > > [2016/04/19 15:04:00.414647, 10, pid=3634, effective(0, 0), real(0, > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from > > 3635 > > > > > > [2016/04/19 15:04:00.414669, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > Partial log output after "getent passwd" - > > /var/log/samba/winbind.log (the local users get displayed, > > domain users - do not): > > > > > > > > > > > > [2016/04/19 15:04:41.367195, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > process_request: Handling async request 3673:GETPWENT > > > > > > [2016/04/19 15:04:41.367208, 3, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_getpwent.c:50(winbindd_getpwent_send) > > > > > > [ 3673]: getpwent > > > > > > [2016/04/19 15:04:41.367307, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > in: struct wbint_QueryUserList > > > > > > [2016/04/19 15:04:41.367621, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > out: struct wbint_QueryUserList > > > > > > users : * > > > > > > users: struct wbint_userinfos > > > > > > num_userinfos : 0x00000000 (0) > > > > > > userinfos: ARRAY(0) > > > > > > result : NT_STATUS_OK > > > > > > [2016/04/19 15:04:41.367652, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/wb_query_user_list.c:69(wb_query_user_list_done) > > > > > > dcerpc_wbint_QueryUserList returned 0 users > > > > > > [2016/04/19 15:04:41.367661, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > in: struct wbint_QueryUserList > > > > > > [2016/04/19 15:04:41.367680, 1, pid=3634, effective(0, 0), real(0, > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > out: struct wbint_QueryUserList > > > > > > users : * > > > > > > users: struct wbint_userinfos > > > > > > num_userinfos : 0x00000000 (0) > > > > > > userinfos: ARRAY(0) > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > [2016/04/19 15:04:41.367700, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/wb_next_pwent.c:109(wb_next_pwent_fetch_done) > > > > > > query_user_list for domain EXAMPLE returned NT_STATUS_IO_TIMEOUT > > > > > > [2016/04/19 15:04:41.367707, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd_getpwent.c:95(winbindd_getpwent_done) > > > > > > winbindd_getpwent_done: done with 0 users > > > > > > [2016/04/19 15:04:41.367712, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > wb_request_done[3673:GETPWENT]: NT_STATUS_NO_MORE_ENTRIES > > > > > > [2016/04/19 15:04:41.367726, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > winbind_client_response_written[3673:GETPWENT]: delivered response > > to client > > > > > > [2016/04/19 15:04:41.367900, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > process_request: Handling async request 3673:ENDPWENT > > > > > > [2016/04/19 15:04:41.367916, 10, pid=3634, effective(0, 0), real(0, > > 0), class=winbind] > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > wb_request_done[3673:ENDPWENT]: NT_STATUS_OK > > > > > > > > > > > > I think that the issue is similar to the issues described by L.P.H. > > van Belle and Luca Bertoncello. > > > > > > > > > > > > The Domain Controllers are MS Windows Server 2012 R2, AD Scheme is > > 2012. > > > > > > > > > > > > Any ideas on how to solve this? > > > > > > > > > > > > Thanks, > > > > > > Dimitar > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Dimitar Hristov
2016-Apr-20 14:18 UTC
[Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
Hi list, Some more useful information - I compiled 4.2.11 on CentOS 7.2, and tested with the same configuration files and AD DC, running on MS Windows 2012 R2. The issue still remains. Regards, Dimitar> From: dimitar.hristov at outlook.com > To: amartin at xes-inc.com > Date: Wed, 20 Apr 2016 13:23:05 +0200 > CC: samba at lists.samba.org > Subject: Re: [Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10 > > Hi list, > > I'd like to update you on the issue, as I did some more tests. First, I've added some directives to smb.conf (in italic): > > [global] > netbios name = testserver > security = ADS > workgroup = EXAMPLE > realm = EXAMPLE.COM > log file = /var/log/samba/%m.log > log level = 10 > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > winbind refresh tickets = yes > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind separator = + > client ldap sasl wrapping = plain > idmap config EXAMPLE : backend = ad > idmap config EXAMPLE:schema_mode = rfc2307 > idmap config EXAMPLE:range = 10000-99999 > winbind nss info = rfc2307 > load printers = no > printing = bsd > printcap name = /dev/null > > > With "client ldap sasl wrapping = plain" set, the domain doesn't go "offline". This can be seen by comparing the partial log output after "wbinfo -g", with the one in my first email. > > Also, I have tested joining a newly provisioned machine to the domain with 4.2.3 and 4.2.10 - it works without any issues when using 4.2.3, and it doesn't work with 4.2.10. I used "net ads join" with debuglevel=1, please see the output (working one - with 4.2.3, and not working - with 4.2.10): > > ### Join with samba 4.2.10### > > net ads join -U Administrator --debuglevel=1 > Enter Administrator's password: > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'TESTSERVER' > domain_name : * > domain_name : 'EXAMPLE.COM' > account_ou : NULL > admin_account : 'Administrator' > admin_domain : NULL > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'EXAMPLE' > dns_domain_name : 'example.com' > forest_name : 'example.com' > dn : NULL > domain_sid : * > domain_sid : S-1-5-21-1214440339-1979792683-1801674531 > modified_config : 0x00 (0) > error_string : 'Failed to set machine spn: Time limit exceeded > Do you have sufficient permissions to create machine accounts?' > domain_is_ad : 0x01 (1) > result : WERR_GENERAL_FAILURE > Failed to join domain: Failed to set machine spn: Time limit exceeded > Do you have sufficient permissions to create machine accounts? > > ### End join with samba 4.2.10 ### > > ### Join with samba 4.2.3 ### > > net ads join -U Administrator --debuglevel=1 > Enter Administrator's password: > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'TESTSERVER' > domain_name : * > domain_name : 'EXAMPLE.COM' > account_ou : NULL > admin_account : 'Administrator' > admin_domain : NULL > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'EXAMPLE' > dns_domain_name : 'example.com' > forest_name : 'example.com' > dn : 'CN=testserver,OU=DefaultBin,DC=example,DC=com' > domain_sid : * > domain_sid : S-1-5-21-1214440339-1979792683-1801674531 > modified_config : 0x00 (0) > error_string : NULL > domain_is_ad : 0x01 (1) > result : WERR_OK > Using short domain name -- EXAMPLE > Joined 'TESTSERVER' to dns domain 'example.com' > > ### End join with samba 4.2.3 ### > > ###/var/log/samba/winbind.log - after "wbinfo -g"### > > [2016/04/20 14:01:44.879293, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request) > process_request: Handling async request 2429:LIST_GROUPS > [2016/04/20 14:01:44.879299, 3, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) > list_groups EXAMPLE > [2016/04/20 14:01:44.879313, 1, pid=2301, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryGroupList: struct wbint_QueryGroupList > in: struct wbint_QueryGroupList > [2016/04/20 14:01:44.879345, 1, pid=2301, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryGroupList: struct wbint_QueryGroupList > out: struct wbint_QueryGroupList > groups : * > groups: struct wbint_Principals > num_principals : 0 > principals: ARRAY(0) > result : NT_STATUS_IO_TIMEOUT > [2016/04/20 14:01:44.879368, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) > Domain EXAMPLE returned 0 groups > [2016/04/20 14:01:44.879373, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) > list_groups for domain EXAMPLE failed > [2016/04/20 14:01:44.879378, 10, pid=2301, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) > wb_request_done[2429:LIST_GROUPS]: NT_STATUS_OK > > ###End /var/log/samba/winbind.log - after "wbinfo -g" ### > > Hope that helps, as quite a lot of people are expiriencing the same issue. I missed to provide information about the distributions used for testing - CentOS 7.2, Debian Jessie 8.4 > > Regards, > Dimitar > > > > Date: Tue, 19 Apr 2016 08:40:45 -0500 > > From: amartin at xes-inc.com > > To: dimitar.hristov at outlook.com > > CC: samba at lists.samba.org > > Subject: Re: [Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10 > > > > I am also having this issue, however in my case it is worse - samba shares do not work > > and "getent passwd <domain user>" also does not work. I tried adding the following to the > > "[global]" section of my smb.conf as suggested elsewhere, but no improvement: > > client ldap sasl wrapping = plain > > > > My smb.conf is very similar to yours, however I also have the following options set: > > encrypt passwords = true > > winbind nss info = rfc2307 > > > > Thanks, > > > > Andrew > > > > ----- Original Message ----- > > > From: "Dimitar Hristov" <dimitar.hristov at outlook.com> > > > To: samba at lists.samba.org > > > Sent: Tuesday, April 19, 2016 8:23:50 AM > > > Subject: [Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10 > > > > > > Hi list, > > > > > > > > > > > > > > > > > > After the badlock patching of all samba machines in our organization > > > (all of them are domain members), some functionalities have stopped > > > working, more particularly: > > > > > > > > > - wbinfo -g (no output at all) > > > > > > > > > - wbinfo -u (no output at all) > > > > > > > > > - getent passwd (displays only local users) > > > > > > > > > - getent group > > > > > > > > > > > > > > > > > > working functionalities: > > > > > > > > > - samba shares are still accessible, with appropriate users set as > > > "valid", "write users" etc > > > > > > > > > - getent passwd <domain user> > > > > > > > > > - wbinfo --name-to-sid > > > > > > > > > > > > > > > > > > > > > > > > > > > Configuration files: > > > > > > > > > - /etc/samba/smb.conf > > > > > > > > > [global] > > > > > > > > > workgroup = EXAMPLE > > > > > > > > > realm = EXAMPLE.COM > > > > > > > > > security = ADS > > > > > > > > > dedicated keytab file = /etc/krb5.keytab > > > > > > > > > kerberos method = secrets and keytab > > > > > > > > > log file = /var/log/samba/%m.log > > > > > > > > > load printers = No > > > > > > > > > printcap name = /dev/null > > > > > > > > > winbind separator = + > > > > > > > > > winbind enum users = Yes > > > > > > > > > winbind enum groups = Yes > > > > > > > > > winbind use default domain = Yes > > > > > > > > > winbind refresh tickets = Yes > > > > > > > > > idmap config example : backend = ad > > > > > > > > > idmap config * : backend = tdb > > > > > > > > > printing = bsd > > > > > > > > > > > > > > > > > > - /etc/krb5.conf > > > > > > > > > [logging] > > > > > > > > > default = FILE:/var/log/krb5libs.log > > > > > > > > > kdc = FILE:/var/log/krb5kdc.log > > > > > > > > > admin_server = FILE:/var/log/kadmind.log > > > > > > > > > > > > > > > > > > [libdefaults] > > > > > > > > > dns_lookup_kdc = false > > > > > > > > > dns_lookup_realm = false > > > > > > > > > ticket_lifetime = 24h > > > > > > > > > renew_lifetime = 7d > > > > > > > > > forwardable = true > > > > > > > > > rdns = false > > > > > > > > > default_realm = EXAMPLE.COM > > > > > > > > > default_ccache_name = KEYRING:persistent:%{uid} > > > > > > > > > > > > > > > > > > [realms] > > > > > > > > > EXAMPLE.COM = { > > > > > > > > > kdc = example-adc01.example.com > > > > > > > > > admin_server = example-adc01.example.com > > > > > > > > > } > > > > > > > > > > > > > > > > > > [domain_realm] > > > > > > > > > .example.com = EXAMPLE.COM > > > > > > > > > example.com = EXAMPLE.COM > > > > > > > > > > > > > > > > > > - /etc/nsswitch.conf > > > > > > > > > > > > > > > > > > passwd: files winbind > > > > > > > > > shadow: files winbind > > > > > > > > > group: files winbind > > > > > > > > > initgroups: files > > > > > > > > > > > > > > > > > > hosts: files dns myhostname > > > > > > > > > > > > > > > > > > bootparams: nisplus [NOTFOUND=return] files > > > > > > > > > > > > > > > > > > ethers: files > > > > > > > > > netmasks: files > > > > > > > > > networks: files > > > > > > > > > protocols: files winbind > > > > > > > > > rpc: files winbind > > > > > > > > > services: files winbind > > > > > > > > > > > > > > > > > > netgroup: nisplus sss > > > > > > > > > > > > > > > > > > publickey: nisplus > > > > > > > > > > > > > > > > > > automount: files nisplus > > > > > > > > > aliases: files nisplus > > > > > > > > > > > > > > > > > > Installed packages: > > > > > > > > > - working environment > > > > > > > > > samba-4.2.3-12.el7_2.x86_64 > > > > > > > > > samba-common-4.2.3-12.el7_2.noarch > > > > > > > > > samba-winbind-modules-4.2.3-12.el7_2.x86_64 > > > > > > > > > samba-winbind-clients-4.2.3-12.el7_2.x86_64 > > > > > > > > > samba-common-tools-4.2.3-12.el7_2.x86_64 > > > > > > > > > samba-common-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > samba-winbind-4.2.3-12.el7_2.x86_64 > > > > > > > > > samba-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > samba-client-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > > > > - not working (after the update) > > > > > > > > > samba-winbind-4.2.10-6.el7_2.x86_64 > > > > > > > > > samba-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > samba-common-4.2.10-6.el7_2.noarch > > > > > > > > > samba-client-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > samba-winbind-modules-4.2.10-6.el7_2.x86_64 > > > > > > > > > samba-winbind-clients-4.2.10-6.el7_2.x86_64 > > > > > > > > > samba-common-tools-4.2.10-6.el7_2.x86_64 > > > > > > > > > samba-common-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > samba-4.2.10-6.el7_2.x86_64 > > > > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > > > > --------------------- > > > > > > > > > > > > > > > > > > Partial log output after "wbinfo -g" - > > > /var/log/samba/winbind.log: > > > > > > > > > > > > > > > > > > [2016/04/19 14:58:40.635486, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > process_request: Handling async request 3640:LIST_GROUPS > > > > > > > > > [2016/04/19 14:58:40.635501, 3, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) > > > > > > > > > list_groups EXAMPLE > > > > > > > > > [2016/04/19 14:58:40.635520, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > > > > in: struct wbint_QueryGroupList > > > > > > > > > [2016/04/19 14:58:42.112485, 10, pid=3634, effective(0, 0), real(0, > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from > > > 3635 > > > > > > > > > [2016/04/19 14:58:42.112513, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > > > > [2016/04/19 14:58:42.113574, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > > > > out: struct wbint_QueryGroupList > > > > > > > > > groups : * > > > > > > > > > groups: struct wbint_Principals > > > > > > > > > num_principals : 0 > > > > > > > > > principals: ARRAY(0) > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > [2016/04/19 14:58:42.113616, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) > > > > > > > > > Domain EXAMPLE returned 0 groups > > > > > > > > > [2016/04/19 14:58:42.113623, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) > > > > > > > > > list_groups for domain EXAMPLE failed > > > > > > > > > [2016/04/19 14:58:42.113630, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > wb_request_done[3640:LIST_GROUPS]: NT_STATUS_OK > > > > > > > > > [2016/04/19 14:58:42.113649, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > winbind_client_response_written[3640:LIST_GROUPS]: delivered > > > response to client > > > > > > > > > [2016/04/19 14:58:42.114552, 6, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > > > > closing socket 28, client exited > > > > > > > > > [2016/04/19 14:59:13.272624, 10, pid=3634, effective(0, 0), real(0, > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from > > > 3635 > > > > > > > > > [2016/04/19 14:59:13.272656, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > > > > > > Partial log output after "wbinfo -u" - > > > /var/log/samba/winbind.log: > > > > > > > > > > > > > > > > > > [2016/04/19 15:03:25.308776, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > process_request: Handling async request 3666:LIST_USERS > > > > > > > > > [2016/04/19 15:03:25.308788, 3, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) > > > > > > > > > list_users EXAMPLE > > > > > > > > > [2016/04/19 15:03:25.308808, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > [2016/04/19 15:03:29.418016, 10, pid=3634, effective(0, 0), real(0, > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from > > > 3635 > > > > > > > > > [2016/04/19 15:03:29.418040, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > > > > [2016/04/19 15:03:29.418101, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > users : * > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > [2016/04/19 15:03:29.418172, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) > > > > > > > > > Domain EXAMPLE returned 0 users > > > > > > > > > [2016/04/19 15:03:29.418180, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) > > > > > > > > > List_users for domain EXAMPLE failed > > > > > > > > > [2016/04/19 15:03:29.418187, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > wb_request_done[3666:LIST_USERS]: NT_STATUS_OK > > > > > > > > > [2016/04/19 15:03:29.418206, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > winbind_client_response_written[3666:LIST_USERS]: delivered > > > response to client > > > > > > > > > [2016/04/19 15:03:29.420295, 6, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > > > > closing socket 28, client exited > > > > > > > > > [2016/04/19 15:04:00.414647, 10, pid=3634, effective(0, 0), real(0, > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from > > > 3635 > > > > > > > > > [2016/04/19 15:04:00.414669, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > > > > > > Partial log output after "getent passwd" - > > > /var/log/samba/winbind.log (the local users get displayed, > > > domain users - do not): > > > > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367195, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > process_request: Handling async request 3673:GETPWENT > > > > > > > > > [2016/04/19 15:04:41.367208, 3, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_getpwent.c:50(winbindd_getpwent_send) > > > > > > > > > [ 3673]: getpwent > > > > > > > > > [2016/04/19 15:04:41.367307, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > [2016/04/19 15:04:41.367621, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > users : * > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > result : NT_STATUS_OK > > > > > > > > > [2016/04/19 15:04:41.367652, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/wb_query_user_list.c:69(wb_query_user_list_done) > > > > > > > > > dcerpc_wbint_QueryUserList returned 0 users > > > > > > > > > [2016/04/19 15:04:41.367661, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > [2016/04/19 15:04:41.367680, 1, pid=3634, effective(0, 0), real(0, > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > users : * > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > [2016/04/19 15:04:41.367700, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/wb_next_pwent.c:109(wb_next_pwent_fetch_done) > > > > > > > > > query_user_list for domain EXAMPLE returned NT_STATUS_IO_TIMEOUT > > > > > > > > > [2016/04/19 15:04:41.367707, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd_getpwent.c:95(winbindd_getpwent_done) > > > > > > > > > winbindd_getpwent_done: done with 0 users > > > > > > > > > [2016/04/19 15:04:41.367712, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > wb_request_done[3673:GETPWENT]: NT_STATUS_NO_MORE_ENTRIES > > > > > > > > > [2016/04/19 15:04:41.367726, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > winbind_client_response_written[3673:GETPWENT]: delivered response > > > to client > > > > > > > > > [2016/04/19 15:04:41.367900, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > process_request: Handling async request 3673:ENDPWENT > > > > > > > > > [2016/04/19 15:04:41.367916, 10, pid=3634, effective(0, 0), real(0, > > > 0), class=winbind] > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > wb_request_done[3673:ENDPWENT]: NT_STATUS_OK > > > > > > > > > > > > > > > > > > I think that the issue is similar to the issues described by L.P.H. > > > van Belle and Luca Bertoncello. > > > > > > > > > > > > > > > > > > The Domain Controllers are MS Windows Server 2012 R2, AD Scheme is > > > 2012. > > > > > > > > > > > > > > > > > > Any ideas on how to solve this? > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > Dimitar > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Sketch
2016-Apr-20 14:30 UTC
[Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
On Wed, 20 Apr 2016, Dimitar Hristov wrote:> Some more useful information - I compiled 4.2.11 on CentOS 7.2, and tested with the same configuration files and AD DC, running on MS Windows 2012 R2.Not really useful. CentOS's 4.2.10 is effectively 4.2.11. Same with Debian. They just applied the security patches which made up 4.2.11 to 4.2.10, without bumping the version number. Presumably because they already had the patches for internal testing for some time, and 4.2.11 was released the same day that distros (and Samba) did their coordinated security update release.
L.P.H. van Belle
2016-Apr-20 16:10 UTC
[Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
Hai, Test again but now install 4.4.2>> All versions below 4.4.2 are affected i.m.o. <<My guess, bad patch somewhere, I do think security-2016-04-12-prerequisite-v4-4-regression-fixes.metze01.txt is the problem, since this is the only patch i remove from the debian patches. (compaired to the samba 4.4.2 from source and the 4.4.1 from debian) (!! Above works for me, i dont know what i did there.. so at own risk. !!) That said, now try/do the following. ;-) On the dc, set temporarly ldap server require strong auth = no On the member Add the line : client ldap sasl wrapping = plain Now on the member, check wbinfo -g, wbinfo -u, With the wbinfo -u, You see a "long" delay, wait for it, you should get output. Now change The line : client ldap sasl wrapping = plain To The line : client ldap sasl wrapping = seal Restart samba and winbind Again wbinfo -g wbinfo -u , you should see output here again. Now change The line : client ldap sasl wrapping = seal To The line : client ldap sasl wrapping = sign Restart samba and winbind Again wbinfo -g wbinfo -u , you should see output here again. So now remove the line, since client ldap sasl wrapping = sign is the default, should be working from this point. Now set the server settting back to yes. And it should still be working now. I tested above now on 6 servers, all keep working. Dont ask why above works, im not a coder.. but it works for me. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dimitar Hristov > Verzonden: woensdag 20 april 2016 16:18 > Aan: Andrew Martin > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] wbinfo -u, wbinfo -g not working after samba update > from 4.2.3 to 4.2.10 > > Hi list, > > Some more useful information - I compiled 4.2.11 on CentOS 7.2, and tested > with the same configuration files and AD DC, running on MS Windows 2012 > R2. > > The issue still remains. > > Regards, > Dimitar > > > > From: dimitar.hristov at outlook.com > > To: amartin at xes-inc.com > > Date: Wed, 20 Apr 2016 13:23:05 +0200 > > CC: samba at lists.samba.org > > Subject: Re: [Samba] wbinfo -u, wbinfo -g not working after samba update > from 4.2.3 to 4.2.10 > > > > Hi list, > > > > I'd like to update you on the issue, as I did some more tests. First, > I've added some directives to smb.conf (in italic): > > > > [global] > > netbios name = testserver > > security = ADS > > workgroup = EXAMPLE > > realm = EXAMPLE.COM > > log file = /var/log/samba/%m.log > > log level = 10 > > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > > winbind refresh tickets = yes > > winbind trusted domains only = no > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > winbind separator = + > > client ldap sasl wrapping = plain > > idmap config EXAMPLE : backend = ad > > idmap config EXAMPLE:schema_mode = rfc2307 > > idmap config EXAMPLE:range = 10000-99999 > > winbind nss info = rfc2307 > > load printers = no > > printing = bsd > > printcap name = /dev/null > > > > > > With "client ldap sasl wrapping = plain" set, the domain doesn't go > "offline". This can be seen by comparing the partial log output after > "wbinfo -g", with the one in my first email. > > > > Also, I have tested joining a newly provisioned machine to the domain > with 4.2.3 and 4.2.10 - it works without any issues when using 4.2.3, and > it doesn't work with 4.2.10. I used "net ads join" with debuglevel=1, > please see the output (working one - with 4.2.3, and not working - with > 4.2.10): > > > > ### Join with samba 4.2.10### > > > > net ads join -U Administrator --debuglevel=1 > > Enter Administrator's password: > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > in: struct libnet_JoinCtx > > dc_name : NULL > > machine_name : 'TESTSERVER' > > domain_name : * > > domain_name : 'EXAMPLE.COM' > > account_ou : NULL > > admin_account : 'Administrator' > > admin_domain : NULL > > machine_password : NULL > > join_flags : 0x00000023 (35) > > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > > os_version : NULL > > os_name : NULL > > create_upn : 0x00 (0) > > upn : NULL > > modify_config : 0x00 (0) > > ads : NULL > > debug : 0x01 (1) > > use_kerberos : 0x00 (0) > > secure_channel_type : SEC_CHAN_WKSTA (2) > > Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > out: struct libnet_JoinCtx > > account_name : NULL > > netbios_domain_name : 'EXAMPLE' > > dns_domain_name : 'example.com' > > forest_name : 'example.com' > > dn : NULL > > domain_sid : * > > domain_sid : S-1-5-21-1214440339- > 1979792683-1801674531 > > modified_config : 0x00 (0) > > error_string : 'Failed to set machine spn: Time > limit exceeded > > Do you have sufficient permissions to create machine accounts?' > > domain_is_ad : 0x01 (1) > > result : WERR_GENERAL_FAILURE > > Failed to join domain: Failed to set machine spn: Time limit exceeded > > Do you have sufficient permissions to create machine accounts? > > > > ### End