[Samba] Samba4 migration issues (wbinfo errors and UPNs)
Ryan Bair
ryandbair at gmail.com
Tue Jul 16 11:04:13 MDT 2013
I migrated over a Samba 3/LDAP domain to Samba 4 in a test environment.
After a few bumps due to not having all my machine accounts as
posixAccounts and clashing user/group names, the migration went relatively
smoothly. Great work, Samba team!
I have a few standing issues that I haven't been able to shake out:
1. wbinfo returns various errors when run on the DC.
wbinfo -D MYDOMAIN returns a SID of S-1-2-3-4. Typing gibberish for the
domain name yields the same results.
wbinfo --dc-info= returns "Could not find dc info example.com". Using the
short name doesn't work either.
wbinfo -u/-g does work. As does getent passwd/group for domain users.
The `net` command generally works for the equivalent queries however. For
instance `net ads info` returns the correct information.
Running wbinfo queries from a member server DOES seem to always work.
2. UPNs don't work on the DC (wbinfo -i, getent, pam, etc). wbinfo -i
user at domain fails with:
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user user at example.com
UPNs do work on Samba 4 members however.
I did spotted this interesting bit in the log:
[2013/07/16 12:37:05.642113, 6, pid=6033, effective(0, 0), real(0, 0)]
../lib/u
til/util_ldb.c:60(gendb_search_v)
gendb_search_v: DC=ad,DC=tsasinc,DC=com (&(sAMAccountName=
rbair at example.com
)(objectSid=*)) -> 0
[2013/07/16 12:37:05.642192, 1, pid=6033, effective(0, 0), real(0, 0)]
../librp
c/ndr/ndr.c:282(ndr_print_function_debug)
lsa_LookupNames: struct lsa_LookupNames
out: struct lsa_LookupNames
domains : *
domains : *
domains: struct lsa_RefDomainList
count : 0x00000000 (0)
domains : NULL
max_size : 0x00000000 (0)
sids : *
sids: struct lsa_TransSidArray
count : 0x00000001 (1)
sids : *
sids: ARRAY(1)
sids: struct lsa_TranslatedSid
sid_type :
SID_NAME_UNKNOWN (8
)
rid : 0x00000000 (0)
sid_index : 0xffffffff
(4294967
295)
count : *
count : 0x00000000 (0)
result : NT_STATUS_NONE_MAPPED
That message only comes up when running wbinfo -i on the server, not on a
member. It feels a little off that its searching for the UPN in
sAMAccountName.
I'm using the sernet 4.0.7-4 packages on Centos 6.4 64bit, no Samba 3
binaries in sight. Samba logs all look clean. DNS, LDAP and Kerberos all
works as expected. I have a feeling that both issues have a common cause,
but have been unable to find it.
Any ideas on either of these issues?
Thanks
More information about the samba
mailing list