On 2016-06-09 at 10:17 -0400, Dennis Xu wrote:> Hi Michael, > > Thank you for your suggestion. > > I did clone the server. After the clone, the server was not > join to domain automatically, then I join the server to the > domain separately. I did not change the local sid. Should I > change that?Not necessarily: It is rather cosmetic and probably not the cause for your issue.> Actually I followed this process to clone the first server and > that server did not have the wbinfo -u issue. Then I tried to > clone other servers then I started to see this issue. I also > recently did a fresh install for a server and I have the same > issue for that server as well. > > I have attached the smb.confNote: the line 'idmap config ad' is not a correct samba option. But also this would not cause your issue.> and winbind logs(in debug level 10 and after "wbinfo -u" was issued).I'd also need to see log.wb-* (corresponding). But I can already see that the attempts to get the user's list times out. See below:> I use Samba for FreeRADIUS integration to authenticate PEAP > MS-CHAP2 wireless authentications against AD. The server seems > still can authenticate users. I am not sure if this "wbinfo -u" > issue will cause any authentication issues.Likely not. Here the important part from log.winbindd:> [2016/06/09 10:04:31.071983, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request) > process_request: Handling async request 11852:LIST_USERS > [2016/06/09 10:04:31.072016, 3, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) > list_users CFSMain winbind is asking the CFS child to list the CFS domain users.> [2016/06/09 10:04:31.072059, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryUserList: struct wbint_QueryUserList > in: struct wbint_QueryUserList > [2016/06/09 10:04:32.047364, 10, pid=11846, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > messaging_recv_cb: Received message 0x40c len 4 (num_fds:0) from 11847 > [2016/06/09 10:04:32.047421, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > Domain CFS is marked as offline now.Here I need to see the log.wb-CFS file, to see what the domain child is up to. But I suspect that the domain child can't contact any DCs and marks itself offline.> [2016/06/09 10:04:32.048320, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryUserList: struct wbint_QueryUserList > out: struct wbint_QueryUserList > users : * > users: struct wbint_userinfos > num_userinfos : 0x00000000 (0) > userinfos: ARRAY(0) > result : NT_STATUS_IO_TIMEOUTThe list users request to the CFS domain times out.> [2016/06/09 10:04:32.048409, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) > Domain CFS returned 0 users > [2016/06/09 10:04:32.048434, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) > List_users for domain CFS failed > [2016/06/09 10:04:32.048458, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) > wb_request_done[11852:LIST_USERS]: NT_STATUS_OKSo my guess is that there is some issue with finding and/or contacting domain controllers. More after we get the other log. Cheers - Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20160609/b367cba4/signature.sig>
>Note: the line 'idmap config ad' is not a correct samba option. >But also this would not cause your issue.I did not config this and I believe this comes from the default. Do you suggest to comment this out? I tried "wbinfo -u" and "wbinfo -g" again and attached the log.wb-CFS file. Sorry I forgot to mention, I did stop winbind, remove /var/lib/samba/winbindd_cache.tdb and start winbind again. That did not help. Thanks. Dennis ----- Original Message ----- From: "Michael Adam" <obnox at samba.org> To: "Dennis Xu" <dxu at uoguelph.ca> Cc: "samba" <samba at lists.samba.org> Sent: Thursday, June 9, 2016 11:47:18 AM Subject: Re: [Samba] wbinfo -u and -g gives no output On 2016-06-09 at 10:17 -0400, Dennis Xu wrote:> Hi Michael, > > Thank you for your suggestion. > > I did clone the server. After the clone, the server was not > join to domain automatically, then I join the server to the > domain separately. I did not change the local sid. Should I > change that?Not necessarily: It is rather cosmetic and probably not the cause for your issue.> Actually I followed this process to clone the first server and > that server did not have the wbinfo -u issue. Then I tried to > clone other servers then I started to see this issue. I also > recently did a fresh install for a server and I have the same > issue for that server as well. > > I have attached the smb.confNote: the line 'idmap config ad' is not a correct samba option. But also this would not cause your issue.> and winbind logs(in debug level 10 and after "wbinfo -u" was issued).I'd also need to see log.wb-* (corresponding). But I can already see that the attempts to get the user's list times out. See below:> I use Samba for FreeRADIUS integration to authenticate PEAP > MS-CHAP2 wireless authentications against AD. The server seems > still can authenticate users. I am not sure if this "wbinfo -u" > issue will cause any authentication issues.Likely not. Here the important part from log.winbindd:> [2016/06/09 10:04:31.071983, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request) > process_request: Handling async request 11852:LIST_USERS > [2016/06/09 10:04:31.072016, 3, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) > list_users CFSMain winbind is asking the CFS child to list the CFS domain users.