join with samba 4.2.10 ### > > > > ### Join with samba 4.2.3 ### > > > > net ads join -U Administrator --debuglevel=1 > > Enter Administrator's password: > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > in: struct libnet_JoinCtx > > dc_name : NULL > > machine_name : 'TESTSERVER' > > domain_name : * > > domain_name : 'EXAMPLE.COM' > > account_ou : NULL > > admin_account : 'Administrator' > > admin_domain : NULL > > machine_password : NULL > > join_flags : 0x00000023 (35) > > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > > os_version : NULL > > os_name : NULL > > create_upn : 0x00 (0) > > upn : NULL > > modify_config : 0x00 (0) > > ads : NULL > > debug : 0x01 (1) > > use_kerberos : 0x00 (0) > > secure_channel_type : SEC_CHAN_WKSTA (2) > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > out: struct libnet_JoinCtx > > account_name : NULL > > netbios_domain_name : 'EXAMPLE' > > dns_domain_name : 'example.com' > > forest_name : 'example.com' > > dn : > 'CN=testserver,OU=DefaultBin,DC=example,DC=com' > > domain_sid : * > > domain_sid : S-1-5-21-1214440339- > 1979792683-1801674531 > > modified_config : 0x00 (0) > > error_string : NULL > > domain_is_ad : 0x01 (1) > > result : WERR_OK > > Using short domain name -- EXAMPLE > > Joined 'TESTSERVER' to dns domain 'example.com' > > > > ### End join with samba 4.2.3 ### > > > > ###/var/log/samba/winbind.log - after "wbinfo -g"### > > > > [2016/04/20 14:01:44.879293, 10, pid=2301, effective(0, 0), real(0, 0), > class=winbind] ../source3/winbindd/winbindd.c:725(process_request) > > process_request: Handling async request 2429:LIST_GROUPS > > [2016/04/20 14:01:44.879299, 3, pid=2301, effective(0, 0), real(0, 0), > class=winbind] > ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) > > list_groups EXAMPLE > > [2016/04/20 14:01:44.879313, 1, pid=2301, effective(0, 0), real(0, 0)] > ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > wbint_QueryGroupList: struct wbint_QueryGroupList > > in: struct wbint_QueryGroupList > > [2016/04/20 14:01:44.879345, 1, pid=2301, effective(0, 0), real(0, 0)] > ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > wbint_QueryGroupList: struct wbint_QueryGroupList > > out: struct wbint_QueryGroupList > > groups : * > > groups: struct wbint_Principals > > num_principals : 0 > > principals: ARRAY(0) > > result : NT_STATUS_IO_TIMEOUT > > [2016/04/20 14:01:44.879368, 10, pid=2301, effective(0, 0), real(0, 0), > class=winbind] > ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) > > Domain EXAMPLE returned 0 groups > > [2016/04/20 14:01:44.879373, 10, pid=2301, effective(0, 0), real(0, 0), > class=winbind] > ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) > > list_groups for domain EXAMPLE failed > > [2016/04/20 14:01:44.879378, 10, pid=2301, effective(0, 0), real(0, 0), > class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) > > wb_request_done[2429:LIST_GROUPS]: NT_STATUS_OK > > > > ###End /var/log/samba/winbind.log - after "wbinfo -g" ### > > > > Hope that helps, as quite a lot of people are expiriencing the same > issue. I missed to provide information about the distributions used for > testing - CentOS 7.2, Debian Jessie 8.4 > > > > Regards, > > Dimitar > > > > > > > Date: Tue, 19 Apr 2016 08:40:45 -0500 > > > From: amartin at xes-inc.com > > > To: dimitar.hristov at outlook.com > > > CC: samba at lists.samba.org > > > Subject: Re: [Samba] wbinfo -u, wbinfo -g not working after samba > update from 4.2.3 to 4.2.10 > > > > > > I am also having this issue, however in my case it is worse - samba > shares do not work > > > and "getent passwd <domain user>" also does not work. I tried adding > the following to the > > > "[global]" section of my smb.conf as suggested elsewhere, but no > improvement: > > > client ldap sasl wrapping = plain > > > > > > My smb.conf is very similar to yours, however I also have the > following options set: > > > encrypt passwords = true > > > winbind nss info = rfc2307 > > > > > > Thanks, > > > > > > Andrew > > > > > > ----- Original Message ----- > > > > From: "Dimitar Hristov" <dimitar.hristov at outlook.com> > > > > To: samba at lists.samba.org > > > > Sent: Tuesday, April 19, 2016 8:23:50 AM > > > > Subject: [Samba] wbinfo -u, wbinfo -g not working after samba update > from 4.2.3 to 4.2.10 > > > > > > > > Hi list, > > > > > > > > > > > > > > > > > > > > > > > > After the badlock patching of all samba machines in our > organization > > > > (all of them are domain members), some functionalities have > stopped > > > > working, more particularly: > > > > > > > > > > > > - wbinfo -g (no output at all) > > > > > > > > > > > > - wbinfo -u (no output at all) > > > > > > > > > > > > - getent passwd (displays only local users) > > > > > > > > > > > > - getent group > > > > > > > > > > > > > > > > > > > > > > > > working functionalities: > > > > > > > > > > > > - samba shares are still accessible, with appropriate users set > as > > > > "valid", "write users" etc > > > > > > > > > > > > - getent passwd <domain user> > > > > > > > > > > > > - wbinfo --name-to-sid > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Configuration files: > > > > > > > > > > > > - /etc/samba/smb.conf > > > > > > > > > > > > [global] > > > > > > > > > > > > workgroup = EXAMPLE > > > > > > > > > > > > realm = EXAMPLE.COM > > > > > > > > > > > > security = ADS > > > > > > > > > > > > dedicated keytab file = /etc/krb5.keytab > > > > > > > > > > > > kerberos method = secrets and keytab > > > > > > > > > > > > log file = /var/log/samba/%m.log > > > > > > > > > > > > load printers = No > > > > > > > > > > > > printcap name = /dev/null > > > > > > > > > > > > winbind separator = + > > > > > > > > > > > > winbind enum users = Yes > > > > > > > > > > > > winbind enum groups = Yes > > > > > > > > > > > > winbind use default domain = Yes > > > > > > > > > > > > winbind refresh tickets = Yes > > > > > > > > > > > > idmap config example : backend = ad > > > > > > > > > > > > idmap config * : backend = tdb > > > > > > > > > > > > printing = bsd > > > > > > > > > > > > > > > > > > > > > > > > - /etc/krb5.conf > > > > > > > > > > > > [logging] > > > > > > > > > > > > default = FILE:/var/log/krb5libs.log > > > > > > > > > > > > kdc = FILE:/var/log/krb5kdc.log > > > > > > > > > > > > admin_server = FILE:/var/log/kadmind.log > > > > > > > > > > > > > > > > > > > > > > > > [libdefaults] > > > > > > > > > > > > dns_lookup_kdc = false > > > > > > > > > > > > dns_lookup_realm = false > > > > > > > > > > > > ticket_lifetime = 24h > > > > > > > > > > > > renew_lifetime = 7d > > > > > > > > > > > > forwardable = true > > > > > > > > > > > > rdns = false > > > > > > > > > > > > default_realm = EXAMPLE.COM > > > > > > > > > > > > default_ccache_name = KEYRING:persistent:%{uid} > > > > > > > > > > > > > > > > > > > > > > > > [realms] > > > > > > > > > > > > EXAMPLE.COM = { > > > > > > > > > > > > kdc = example-adc01.example.com > > > > > > > > > > > > admin_server = example-adc01.example.com > > > > > > > > > > > > } > > > > > > > > > > > > > > > > > > > > > > > > [domain_realm] > > > > > > > > > > > > .example.com = EXAMPLE.COM > > > > > > > > > > > > example.com = EXAMPLE.COM > > > > > > > > > > > > > > > > > > > > > > > > - /etc/nsswitch.conf > > > > > > > > > > > > > > > > > > > > > > > > passwd: files winbind > > > > > > > > > > > > shadow: files winbind > > > > > > > > > > > > group: files winbind > > > > > > > > > > > > initgroups: files > > > > > > > > > > > > > > > > > > > > > > > > hosts: files dns myhostname > > > > > > > > > > > > > > > > > > > > > > > > bootparams: nisplus [NOTFOUND=return] files > > > > > > > > > > > > > > > > > > > > > > > > ethers: files > > > > > > > > > > > > netmasks: files > > > > > > > > > > > > networks: files > > > > > > > > > > > > protocols: files winbind > > > > > > > > > > > > rpc: files winbind > > > > > > > > > > > > services: files winbind > > > > > > > > > > > > > > > > > > > > > > > > netgroup: nisplus sss > > > > > > > > > > > > > > > > > > > > > > > > publickey: nisplus > > > > > > > > > > > > > > > > > > > > > > > > automount: files nisplus > > > > > > > > > > > > aliases: files nisplus > > > > > > > > > > > > > > > > > > > > > > > > Installed packages: > > > > > > > > > > > > - working environment > > > > > > > > > > > > samba-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > samba-common-4.2.3-12.el7_2.noarch > > > > > > > > > > > > samba-winbind-modules-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > samba-winbind-clients-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > samba-common-tools-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > samba-common-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > samba-winbind-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > samba-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > samba-client-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > > > > > > > > > > - not working (after the update) > > > > > > > > > > > > samba-winbind-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > samba-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > samba-common-4.2.10-6.el7_2.noarch > > > > > > > > > > > > samba-client-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > samba-winbind-modules-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > samba-winbind-clients-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > samba-common-tools-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > samba-common-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > samba-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > > > > > > > > > > --------------------- > > > > > > > > > > > > > > > > > > > > > > > > Partial log output after "wbinfo -g" - > > > > /var/log/samba/winbind.log: > > > > > > > > > > > > > > > > > > > > > > > > [2016/04/19 14:58:40.635486, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > process_request: Handling async request 3640:LIST_GROUPS > > > > > > > > > > > > [2016/04/19 14:58:40.635501, 3, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) > > > > > > > > > > > > list_groups EXAMPLE > > > > > > > > > > > > [2016/04/19 14:58:40.635520, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > > > > > > > in: struct wbint_QueryGroupList > > > > > > > > > > > > [2016/04/19 14:58:42.112485, 10, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) > from > > > > 3635 > > > > > > > > > > > > [2016/04/19 14:58:42.112513, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > > > > > > > [2016/04/19 14:58:42.113574, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > > > > > > > out: struct wbint_QueryGroupList > > > > > > > > > > > > groups : * > > > > > > > > > > > > groups: struct wbint_Principals > > > > > > > > > > > > num_principals : 0 > > > > > > > > > > > > principals: ARRAY(0) > > > > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > [2016/04/19 14:58:42.113616, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) > > > > > > > > > > > > Domain EXAMPLE returned 0 groups > > > > > > > > > > > > [2016/04/19 14:58:42.113623, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) > > > > > > > > > > > > list_groups for domain EXAMPLE failed > > > > > > > > > > > > [2016/04/19 14:58:42.113630, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > wb_request_done[3640:LIST_GROUPS]: NT_STATUS_OK > > > > > > > > > > > > [2016/04/19 14:58:42.113649, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > > > > winbind_client_response_written[3640:LIST_GROUPS]: delivered > > > > response to client > > > > > > > > > > > > [2016/04/19 14:58:42.114552, 6, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > > > > > > > closing socket 28, client exited > > > > > > > > > > > > [2016/04/19 14:59:13.272624, 10, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) > from > > > > 3635 > > > > > > > > > > > > [2016/04/19 14:59:13.272656, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > > > > > > > > > > > Partial log output after "wbinfo -u" - > > > > /var/log/samba/winbind.log: > > > > > > > > > > > > > > > > > > > > > > > > [2016/04/19 15:03:25.308776, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > process_request: Handling async request 3666:LIST_USERS > > > > > > > > > > > > [2016/04/19 15:03:25.308788, 3, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) > > > > > > > > > > > > list_users EXAMPLE > > > > > > > > > > > > [2016/04/19 15:03:25.308808, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > > > > [2016/04/19 15:03:29.418016, 10, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) > from > > > > 3635 > > > > > > > > > > > > [2016/04/19 15:03:29.418040, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > > > > > > > [2016/04/19 15:03:29.418101, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > > > > users : * > > > > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > [2016/04/19 15:03:29.418172, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) > > > > > > > > > > > > Domain EXAMPLE returned 0 users > > > > > > > > > > > > [2016/04/19 15:03:29.418180, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) > > > > > > > > > > > > List_users for domain EXAMPLE failed > > > > > > > > > > > > [2016/04/19 15:03:29.418187, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > wb_request_done[3666:LIST_USERS]: NT_STATUS_OK > > > > > > > > > > > > [2016/04/19 15:03:29.418206, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > > > > winbind_client_response_written[3666:LIST_USERS]: delivered > > > > response to client > > > > > > > > > > > > [2016/04/19 15:03:29.420295, 6, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > > > > > > > closing socket 28, client exited > > > > > > > > > > > > [2016/04/19 15:04:00.414647, 10, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) > from > > > > 3635 > > > > > > > > > > > > [2016/04/19 15:04:00.414669, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > > > > > > > > > > > Partial log output after "getent passwd" - > > > > /var/log/samba/winbind.log (the local users get displayed, > > > > domain users - do not): > > > > > > > > > > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367195, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > process_request: Handling async request 3673:GETPWENT > > > > > > > > > > > > [2016/04/19 15:04:41.367208, 3, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_getpwent.c:50(winbindd_getpwent_send) > > > > > > > > > > > > [ 3673]: getpwent > > > > > > > > > > > > [2016/04/19 15:04:41.367307, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > > > > [2016/04/19 15:04:41.367621, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > > > > users : * > > > > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > > > > result : NT_STATUS_OK > > > > > > > > > > > > [2016/04/19 15:04:41.367652, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/wb_query_user_list.c:69(wb_query_user_list_done) > > > > > > > > > > > > dcerpc_wbint_QueryUserList returned 0 users > > > > > > > > > > > > [2016/04/19 15:04:41.367661, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > > > > [2016/04/19 15:04:41.367680, 1, pid=3634, effective(0, 0), > real(0, > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > > > > users : * > > > > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > [2016/04/19 15:04:41.367700, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/wb_next_pwent.c:109(wb_next_pwent_fetch_done) > > > > > > > > > > > > query_user_list for domain EXAMPLE returned > NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > [2016/04/19 15:04:41.367707, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd_getpwent.c:95(winbindd_getpwent_done) > > > > > > > > > > > > winbindd_getpwent_done: done with 0 users > > > > > > > > > > > > [2016/04/19 15:04:41.367712, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > wb_request_done[3673:GETPWENT]: NT_STATUS_NO_MORE_ENTRIES > > > > > > > > > > > > [2016/04/19 15:04:41.367726, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > > > > winbind_client_response_written[3673:GETPWENT]: delivered > response > > > > to client > > > > > > > > > > > > [2016/04/19 15:04:41.367900, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > process_request: Handling async request 3673:ENDPWENT > > > > > > > > > > > > [2016/04/19 15:04:41.367916, 10, pid=3634, effective(0, 0), > real(0, > > > > 0), class=winbind] > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > wb_request_done[3673:ENDPWENT]: NT_STATUS_OK > > > > > > > > > > > > > > > > > > > > > > > > I think that the issue is similar to the issues described by > L.P.H. > > > > van Belle and Luca Bertoncello. > > > > > > > > > > > > > > > > > > > > > > > > The Domain Controllers are MS Windows Server 2012 R2, AD Scheme > is > > > > 2012. > > > > > > > > > > > > > > > > > > > > > > > > Any ideas on how to solve this? > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Dimitar > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Jeff Sadowski
2016-Apr-20 21:43 UTC
[Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
