[Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
Dimitar Hristov
dimitar.hristov at outlook.com
Tue Apr 19 13:23:50 UTC 2016
Hi list,
After the badlock patching of all samba machines in our organization
(all of them are domain members), some functionalities have stopped
working, more particularly:
- wbinfo -g (no output at all)
- wbinfo -u (no output at all)
- getent passwd (displays only local users)
- getent group
working functionalities:
- samba shares are still accessible, with appropriate users set as
"valid", "write users" etc
- getent passwd <domain user>
- wbinfo --name-to-sid
Configuration files:
- /etc/samba/smb.conf
[global]
workgroup = EXAMPLE
realm = EXAMPLE.COM
security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
load printers = No
printcap name = /dev/null
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
idmap config example : backend = ad
idmap config * : backend = tdb
printing = bsd
- /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
EXAMPLE.COM = {
kdc = example-adc01.example.com
admin_server = example-adc01.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
- /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
initgroups: files
hosts: files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files winbind
services: files winbind
netgroup: nisplus sss
publickey: nisplus
automount: files nisplus
aliases: files nisplus
Installed packages:
- working environment
samba-4.2.3-12.el7_2.x86_64
samba-common-4.2.3-12.el7_2.noarch
samba-winbind-modules-4.2.3-12.el7_2.x86_64
samba-winbind-clients-4.2.3-12.el7_2.x86_64
samba-common-tools-4.2.3-12.el7_2.x86_64
samba-common-libs-4.2.3-12.el7_2.x86_64
samba-winbind-4.2.3-12.el7_2.x86_64
samba-libs-4.2.3-12.el7_2.x86_64
samba-client-libs-4.2.3-12.el7_2.x86_64
krb5-workstation-1.13.2-12.el7_2.x86_64
krb5-libs-1.13.2-12.el7_2.x86_64
- not working (after the update)
samba-winbind-4.2.10-6.el7_2.x86_64
samba-libs-4.2.10-6.el7_2.x86_64
samba-common-4.2.10-6.el7_2.noarch
samba-client-libs-4.2.10-6.el7_2.x86_64
samba-winbind-modules-4.2.10-6.el7_2.x86_64
samba-winbind-clients-4.2.10-6.el7_2.x86_64
samba-common-tools-4.2.10-6.el7_2.x86_64
samba-common-libs-4.2.10-6.el7_2.x86_64
samba-4.2.10-6.el7_2.x86_64
krb5-workstation-1.13.2-12.el7_2.x86_64
krb5-libs-1.13.2-12.el7_2.x86_64
---------------------
Partial log output after "wbinfo -g" -
/var/log/samba/winbind.log:
[2016/04/19 14:58:40.635486, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:725(process_request)
process_request: Handling async request 3640:LIST_GROUPS
[2016/04/19 14:58:40.635501, 3, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
list_groups EXAMPLE
[2016/04/19 14:58:40.635520, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
in: struct wbint_QueryGroupList
[2016/04/19 14:58:42.112485, 10, pid=3634, effective(0, 0), real(0,
0)] ../source3/lib/messages.c:252(messaging_recv_cb)
messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from
3635
[2016/04/19 14:58:42.112513, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline)
Domain EXAMPLE is marked as offline now.
[2016/04/19 14:58:42.113574, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
out: struct wbint_QueryGroupList
groups : *
groups: struct wbint_Principals
num_principals : 0
principals: ARRAY(0)
result : NT_STATUS_IO_TIMEOUT
[2016/04/19 14:58:42.113616, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done)
Domain EXAMPLE returned 0 groups
[2016/04/19 14:58:42.113623, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done)
list_groups for domain EXAMPLE failed
[2016/04/19 14:58:42.113630, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:787(wb_request_done)
wb_request_done[3640:LIST_GROUPS]: NT_STATUS_OK
[2016/04/19 14:58:42.113649, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:851(winbind_client_response_written)
winbind_client_response_written[3640:LIST_GROUPS]: delivered
response to client
[2016/04/19 14:58:42.114552, 6, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:957(winbind_client_request_read)
closing socket 28, client exited
[2016/04/19 14:59:13.272624, 10, pid=3634, effective(0, 0), real(0,
0)] ../source3/lib/messages.c:252(messaging_recv_cb)
messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from
3635
[2016/04/19 14:59:13.272656, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online)
Domain EXAMPLE is marked as online now.
