Rowland Penny
2017-Feb-18 19:12 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
On Sat, 18 Feb 2017 19:52:35 +0100 Emmanuel Florac <eflorac at intellique.com> wrote:> Le Sat, 18 Feb 2017 17:37:25 +0000 > Rowland Penny via samba <samba at lists.samba.org> écrivait: > > > Is 'winbind' installed and running ? > > > > Yes it is. Isn't "wbinfo" supposed to go through winbind anyway? > 'wbinfo -i TESTAD\\testuser' always returned something... >Yes, but you seem to have everything set up correctly and still doesn't work. I use Devuan and compile Samba myself and it just works. I will set up debian in a VM and install the OS Samba packages and see if I have problems, bear with me ;-) Rowland
Rowland Penny
2017-Feb-18 20:17 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
On Sat, 18 Feb 2017 19:12:39 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> I will set up debian in a VM and install the OS Samba packages and see > if I have problems, bear with me ;-) >OK, back with the result and it works for me ;-) Debian Jessie network install, no GUI, using DHCP to set ipaddress. Only change I made before installing Samba, was to comment the '127.0.1.1' line in /etc/hosts apt-get install samba acl attr quota fam winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools service smbd stop service nmbd stop service winbind stop /etc/samba/smb.conf [global] workgroup = SAMDOM security = ADS realm = SAMDOM.EXAMPLE.COM dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab server string = Samba 4 Client %h winbind use default domain = yes winbind expand groups = 4 winbind nss info = rfc2307 winbind refresh tickets = Yes winbind offline logon = yes winbind normalize names = Yes ## map ids outside of domain to tdb files. idmap config *:backend = tdb idmap config *:range = 2000-9999 ## map ids from the domain the ranges may not overlap ! idmap config SAMDOM : backend = rid idmap config SAMDOM : range = 10000-999999 template shell = /bin/bash template homedir = /home/SAMDOM/%U domain master = no local master = no preferred master = no os level = 20 map to guest = bad user host msdfs = no # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/user.map # For ACL support on domain member vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes # Share Setting Globally unix extensions = no reset on zero vc = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ hide unreadable = yes # disable printing completely load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes /etc/samba/user.map !root = SAMDOM\Administrator SAMDOM\administrator Administrator administrator samba -V Version 4.2.14-Debian /etc/krb5.conf [libdefaults] default_realm = SAMDOM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true chmod 644 /etc/krb5.conf net ads join -U Administrator Using short domain name -- SAMDOM Joined 'DEBMEMBER' to dns domain 'samdom.example.com' service smbd start service nmbd start service winbind start /etc/nsswitch.conf Add 'winbind' to the passwd & group lines 'getent passwd' displays all users, local and AD getent passwd rowland rowland:*:11107:10513:Rowland Penny:/home/rowland:/bin/bash Rowland
Emmanuel Florac
2017-Feb-18 21:26 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Le Sat, 18 Feb 2017 20:17:12 +0000 Rowland Penny via samba <samba at lists.samba.org> écrivait:> On Sat, 18 Feb 2017 19:12:39 +0000 > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > I will set up debian in a VM and install the OS Samba packages and > > see if I have problems, bear with me ;-) > > > > OK, back with the result and it works for me ;-) > > Debian Jessie network install, no GUI, using DHCP to set ipaddress. > > Only change I made before installing Samba, was to comment the > '127.0.1.1' line in /etc/hosts > > apt-get install samba acl attr quota fam > winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config > krb5-user ntp dnsutils ldb-tools > > service smbd stop > service nmbd stop > service winbind stop > > /etc/samba/smb.conf > > [global] > workgroup = SAMDOM > security = ADS > realm = SAMDOM.EXAMPLE.COM > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > server string = Samba 4 Client %h > > winbind use default domain = yes > winbind expand groups = 4 > winbind nss info = rfc2307 > winbind refresh tickets = Yes > winbind offline logon = yes > winbind normalize names = Yes > > ## map ids outside of domain to tdb files. > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > ## map ids from the domain the ranges may not overlap ! > idmap config SAMDOM : backend = rid > idmap config SAMDOM : range = 10000-999999 > template shell = /bin/bash > template homedir = /home/SAMDOM/%U > > domain master = no > local master = no > preferred master = no > os level = 20 > map to guest = bad user > host msdfs = no > > # user Administrator workaround, without it you are unable to set > privileges username map = /etc/samba/user.map > > # For ACL support on domain member > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > # Share Setting Globally > unix extensions = no > reset on zero vc = yes > veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ > hide unreadable = yes > > # disable printing completely > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > /etc/samba/user.map > > !root = SAMDOM\Administrator SAMDOM\administrator Administrator > administrator > > samba -V > Version 4.2.14-Debian > > /etc/krb5.conf > > [libdefaults] > default_realm = SAMDOM.EXAMPLE.COM > dns_lookup_realm = false > dns_lookup_kdc = true > > chmod 644 /etc/krb5.conf > > net ads join -U Administrator > Using short domain name -- SAMDOM > Joined 'DEBMEMBER' to dns domain 'samdom.example.com' > > service smbd start > service nmbd start > service winbind start > > /etc/nsswitch.conf > > Add 'winbind' to the passwd & group lines > > 'getent passwd' displays all users, local and AD > > getent passwd rowland > rowland:*:11107:10513:Rowland Penny:/home/rowland:/bin/bash >Ok thank you Rowland, monday I'll try resetting everything from scratch, deleting all tdb databases and stuff.. -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170218/4d42879c/attachment.sig>
Emmanuel Florac
2017-Feb-20 13:44 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Le Sat, 18 Feb 2017 20:17:12 +0000 Rowland Penny via samba <samba at lists.samba.org> écrivait:> Only change I made before installing Samba, was to comment the > '127.0.1.1' line in /etc/hostsTried again with your smb.conf and minimal changes, and it gets worse: [2017/02/20 14:42:19.048133, 0] ../lib/util/fault.c:78(fault_report) ==============================================================[2017/02/20 14:42:19.048207, 0] ../lib/util/fault.c:79(fault_report) INTERNAL ERROR: Signal 11 in pid 13435 (4.2.14-Debian) Please read the Trouble-Shooting section of the Samba HOWTO [2017/02/20 14:42:19.048239, 0] ../lib/util/fault.c:81(fault_report) ==============================================================[2017/02/20 14:42:19.048268, 0] ../source3/lib/util.c:788(smb_panic_s3) PANIC (pid 13435): internal error [2017/02/20 14:42:19.048934, 0] ../source3/lib/util.c:899(log_stack_trace) BACKTRACE: 36 stack frames: #0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f5dd3354efa] #1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f5dd3354fe0] #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f5dd5036e5f] #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x2407f) [0x7f5dd503707f] #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf890) [0x7f5dd525a890] #5 /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(krb5_storage_free+0x1) [0x7f5dc916eed1] #6 /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(+0x381d5) [0x7f5dc915b1d5] #7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x9126) [0x7f5dce5ac126] #8 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0xeb) [0x7f5dce5ac64b] #9 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xb23a) [0x7f5dce5ae23a] #10 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0xb1) [0x7f5dce38bbe1] #11 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_ops+0xc) [0x7f5dce38bd5c] #12 /usr/lib/x86_64-linux-gnu/libgensec.so.0(+0x9e42) [0x7f5dce37ce42] #13 /usr/lib/x86_64-linux-gnu/libgensec.so.0(+0xa6c6) [0x7f5dce37d6c6] #14 /usr/lib/x86_64-linux-gnu/libgensec.so.0(+0xb581) [0x7f5dce37e581] #15 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_update_ev+0x192) [0x7f5dce38ab62] #16 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_update+0x17) [0x7f5dce38aba7] #17 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(negprot_spnego+0x94) [0x7f5dd4ba9a94] #18 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0xcefdb) [0x7f5dd4ba9fdb] #19 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_negprot+0x4a2) [0x7f5dd4baa782] #20 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x125da3) [0x7f5dd4c00da3] #21 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x127b42) [0x7f5dd4c02b42] #22 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x12927d) [0x7f5dd4c0427d] #23 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x171) [0x7f5dd3375081] #24 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x4a2f7) [0x7f5dd33752f7] #25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f5dd1d5743d] #26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f5dd1d575db] #27 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x718) [0x7f5dd4c055d8] #28 /usr/sbin/smbd(+0xadd0) [0x55ae59c85dd0] #29 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x171) [0x7f5dd3375081] #30 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x4a2f7) [0x7f5dd33752f7] #31 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f5dd1d5743d] #32 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f5dd1d575db] #33 /usr/sbin/smbd(main+0x17e5) [0x55ae59c825e5] #34 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f5dd19c4b45] #35 /usr/sbin/smbd(+0x76e4) [0x55ae59c826e4] [2017/02/20 14:42:19.054274, 0] ../source3/lib/dumpcore.c:318(dump_core) dumping core in /var/log/samba/cores/smbd I'll try leaving the AD, cleaning up /var/lib/samba/*.tdb and join again... -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170220/794ba8a1/attachment.sig>
Apparently Analagous Threads
- wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
- wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
- wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
- wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
- weird messages in logs