interesting my problem is not the same but similar wbinfo -u worked before my upgrade from samba 4.1.6 to 4.3.8 (ubuntu) when I did wbinfo -u before the switch I got a list of users and when I did wbinfo -g before the switch I got a list of groups. After the switch I got nothing for a wbinfo -u but a list of groups when I do a wbinfo -g I tried setting the option client ldap sasl wrapping = plain and now wbinfo -u I get "Error looking up domain users" the other 2 steps resuled back to no users but groups still work for me. On Wed, Apr 20, 2016 at 10:10 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:> Hai, > > Test again but now install 4.4.2 > >> All versions below 4.4.2 are affected i.m.o. << > > My guess, bad patch somewhere, I do think > security-2016-04-12-prerequisite-v4-4-regression-fixes.metze01.txt > is the problem, since this is the only patch i remove from the debian > patches. > (compaired to the samba 4.4.2 from source and the 4.4.1 from debian) > (!! Above works for me, i dont know what i did there.. so at own risk. !!) > > > That said, now try/do the following. ;-) > > On the dc, set temporarly > ldap server require strong auth = no > > On the member > Add the line : client ldap sasl wrapping = plain > > Now on the member, check wbinfo -g, wbinfo -u, > With the wbinfo -u, You see a "long" delay, wait for it, > you should get output. > > Now change > The line : client ldap sasl wrapping = plain > To > The line : client ldap sasl wrapping = seal > Restart samba and winbind > Again wbinfo -g wbinfo -u , you should see output here again. > > Now change > The line : client ldap sasl wrapping = seal > To > The line : client ldap sasl wrapping = sign > > Restart samba and winbind > Again wbinfo -g wbinfo -u , you should see output here again. > > So now remove the line, since > client ldap sasl wrapping = sign is the default, should be working from > this point. > > Now set the server settting back to yes. > And it should still be working now. > > I tested above now on 6 servers, all keep working. > Dont ask why above works, im not a coder.. but it works for me. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dimitar Hristov > > Verzonden: woensdag 20 april 2016 16:18 > > Aan: Andrew Martin > > CC: samba at lists.samba.org > > Onderwerp: Re: [Samba] wbinfo -u, wbinfo -g not working after samba > update > > from 4.2.3 to 4.2.10 > > > > Hi list, > > > > Some more useful information - I compiled 4.2.11 on CentOS 7.2, and > tested > > with the same configuration files and AD DC, running on MS Windows 2012 > > R2. > > > > The issue still remains. > > > > Regards, > > Dimitar > > > > > > > From: dimitar.hristov at outlook.com > > > To: amartin at xes-inc.com > > > Date: Wed, 20 Apr 2016 13:23:05 +0200 > > > CC: samba at lists.samba.org > > > Subject: Re: [Samba] wbinfo -u, wbinfo -g not working after samba > update > > from 4.2.3 to 4.2.10 > > > > > > Hi list, > > > > > > I'd like to update you on the issue, as I did some more tests. First, > > I've added some directives to smb.conf (in italic): > > > > > > [global] > > > netbios name = testserver > > > security = ADS > > > workgroup = EXAMPLE > > > realm = EXAMPLE.COM > > > log file = /var/log/samba/%m.log > > > log level = 10 > > > dedicated keytab file = /etc/krb5.keytab > > > kerberos method = secrets and keytab > > > winbind refresh tickets = yes > > > winbind trusted domains only = no > > > winbind use default domain = yes > > > winbind enum users = yes > > > winbind enum groups = yes > > > winbind separator = + > > > client ldap sasl wrapping = plain > > > idmap config EXAMPLE : backend = ad > > > idmap config EXAMPLE:schema_mode = rfc2307 > > > idmap config EXAMPLE:range = 10000-99999 > > > winbind nss info = rfc2307 > > > load printers = no > > > printing = bsd > > > printcap name = /dev/null > > > > > > > > > With "client ldap sasl wrapping = plain" set, the domain doesn't go > > "offline". This can be seen by comparing the partial log output after > > "wbinfo -g", with the one in my first email. > > > > > > Also, I have tested joining a newly provisioned machine to the domain > > with 4.2.3 and 4.2.10 - it works without any issues when using 4.2.3, and > > it doesn't work with 4.2.10. I used "net ads join" with debuglevel=1, > > please see the output (working one - with 4.2.3, and not working - with > > 4.2.10): > > > > > > ### Join with samba 4.2.10### > > > > > > net ads join -U Administrator --debuglevel=1 > > > Enter Administrator's password: > > > libnet_Join: > > > libnet_JoinCtx: struct libnet_JoinCtx > > > in: struct libnet_JoinCtx > > > dc_name : NULL > > > machine_name : 'TESTSERVER' > > > domain_name : * > > > domain_name : 'EXAMPLE.COM' > > > account_ou : NULL > > > admin_account : 'Administrator' > > > admin_domain : NULL > > > machine_password : NULL > > > join_flags : 0x00000023 (35) > > > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > > > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > > > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > > > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > > > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > > > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > > > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > > > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > > > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > > > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > > > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > > > os_version : NULL > > > os_name : NULL > > > create_upn : 0x00 (0) > > > upn : NULL > > > modify_config : 0x00 (0) > > > ads : NULL > > > debug : 0x01 (1) > > > use_kerberos : 0x00 (0) > > > secure_channel_type : SEC_CHAN_WKSTA (2) > > > Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR > > > libnet_Join: > > > libnet_JoinCtx: struct libnet_JoinCtx > > > out: struct libnet_JoinCtx > > > account_name : NULL > > > netbios_domain_name : 'EXAMPLE' > > > dns_domain_name : 'example.com' > > > forest_name : 'example.com' > > > dn : NULL > > > domain_sid : * > > > domain_sid : S-1-5-21-1214440339- > > 1979792683-1801674531 > > > modified_config : 0x00 (0) > > > error_string : 'Failed to set machine spn: Time > > limit exceeded > > > Do you have sufficient permissions to create machine accounts?' > > > domain_is_ad : 0x01 (1) > > > result : WERR_GENERAL_FAILURE > > > Failed to join domain: Failed to set machine spn: Time limit exceeded > > > Do you have sufficient permissions to create machine accounts? > > > > > > ### End join with samba 4.2.10 ### > > > > > > ### Join with samba 4.2.3 ### > > > > > > net ads join -U Administrator --debuglevel=1 > > > Enter Administrator's password: > > > libnet_Join: > > > libnet_JoinCtx: struct libnet_JoinCtx > > > in: struct libnet_JoinCtx > > > dc_name : NULL > > > machine_name : 'TESTSERVER' > > > domain_name : * > > > domain_name : 'EXAMPLE.COM' > > > account_ou : NULL > > > admin_account : 'Administrator' > > > admin_domain : NULL > > > machine_password : NULL > > > join_flags : 0x00000023 (35) > > > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > > > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > > > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > > > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > > > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > > > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > > > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > > > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > > > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > > > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > > > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > > > os_version : NULL > > > os_name : NULL > > > create_upn : 0x00 (0) > > > upn : NULL > > > modify_config : 0x00 (0) > > > ads : NULL > > > debug : 0x01 (1) > > > use_kerberos : 0x00 (0) > > > secure_channel_type : SEC_CHAN_WKSTA (2) > > > libnet_Join: > > > libnet_JoinCtx: struct libnet_JoinCtx > > > out: struct libnet_JoinCtx > > > account_name : NULL > > > netbios_domain_name : 'EXAMPLE' > > > dns_domain_name : 'example.com' > > > forest_name : 'example.com' > > > dn : > > 'CN=testserver,OU=DefaultBin,DC=example,DC=com' > > > domain_sid : * > > > domain_sid : S-1-5-21-1214440339- > > 1979792683-1801674531 > > > modified_config : 0x00 (0) > > > error_string : NULL > > > domain_is_ad : 0x01 (1) > > > result : WERR_OK > > > Using short domain name -- EXAMPLE > > > Joined 'TESTSERVER' to dns domain 'example.com' > > > > > > ### End join with samba 4.2.3 ### > > > > > > ###/var/log/samba/winbind.log - after "wbinfo -g"### > > > > > > [2016/04/20 14:01:44.879293, 10, pid=2301, effective(0, 0), real(0, 0), > > class=winbind] ../source3/winbindd/winbindd.c:725(process_request) > > > process_request: Handling async request 2429:LIST_GROUPS > > > [2016/04/20 14:01:44.879299, 3, pid=2301, effective(0, 0), real(0, 0), > > class=winbind] > > ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) > > > list_groups EXAMPLE > > > [2016/04/20 14:01:44.879313, 1, pid=2301, effective(0, 0), real(0, 0)] > > ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > in: struct wbint_QueryGroupList > > > [2016/04/20 14:01:44.879345, 