[Samba] wbinfo -u fails in Samba-3.0.4 on Samba PDC/BDC

Hans B. Randgaard HBR at maerskoil.dk
Tue May 25 13:51:04 GMT 2004 

Dear list,

Do any of you use the latest(3.0.4) as a Samba PDC(with OpenLDAP) on Linux ?
If yes, have you encountered the following problem ?

The setup is a PDC with an LDAP server running locally which is accessed
directly and through nsswitch/PAM. A member server is providing shares to
clients.

When looking up domain users (wbinfo -u) from a member server(Solaris 8,
OpenLDAP 2.1.25) there are no problems. When looking up users on the PDC and
on the BDC, it fails (Error looking up domain users). The log.winbindd
states problems with socket read errors. When running "wbinfo -m" we only
get "BUILTIN". When running "wbinfo -g" we get:

BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users

The PDC is running Mandrake 9(2.4.19-16mdk, OpenLDAP 2.0.25) and the BDC is
running RedHat 7.3(2.4.18-3, OpenLDAP 2.0.27) and works without problems in
other regards.

Have tried a similar PDC/BDC configuration on Mandrake 10 as well with same
results.

The problem was first discovered in Samba 3.0.2(currently 3.0.4) and
searching the mailing lists does not reveal anything that equals our
situation.

Samba config options are: ./configure -with-acl-support -with-libiconv

Things checked: There are no firewall rules. Different socket options tried.
Custom compiled and vendor compiled binaries tried. LDAP entries commented
out with no affect.

Guess on cause: The LDAP lookup is messing up a socket used for local host
communication. 


Failing lookup

[2004/05/24 12:53:25, 6] nsswitch/winbindd.c:new_connection(343)
  accepted socket 16
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:process_request(308)
  process_request: request fn INTERFACE_VERSION
[2004/05/24 12:53:25, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261
)
  [ 7076]: request interface version
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:process_request(308)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2004/05/24 12:53:25, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [ 7076]: request location of privileged pipe
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(557)
  client_write: need to write 47 extra data bytes.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 47 bytes.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(546)
  client_write: client_write: complete response written.
[2004/05/24 12:53:25, 6] nsswitch/winbindd.c:new_connection(343)
  accepted socket 17
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2004/05/24 12:53:25, 5] nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 16, pid 7076: EOF
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:process_request(308)
  process_request: request fn LIST_USERS
[2004/05/24 12:53:25, 3] nsswitch/winbindd_user.c:winbindd_list_users(592)
  [ 7076]: list users
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/05/24 12:53:25, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2004/05/24 12:53:25, 5] nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 17, pid 7076: EOF


Working lookup

[2004/05/24 13:19:05, 6] nsswitch/winbindd.c:new_connection(343)
  accepted socket 19
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:process_request(308)
  process_request: request fn INTERFACE_VERSION
[2004/05/24 13:19:05, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261
)
  [27482]: request interface version
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:process_request(308)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2004/05/24 13:19:05, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [27482]: request location of privileged pipe
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(557)
  client_write: need to write 47 extra data bytes.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 47 bytes.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(546)
  client_write: client_write: complete response written.
[2004/05/24 13:19:05, 6] nsswitch/winbindd.c:new_connection(343)
  accepted socket 20
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2004/05/24 13:19:05, 5] nsswitch/winbindd.c:winbind_client_read(463)
  read failed on sock 19, pid 27482: EOF
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:process_request(308)
  process_request: request fn LIST_USERS
[2004/05/24 13:19:05, 3] nsswitch/winbindd_user.c:winbindd_list_users(592)
  [27482]: list users
[2004/05/24 13:19:05, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(355)
  refresh_sequence_number: SMB-TST time ok
[2004/05/24 13:19:05, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(379)
  refresh_sequence_number: SMB-TST seq number is now 1085397520
[2004/05/24 13:19:05, 10] nsswitch/winbindd_cache.c:centry_expired(403)
  centry_expired: Key UL/SMB-TST for domain SMB-TST is good.
[2004/05/24 13:19:05, 10] nsswitch/winbindd_cache.c:wcache_fetch(482)
  wcache_fetch: returning entry UL/SMB-TST for domain SMB-TST
[2004/05/24 13:19:05, 10] nsswitch/winbindd_cache.c:query_user_list(694)
  query_user_list: [Cached] - cached list for domain SMB-TST status Success
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 1300 bytes.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(557)
  client_write: need to write 4800 extra data bytes.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(512)
  client_write: wrote 4800 bytes.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:client_write(546)
  client_write: client_write: complete response written.
[2004/05/24 13:19:05, 10] nsswitch/winbindd.c:winbind_client_read(458)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2004/05/24 13:19:05, 5] nsswitch/winbindd.c:winbind_client_read(463)
  read failed on sock 20, pid 27482: EOF