> [2016/06/09 10:04:31.072059, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryUserList: struct wbint_QueryUserList > in: struct wbint_QueryUserList > [2016/06/09 10:04:32.047364, 10, pid=11846, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > messaging_recv_cb: Received message 0x40c len 4 (num_fds:0) from 11847 > [2016/06/09 10:04:32.047421, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > Domain CFS is marked as offline now.Here I need to see the log.wb-CFS file, to see what the domain child is up to. But I suspect that the domain child can't contact any DCs and marks itself offline.> [2016/06/09 10:04:32.048320, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryUserList: struct wbint_QueryUserList > out: struct wbint_QueryUserList > users : * > users: struct wbint_userinfos > num_userinfos : 0x00000000 (0) > userinfos: ARRAY(0) > result : NT_STATUS_IO_TIMEOUTThe list users request to the CFS domain times out.> [2016/06/09 10:04:32.048409, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) > Domain CFS returned 0 users > [2016/06/09 10:04:32.048434, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) > List_users for domain CFS failed > [2016/06/09 10:04:32.048458, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) > wb_request_done[11852:LIST_USERS]: NT_STATUS_OKSo my guess is that there is some issue with finding and/or contacting domain controllers. More after we get the other log. Cheers - Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: log.wb-CFS.txt URL: <http://lists.samba.org/pipermail/samba/attachments/20160609/1ac81cd8/log.wb-CFS.txt>
Hello, I see this error when trying "wbinfo -g": [2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args) ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded Any ideas about this? Thanks. ----- Original Message ----- From: "Dennis Xu" <dxu at uoguelph.ca> To: "Michael Adam" <obnox at samba.org> Cc: "samba" <samba at lists.samba.org> Sent: Thursday, June 9, 2016 2:02:04 PM Subject: Re: [Samba] wbinfo -u and -g gives no output>Note: the line 'idmap config ad' is not a correct samba option. >But also this would not cause your issue.I did not config this and I believe this comes from the default. Do you suggest to comment this out? I tried "wbinfo -u" and "wbinfo -g" again and attached the log.wb-CFS file. Sorry I forgot to mention, I did stop winbind, remove /var/lib/samba/winbindd_cache.tdb and start winbind again. That did not help. Thanks. Dennis ----- Original Message ----- From: "Michael Adam" <obnox at samba.org> To: "Dennis Xu" <dxu at uoguelph.ca> Cc: "samba" <samba at lists.samba.org> Sent: Thursday, June 9, 2016 11:47:18 AM Subject: Re: [Samba] wbinfo -u and -g gives no output On 2016-06-09 at 10:17 -0400, Dennis Xu wrote:> Hi Michael, > > Thank you for your suggestion. > > I did clone the server. After the clone, the server was not > join to domain automatically, then I join the server to the > domain separately. I did not change the local sid. Should I > change that?Not necessarily: It is rather cosmetic and probably not the cause for your issue.> Actually I followed this process to clone the first server and > that server did not have the wbinfo -u issue. Then I tried to > clone other servers then I started to see this issue. I also > recently did a fresh install for a server and I have the same > issue for that server as well. > > I have attached the smb.confNote: the line 'idmap config ad' is not a correct samba option. But also this would not cause your issue.> and winbind logs(in debug level 10 and after "wbinfo -u" was issued).I'd also need to see log.wb-* (corresponding). But I can already see that the attempts to get the user's list times out. See below:> I use Samba for FreeRADIUS integration to authenticate PEAP > MS-CHAP2 wireless authentications against AD. The server seems > still can authenticate users. I am not sure if this "wbinfo -u" > issue will cause any authentication issues.Likely not. Here the important part from log.winbindd:> [2016/06/09 10:04:31.071983, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request) > process_request: Handling async request 11852:LIST_USERS > [2016/06/09 10:04:31.072016, 3, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) > list_users CFSMain winbind is asking the CFS child to list the CFS domain users.> [2016/06/09 10:04:31.072059, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryUserList: struct wbint_QueryUserList > in: struct wbint_QueryUserList > [2016/06/09 10:04:32.047364, 10, pid=11846, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:252(messaging_recv_cb) > messaging_recv_cb: Received message 0x40c len 4 (num_fds:0) from 11847 > [2016/06/09 10:04:32.047421, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) > Domain CFS is marked as offline now.Here I need to see the log.wb-CFS file, to see what the domain child is up to. But I suspect that the domain child can't contact any DCs and marks itself offline.> [2016/06/09 10:04:32.048320, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_QueryUserList: struct wbint_QueryUserList > out: struct wbint_QueryUserList > users : * > users: struct wbint_userinfos > num_userinfos : 0x00000000 (0) > userinfos: ARRAY(0) > result : NT_STATUS_IO_TIMEOUTThe list users request to the CFS domain times out.> [2016/06/09 10:04:32.048409, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) > Domain CFS returned 0 users > [2016/06/09 10:04:32.048434, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) > List_users for domain CFS failed > [2016/06/09 10:04:32.048458, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) > wb_request_done[11852:LIST_USERS]: NT_STATUS_OKSo my guess is that there is some issue with finding and/or contacting domain controllers. More after we get the other log. Cheers - Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: log.wb-CFS.txt URL: <http://lists.samba.org/pipermail/samba/attachments/20160610/321ccda4/log.wb-CFS.txt>