samba4 rc3 wbinfo problem

Daniele Dario d.dario76 at gmail.com
Thu Oct 18 09:11:42 MDT 2012 

Hi list
I have 2 samba4 AD DCs: I provisioned the domain on kdc02 and than
joined kdc01.

[root at kdc02:~]# id KDC01$
uid=3000059(SAITEL\KDC01$) gid=3000017(Domain Controllers)
groups=3000017(Domain Controllers)
[root at kdc02:~]# wbinfo -i KDC01$
SAITEL\KDC01$:*:3000059:3000017:KDC01$:/home/SAITEL/KDC01$:/bin/bash
[root at kdc02:~]# sid=`wbinfo --gid-to-sid=3000017` && wbinfo
--sid-to-name=$sid
SAITEL\Domain Controllers 2

while

[root at kdc01:~]# id KDC01$
uid=3000027(SAITEL\KDC01$) gid=3000020(Ufficio Tecnico)
groups=3000020(Ufficio Tecnico)
[root at kdc01:~]# wbinfo -i KDC01$
SAITEL\KDC01$:*:3000027:3000020:KDC01$:/home/SAITEL/KDC01$:/bin/bash
[root at kdc01:~]# sid=`wbinfo --gid-to-sid=3000020` && wbinfo
--sid-to-name=$sid
SAITEL\Ufficio Tecnico 2

Having a look with ldbsearch -H /usr/local/samba/private/sam.ldb -b
"DC=saitel,DC=loc" on both DCs the given records seems to be the same
and on both of them I can see

memberOf: CN=Server Operators,CN=Builtin,DC=saitel,DC=loc

Given this I used samba-tool group listmembers Server\ Operators and
I've seen that KDC01$ is (as expected) a member of Server Operators
group.

Other thing to note is that getfacl on sysvol returns the group ids and
it's not able to translate them to names even if I've created the
symlinks for libnsswinbind.so.

[root at kdc01:~/samba4/samba-4.0.0rc3]#
getfacl /usr/local/samba/var/locks/sysvolgetfacl: Removing leading '/'
from absolute path names
# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: adm
user::rwx
user:root:rwx
group::rwx
group:adm:rwx
group:3000006:r-x
group:3000007:rwx
group:3000008:r-x
mask::rwx
other::---

Trying to get group names with wbinfo (on both DCs)

[root at kdc01:~/samba4/samba-4.0.0rc3]# wbinfo --gid-info=3000006
failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for gid 3000006

while 

[root at kdc01:~]# sid=`wbinfo --gid-to-sid=3000006` && wbinfo
--sid-to-name=$sid
BUILTIN\Server Operators 4
[root at kdc01:~]# sid=`wbinfo --gid-to-sid=3000007` && wbinfo
--sid-to-name=$sid
NT AUTHORITY\SYSTEM 5
[root at kdc01:~]# sid=`wbinfo --gid-to-sid=3000008` && wbinfo
--sid-to-name=$sid
NT AUTHORITY\Authenticated Users 5

Are these normal behaviours?

Thanks,
Daniele.

More information about the samba-technical mailing list