1, pid=2301, effective(0, 0), real(0, 0)] > > ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > out: struct wbint_QueryGroupList > > > groups : * > > > groups: struct wbint_Principals > > > num_principals : 0 > > > principals: ARRAY(0) > > > result : NT_STATUS_IO_TIMEOUT > > > [2016/04/20 14:01:44.879368, 10, pid=2301, effective(0, 0), real(0, 0), > > class=winbind] > > ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) > > > Domain EXAMPLE returned 0 groups > > > [2016/04/20 14:01:44.879373, 10, pid=2301, effective(0, 0), real(0, 0), > > class=winbind] > > ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) > > > list_groups for domain EXAMPLE failed > > > [2016/04/20 14:01:44.879378, 10, pid=2301, effective(0, 0), real(0, 0), > > class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) > > > wb_request_done[2429:LIST_GROUPS]: NT_STATUS_OK > > > > > > ###End /var/log/samba/winbind.log - after "wbinfo -g" ### > > > > > > Hope that helps, as quite a lot of people are expiriencing the same > > issue. I missed to provide information about the distributions used for > > testing - CentOS 7.2, Debian Jessie 8.4 > > > > > > Regards, > > > Dimitar > > > > > > > > > > Date: Tue, 19 Apr 2016 08:40:45 -0500 > > > > From: amartin at xes-inc.com > > > > To: dimitar.hristov at outlook.com > > > > CC: samba at lists.samba.org > > > > Subject: Re: [Samba] wbinfo -u, wbinfo -g not working after samba > > update from 4.2.3 to 4.2.10 > > > > > > > > I am also having this issue, however in my case it is worse - samba > > shares do not work > > > > and "getent passwd <domain user>" also does not work. I tried adding > > the following to the > > > > "[global]" section of my smb.conf as suggested elsewhere, but no > > improvement: > > > > client ldap sasl wrapping = plain > > > > > > > > My smb.conf is very similar to yours, however I also have the > > following options set: > > > > encrypt passwords = true > > > > winbind nss info = rfc2307 > > > > > > > > Thanks, > > > > > > > > Andrew > > > > > > > > ----- Original Message ----- > > > > > From: "Dimitar Hristov" <dimitar.hristov at outlook.com> > > > > > To: samba at lists.samba.org > > > > > Sent: Tuesday, April 19, 2016 8:23:50 AM > > > > > Subject: [Samba] wbinfo -u, wbinfo -g not working after samba > update > > from 4.2.3 to 4.2.10 > > > > > > > > > > Hi list, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > After the badlock patching of all samba machines in our > > organization > > > > > (all of them are domain members), some functionalities have > > stopped > > > > > working, more particularly: > > > > > > > > > > > > > > > - wbinfo -g (no output at all) > > > > > > > > > > > > > > > - wbinfo -u (no output at all) > > > > > > > > > > > > > > > - getent passwd (displays only local users) > > > > > > > > > > > > > > > - getent group > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > working functionalities: > > > > > > > > > > > > > > > - samba shares are still accessible, with appropriate users set > > as > > > > > "valid", "write users" etc > > > > > > > > > > > > > > > - getent passwd <domain user> > > > > > > > > > > > > > > > - wbinfo --name-to-sid > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Configuration files: > > > > > > > > > > > > > > > - /etc/samba/smb.conf > > > > > > > > > > > > > > > [global] > > > > > > > > > > > > > > > workgroup = EXAMPLE > > > > > > > > > > > > > > > realm = EXAMPLE.COM > > > > > > > > > > > > > > > security = ADS > > > > > > > > > > > > > > > dedicated keytab file = /etc/krb5.keytab > > > > > > > > > > > > > > > kerberos method = secrets and keytab > > > > > > > > > > > > > > > log file = /var/log/samba/%m.log > > > > > > > > > > > > > > > load printers = No > > > > > > > > > > > > > > > printcap name = /dev/null > > > > > > > > > > > > > > > winbind separator = + > > > > > > > > > > > > > > > winbind enum users = Yes > > > > > > > > > > > > > > > winbind enum groups = Yes > > > > > > > > > > > > > > > winbind use default domain = Yes > > > > > > > > > > > > > > > winbind refresh tickets = Yes > > > > > > > > > > > > > > > idmap config example : backend = ad > > > > > > > > > > > > > > > idmap config * : backend = tdb > > > > > > > > > > > > > > > printing = bsd > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - /etc/krb5.conf > > > > > > > > > > > > > > > [logging] > > > > > > > > > > > > > > > default = FILE:/var/log/krb5libs.log > > > > > > > > > > > > > > > kdc = FILE:/var/log/krb5kdc.log > > > > > > > > > > > > > > > admin_server = FILE:/var/log/kadmind.log > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [libdefaults] > > > > > > > > > > > > > > > dns_lookup_kdc = false > > > > > > > > > > > > > > > dns_lookup_realm = false > > > > > > > > > > > > > > > ticket_lifetime = 24h > > > > > > > > > > > > > > > renew_lifetime = 7d > > > > > > > > > > > > > > > forwardable = true > > > > > > > > > > > > > > > rdns = false > > > > > > > > > > > > > > > default_realm = EXAMPLE.COM > > > > > > > > > > > > > > > default_ccache_name = KEYRING:persistent:%{uid} > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [realms] > > > > > > > > > > > > > > > EXAMPLE.COM = { > > > > > > > > > > > > > > > kdc = example-adc01.example.com > > > > > > > > > > > > > > > admin_server = example-adc01.example.com > > > > > > > > > > > > > > > } > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [domain_realm] > > > > > > > > > > > > > > > .example.com = EXAMPLE.COM > > > > > > > > > > > > > > > example.com = EXAMPLE.COM > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - /etc/nsswitch.conf > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > passwd: files winbind > > > > > > > > > > > > > > > shadow: files winbind > > > > > > > > > > > > > > > group: files winbind > > > > > > > > > > > > > > > initgroups: files > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > hosts: files dns myhostname > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > bootparams: nisplus [NOTFOUND=return] files > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ethers: files > > > > > > > > > > > > > > > netmasks: files > > > > > > > > > > > > > > > networks: files > > > > > > > > > > > > > > > protocols: files winbind > > > > > > > > > > > > > > > rpc: files winbind > > > > > > > > > > > > > > > services: files winbind > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > netgroup: nisplus sss > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > publickey: nisplus > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > automount: files nisplus > > > > > > > > > > > > > > > aliases: files nisplus > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Installed packages: > > > > > > > > > > > > > > > - working environment > > > > > > > > > > > > > > > samba-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > samba-common-4.2.3-12.el7_2.noarch > > > > > > > > > > > > > > > samba-winbind-modules-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > samba-winbind-clients-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > samba-common-tools-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > samba-common-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > samba-winbind-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > samba-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > samba-client-libs-4.2.3-12.el7_2.x86_64 > > > > > > > > > > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - not working (after the update) > > > > > > > > > > > > > > > samba-winbind-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > samba-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > samba-common-4.2.10-6.el7_2.noarch > > > > > > > > > > > > > > > samba-client-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > samba-winbind-modules-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > samba-winbind-clients-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > samba-common-tools-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > samba-common-libs-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > samba-4.2.10-6.el7_2.x86_64 > > > > > > > > > > > > > > > krb5-workstation-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > krb5-libs-1.13.2-12.el7_2.x86_64 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Partial log output after "wbinfo -g" - > > > > > /var/log/samba/winbind.log: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [2016/04/19 14:58:40.635486, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > > > > process_request: Handling async request 3640:LIST_GROUPS > > > > > > > > > > > > > > > [2016/04/19 14:58:40.635501, 3, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send) > > > > > > > > > > > > > > > list_groups EXAMPLE > > > > > > > > > > > > > > > [2016/04/19 