Partial log output after "wbinfo -u" -
/var/log/samba/winbind.log:
[2016/04/19 15:03:25.308776, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:725(process_request)
process_request: Handling async request 3666:LIST_USERS
[2016/04/19 15:03:25.308788, 3, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
list_users EXAMPLE
[2016/04/19 15:03:25.308808, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
in: struct wbint_QueryUserList
[2016/04/19 15:03:29.418016, 10, pid=3634, effective(0, 0), real(0,
0)] ../source3/lib/messages.c:252(messaging_recv_cb)
messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from
3635
[2016/04/19 15:03:29.418040, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline)
Domain EXAMPLE is marked as offline now.
[2016/04/19 15:03:29.418101, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
out: struct wbint_QueryUserList
users : *
users: struct wbint_userinfos
num_userinfos : 0x00000000 (0)
userinfos: ARRAY(0)
result : NT_STATUS_IO_TIMEOUT
[2016/04/19 15:03:29.418172, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
Domain EXAMPLE returned 0 users
[2016/04/19 15:03:29.418180, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
List_users for domain EXAMPLE failed
[2016/04/19 15:03:29.418187, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:787(wb_request_done)
wb_request_done[3666:LIST_USERS]: NT_STATUS_OK
[2016/04/19 15:03:29.418206, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:851(winbind_client_response_written)
winbind_client_response_written[3666:LIST_USERS]: delivered
response to client
[2016/04/19 15:03:29.420295, 6, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:957(winbind_client_request_read)
closing socket 28, client exited
[2016/04/19 15:04:00.414647, 10, pid=3634, effective(0, 0), real(0,
0)] ../source3/lib/messages.c:252(messaging_recv_cb)
messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from
3635
[2016/04/19 15:04:00.414669, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online)
Domain EXAMPLE is marked as online now.
Partial log output after "getent passwd" -
/var/log/samba/winbind.log (the local users get displayed,
domain users - do not):
[2016/04/19 15:04:41.367195, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:725(process_request)
process_request: Handling async request 3673:GETPWENT
[2016/04/19 15:04:41.367208, 3, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_getpwent.c:50(winbindd_getpwent_send)
[ 3673]: getpwent
[2016/04/19 15:04:41.367307, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
in: struct wbint_QueryUserList
[2016/04/19 15:04:41.367621, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
out: struct wbint_QueryUserList
users : *
users: struct wbint_userinfos
num_userinfos : 0x00000000 (0)
userinfos: ARRAY(0)
result : NT_STATUS_OK
[2016/04/19 15:04:41.367652, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/wb_query_user_list.c:69(wb_query_user_list_done)
dcerpc_wbint_QueryUserList returned 0 users
[2016/04/19 15:04:41.367661, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
in: struct wbint_QueryUserList
[2016/04/19 15:04:41.367680, 1, pid=3634, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
out: struct wbint_QueryUserList
users : *
users: struct wbint_userinfos
num_userinfos : 0x00000000 (0)
userinfos: ARRAY(0)
result : NT_STATUS_IO_TIMEOUT
[2016/04/19 15:04:41.367700, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/wb_next_pwent.c:109(wb_next_pwent_fetch_done)
query_user_list for domain EXAMPLE returned NT_STATUS_IO_TIMEOUT
[2016/04/19 15:04:41.367707, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_getpwent.c:95(winbindd_getpwent_done)
winbindd_getpwent_done: done with 0 users
[2016/04/19 15:04:41.367712, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:787(wb_request_done)
wb_request_done[3673:GETPWENT]: NT_STATUS_NO_MORE_ENTRIES
[2016/04/19 15:04:41.367726, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:851(winbind_client_response_written)
winbind_client_response_written[3673:GETPWENT]: delivered response
to client
[2016/04/19 15:04:41.367900, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:725(process_request)
process_request: Handling async request 3673:ENDPWENT
[2016/04/19 15:04:41.367916, 10, pid=3634, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:787(wb_request_done)
wb_request_done[3673:ENDPWENT]: NT_STATUS_OK
I think that the issue is similar to the issues described by L.P.H.
van Belle and Luca Bertoncello.
The Domain Controllers are MS Windows Server 2012 R2, AD Scheme is
2012.
Any ideas on how to solve this?
Thanks,
Dimitar
More information about the samba
mailing list