Alex Matthews
2017-May-25 12:25 UTC
[Samba] failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
Hiya, I've run into a problem on a Samba 4.5.8 active directory domain controller. The domain controller seems to work to authenticate against (I have a couple of domain members). However wbinfo throws an error when used locally. My configs are posted at the bottom of the page. # wbinfo -t checking the trust secret for domain SMC via RPC calls succeeded # wbinfo -u <list of domain users> # wbinfo -g <list of domain groups> nsswitch: passwd: compat winbind group: compat winbind # getent passwd <list of LOCAL users> # getent group <list of LOCAL groups> # wbinfo -i "testuser" failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user testuser # wbinfo -i "SMC\testuser" failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user SMC\testuser # wbinfo -n testuser S-1-5-21-1989633265-3966479559-1628277992-3078 # wbinfo -S S-1-5-21-1989633265-3966479559-1628277992-3078 10000 # wbinfo --user-sidinfo S-1-5-21-1989633265-3966479559-1628277992-3078 failed to call wbcGetpwsid: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user sid S-1-5-21-1989633265- 3966479559-1628277992-3078 smb.conf: https://pastebin.com/yWPtWrEF krb5.conf: https://pastebin.com/fYKGp0QQ Any thoughts? Thanks, Alex
Rowland Penny
2017-May-25 13:33 UTC
[Samba] failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
On Thu, 25 May 2017 13:25:15 +0100 Alex Matthews via samba <samba at lists.samba.org> wrote:> Hiya, > > I've run into a problem on a Samba 4.5.8 active directory domain > controller. The domain controller seems to work to authenticate > against (I have a couple of domain members). However wbinfo throws an > error when used locally. My configs are posted at the bottom of the > page. >Why do people add stuff to the smb.conf on a DC without really knowing what they are doing ??? wins support # Really, on a DC ? enumports command # Again, why ? dns forwarder # Only used with the internal dns server and you are using Bind9 You might as well remove the following lines, they are either default settings, do nothing on a DC or plain shouldn't be on a DC: winbind nss info = rfc2307 winbind trusted domains only = yes winbind use default domain = Yes winbind nested groups = Yes winbind max domain connections = 10 winbind sealed pipes = yes I know you have set up /etc/nsswitch.conf, but is libnss_winbind.so installed. Is PAM set up correctly ? what OS are you using ? Rowland
Alex Matthews
2017-May-26 11:21 UTC
[Samba] failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
>Why do people add stuff to the smb.conf on a DC without really knowing whatthey are doing ??? Why do people on mailing-lists always treat people who make mistakes like children? You patronising..... person.... Maybe you should consider that this smb.conf has been on a server for a long time and that servers roles have changed. wins support # From the pre AD days, perhaps? enumports command # because we use it dns forwarder # From a time where we used the internal DNS, perhaps?>You might as well remove the following lines, they are either default settings,do nothing on a DC or plain shouldn't be on a DC: Other than the ones that "plain shouldn't be on a DC" (you fail to mention which those are) why would I remove them? Yes, the libnss_winbind.so is in place. PAM is irrelevant in this situation. The OS is Arch Linux. So having taken your golden advice and removed those lines.... I am in exactly the same place I was when I first posted just in a slightly more disheartened mood at the community. On 25 May 2017 at 14:33, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Thu, 25 May 2017 13:25:15 +0100 > Alex Matthews via samba <samba at lists.samba.org> wrote: > > > Hiya, > > > > I've run into a problem on a Samba 4.5.8 active directory domain > > controller. The domain controller seems to work to authenticate > > against (I have a couple of domain members). However wbinfo throws an > > error when used locally. My configs are posted at the bottom of the > > page. > > > > Why do people add stuff to the smb.conf on a DC without really knowing > what they are doing ??? > > wins support # Really, on a DC ? > enumports command # Again, why ? > dns forwarder # Only used with the internal dns server and you are > using Bind9 > > You might as well remove the following lines, they are either default > settings, do nothing on a DC or plain shouldn't be on a DC: > > winbind nss info = rfc2307 > winbind trusted domains only = yes > winbind use default domain = Yes > winbind nested groups = Yes > winbind max domain connections = 10 > winbind sealed pipes = yes > > I know you have set up /etc/nsswitch.conf, but is libnss_winbind.so > installed. > > Is PAM set up correctly ? > > what OS are you using ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND
- failed to call wbcGetpwnam/wbcGetgrnam/wbcGetpwsid WBC_ERR_DOMAIN_NOT_FOUND