14:58:40.635520, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > > > > > > > > > > in: struct wbint_QueryGroupList > > > > > > > > > > > > > > > [2016/04/19 14:58:42.112485, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) > > from > > > > > 3635 > > > > > > > > > > > > > > > [2016/04/19 14:58:42.112513, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > > > > > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > > > > > > > > > > [2016/04/19 14:58:42.113574, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryGroupList: struct wbint_QueryGroupList > > > > > > > > > > > > > > > out: struct wbint_QueryGroupList > > > > > > > > > > > > > > > groups : * > > > > > > > > > > > > > > > groups: struct wbint_Principals > > > > > > > > > > > > > > > num_principals : 0 > > > > > > > > > > > > > > > principals: ARRAY(0) > > > > > > > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > > > > [2016/04/19 14:58:42.113616, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done) > > > > > > > > > > > > > > > Domain EXAMPLE returned 0 groups > > > > > > > > > > > > > > > [2016/04/19 14:58:42.113623, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done) > > > > > > > > > > > > > > > list_groups for domain EXAMPLE failed > > > > > > > > > > > > > > > [2016/04/19 14:58:42.113630, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > > > > wb_request_done[3640:LIST_GROUPS]: NT_STATUS_OK > > > > > > > > > > > > > > > [2016/04/19 14:58:42.113649, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > > > > > > > winbind_client_response_written[3640:LIST_GROUPS]: delivered > > > > > response to client > > > > > > > > > > > > > > > [2016/04/19 14:58:42.114552, 6, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > > > > > > > > > > closing socket 28, client exited > > > > > > > > > > > > > > > [2016/04/19 14:59:13.272624, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) > > from > > > > > 3635 > > > > > > > > > > > > > > > [2016/04/19 14:59:13.272656, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > > > > > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > > > > > > > > > > > > > > > > Partial log output after "wbinfo -u" - > > > > > /var/log/samba/winbind.log: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [2016/04/19 15:03:25.308776, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > > > > process_request: Handling async request 3666:LIST_USERS > > > > > > > > > > > > > > > [2016/04/19 15:03:25.308788, 3, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) > > > > > > > > > > > > > > > list_users EXAMPLE > > > > > > > > > > > > > > > [2016/04/19 15:03:25.308808, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > > > > > > > [2016/04/19 15:03:29.418016, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > > > > messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) > > from > > > > > 3635 > > > > > > > > > > > > > > > [2016/04/19 15:03:29.418040, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > > > > > > > > > > > > > > > Domain EXAMPLE is marked as offline now. > > > > > > > > > > > > > > > [2016/04/19 15:03:29.418101, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > > > > > > > users : * > > > > > > > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > > > > [2016/04/19 15:03:29.418172, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) > > > > > > > > > > > > > > > Domain EXAMPLE returned 0 users > > > > > > > > > > > > > > > [2016/04/19 15:03:29.418180, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) > > > > > > > > > > > > > > > List_users for domain EXAMPLE failed > > > > > > > > > > > > > > > [2016/04/19 15:03:29.418187, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > > > > wb_request_done[3666:LIST_USERS]: NT_STATUS_OK > > > > > > > > > > > > > > > [2016/04/19 15:03:29.418206, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > > > > > > > winbind_client_response_written[3666:LIST_USERS]: delivered > > > > > response to client > > > > > > > > > > > > > > > [2016/04/19 15:03:29.420295, 6, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:957(winbind_client_request_read) > > > > > > > > > > > > > > > closing socket 28, client exited > > > > > > > > > > > > > > > [2016/04/19 15:04:00.414647, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > > > > > > > > > > > > > > > messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) > > from > > > > > 3635 > > > > > > > > > > > > > > > [2016/04/19 15:04:00.414669, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online) > > > > > > > > > > > > > > > Domain EXAMPLE is marked as online now. > > > > > > > > > > > > > > > > > > > > > > > > > Partial log output after "getent passwd" - > > > > > /var/log/samba/winbind.log (the local users get > displayed, > > > > > domain users - do not): > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367195, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > > > > process_request: Handling async request 3673:GETPWENT > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367208, 3, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_getpwent.c:50(winbindd_getpwent_send) > > > > > > > > > > > > > > > [ 3673]: getpwent > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367307, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367621, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > > > > > > > users : * > > > > > > > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > > > > > > > result : NT_STATUS_OK > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367652, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/wb_query_user_list.c:69(wb_query_user_list_done) > > > > > > > > > > > > > > > dcerpc_wbint_QueryUserList returned 0 users > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367661, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > > > > in: struct wbint_QueryUserList > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367680, 1, pid=3634, effective(0, 0), > > real(0, > > > > > 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > > > > > > > > > > > > > > > wbint_QueryUserList: struct wbint_QueryUserList > > > > > > > > > > > > > > > out: struct wbint_QueryUserList > > > > > > > > > > > > > > > users : * > > > > > > > > > > > > > > > users: struct wbint_userinfos > > > > > > > > > > > > > > > num_userinfos : 0x00000000 (0) > > > > > > > > > > > > > > > userinfos: ARRAY(0) > > > > > > > > > > > > > > > result : NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367700, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/wb_next_pwent.c:109(wb_next_pwent_fetch_done) > > > > > > > > > > > > > > > query_user_list for domain EXAMPLE returned > > NT_STATUS_IO_TIMEOUT > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367707, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd_getpwent.c:95(winbindd_getpwent_done) > > > > > > > > > > > > > > > winbindd_getpwent_done: done with 0 users > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367712, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > > > > wb_request_done[3673:GETPWENT]: NT_STATUS_NO_MORE_ENTRIES > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367726, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > > > ../source3/winbindd/winbindd.c:851(winbind_client_response_written) > > > > > > > > > > > > > > > winbind_client_response_written[3673:GETPWENT]: delivered > > response > > > > > to client > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367900, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:725(process_request) > > > > > > > > > > > > > > > process_request: Handling async request 3673:ENDPWENT > > > > > > > > > > > > > > > [2016/04/19 15:04:41.367916, 10, pid=3634, effective(0, 0), > > real(0, > > > > > 0), class=winbind] > > > > > ../source3/winbindd/winbindd.c:787(wb_request_done) > > > > > > > > > > > > > > > wb_request_done[3673:ENDPWENT]: NT_STATUS_OK > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I think that the issue is similar to the issues described by > > L.P.H. > > > > > van Belle and Luca Bertoncello. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The Domain Controllers are MS Windows Server 2012 R2, AD Scheme > > is > > > > > 2012. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Any ideas on how to solve this? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > Dimitar > > > > > -- > > > > > To unsubscribe from this list go to the following URL and read the > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Maybe Matching Threads
- wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
- wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
- wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
- wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
- Problems after migration from samba 3.5.2 to samba 4.3.1