[Samba] wbinfo -u and -g gives no output

Dennis Xu dxu at uoguelph.ca
Mon Jun 13 20:32:08 UTC 2016

After I tried "client ldap sasl wrapping = plain", "wbinfo -g" command just hang and I am not able to ssh to the box. Reverted the change and I can ssh to the box again. 

----- Original Message -----

From: "Lars Maes" <l.maes at mosadex.nl> 
To: dxu at uoguelph.ca 
Cc: "samba" <samba at lists.samba.org> 
Sent: Friday, June 10, 2016 4:47:27 PM 
Subject: Re: [Samba] wbinfo -u and -g gives no output 

I had exact the same problem. 

Try: client ldap sasl wrapping = plain in smb.conf 

Op 10 jun. 2016 10:44 p.m. schreef Dennis Xu <dxu at uoguelph.ca>: 

I see this error when trying "wbinfo -g": 

[2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args) 
ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded 

Any ideas about this? 


----- Original Message ----- 

From: "Dennis Xu" <dxu at uoguelph.ca> 
To: "Michael Adam" <obnox at samba.org> 
Cc: "samba" <samba at lists.samba.org> 
Sent: Thursday, June 9, 2016 2:02:04 PM 
Subject: Re: [Samba] wbinfo -u and -g gives no output 

>Note: the line 'idmap config ad' is not a correct samba option. 
>But also this would not cause your issue. 

I did not config this and I believe this comes from the default. Do you suggest to comment this out? 

I tried "wbinfo -u" and "wbinfo -g" again and attached the log.wb-CFS file. 

Sorry I forgot to mention, I did stop winbind, remove /var/lib/samba/winbindd_cache.tdb and start winbind again. That did not help. 



----- Original Message ----- 

From: "Michael Adam" <obnox at samba.org> 
To: "Dennis Xu" <dxu at uoguelph.ca> 
Cc: "samba" <samba at lists.samba.org> 
Sent: Thursday, June 9, 2016 11:47:18 AM 
Subject: Re: [Samba] wbinfo -u and -g gives no output 

On 2016-06-09 at 10:17 -0400, Dennis Xu wrote: 
> Hi Michael, 
> Thank you for your suggestion. 
> I did clone the server. After the clone, the server was not 
> join to domain automatically, then I join the server to the 
> domain separately. I did not change the local sid. Should I 
> change that? 

Not necessarily: It is rather cosmetic and probably not the 
cause for your issue. 

> Actually I followed this process to clone the first server and 
> that server did not have the wbinfo -u issue. Then I tried to 
> clone other servers then I started to see this issue. I also 
> recently did a fresh install for a server and I have the same 
> issue for that server as well. 
> I have attached the smb.conf 

Note: the line 'idmap config ad' is not a correct samba option. 
But also this would not cause your issue. 

> and winbind logs(in debug level 10 and after "wbinfo -u" was issued). 

I'd also need to see log.wb-* (corresponding). 
But I can already see that the attempts to 
get the user's list times out. See below: 

> I use Samba for FreeRADIUS integration to authenticate PEAP 
> MS-CHAP2 wireless authentications against AD. The server seems 
> still can authenticate users. I am not sure if this "wbinfo -u" 
> issue will cause any authentication issues. 

Likely not. 

Here the important part from log.winbindd: 

> [2016/06/09 10:04:31.071983, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request) 
> process_request: Handling async request 11852:LIST_USERS 
> [2016/06/09 10:04:31.072016, 3, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) 
> list_users CFS 

Main winbind is asking the CFS child to list the CFS domain 

> [2016/06/09 10:04:31.072059, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) 
> wbint_QueryUserList: struct wbint_QueryUserList 
> in: struct wbint_QueryUserList 
> [2016/06/09 10:04:32.047364, 10, pid=11846, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:252(messaging_recv_cb) 
> messaging_recv_cb: Received message 0x40c len 4 (num_fds:0) from 11847 
> [2016/06/09 10:04:32.047421, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) 
> Domain CFS is marked as offline now. 

Here I need to see the log.wb-CFS file, to see what the 
domain child is up to. But I suspect that the domain 
child can't contact any DCs and marks itself offline. 

> [2016/06/09 10:04:32.048320, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) 
> wbint_QueryUserList: struct wbint_QueryUserList 
> out: struct wbint_QueryUserList 
> users : * 
> users: struct wbint_userinfos 
> num_userinfos : 0x00000000 (0) 
> userinfos: ARRAY(0) 

The list users request to the CFS domain times out. 

> [2016/06/09 10:04:32.048409, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) 
> Domain CFS returned 0 users 
> [2016/06/09 10:04:32.048434, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) 
> List_users for domain CFS failed 
> [2016/06/09 10:04:32.048458, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) 
> wb_request_done[11852:LIST_USERS]: NT_STATUS_OK 

So my guess is that there is some issue with 
finding and/or contacting domain controllers. 
More after we get the other log. 

Cheers - Michael 

To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 

To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 

To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 

More information about the samba mailing list