# Maersk Oil SAMBA 3.0 PDC
[global]
passdb backend = ldapsam:ldap://infra05/
ldap suffix = dc=cph,dc=maerskoil,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap admin dn = "cn=Manager,dc=cph,dc=maerskoil,dc=com"

#
#       ldap passwd file = /usr/local/etc2/samba_3/private/ldappasswd
#       the ldap admin dn password is stored in secrets.tdb
#       and is set using "smbpasswd -w passphrase".  It is no
#       longer stored in the smb.conf file.
#
#       start tls by default
ldap ssl = start tls

# smbpasswd -x delete the entire dn-entry
ldap delete dn = no

# synchronize unix and samba passwords
ldap passwd sync = yes


admin users = @"Domain_Admins"

add machine script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null  -c
'Machine Account' -s /bin/false %u
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g &&
/usr/local/sbin/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'
delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod.pl -g %g %u

# password quality
min passwd length = 8
#use cracklib = Yes

# charsets
display charset = LOCALE
dos charset = CP850
unix charset = ISO-8859-1


# winbind must be running to have inter-domain trust
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 3600
winbind enum users = yes
winbind enum groups = yes

winbind separator = +
#username map = /usr/local/samba/lib/smbusers
#idmap backend = ldap://infra05/
#ldap idmap suffix = ou=Idmap,dc=cph,dc=maerskoil,dc=com
#idmap uid = 40000-50000
#idmap gid = 40000-50000 
#winbind use default domain = yes



#socket options = IPTOS_LOWDELAY TCP_NODELAY
#socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY

# pushing rids out of way of existing groups
algorithmic rid base = 6000

workgroup = SMB-TST
netbios name = flipper  
comment = Mandrake 9.0  Samba Server
security = user
null passwords = Yes
encrypt passwords = yes

# We don't want roaming profiles
logon path =
logon home =


domain master = yes
domain logons = yes
preferred master = yes
os level = 20

wins server = 89.16.6.4

log level = 10
log file = /usr/local/samba/var/log.%m
public = No
browseable = No
writable = No


# Maersk Oil SAMBA 3.0 Member server
[global]

# charsets
display charset = LOCALE
dos charset = CP850
unix charset = ISO-8859-1


# winbind must be running to have inter-domain trust
winbind uid = 10000-20000
winbind gid = 10000-20000
# winbind use default domain = yes
winbind cache time = 3600
winbind enum users = yes
winbind enum groups = yes

winbind separator = +


socket options = IPTOS_LOWDELAY TCP_NODELAY


workgroup = SMB-TST
#workgroup = TST3
netbios name = Miami
comment = SunOS 5.8 Samba Server
security = DOMAIN
#null passwords = Yes
encrypt passwords = yes
password server = flipper, deralte
#password server = dc3

# We don't want roaming profiles
#logon path = 
#logon home = 


domain master = auto
domain logons = no
preferred master = auto
os level = 20

wins support = no
wins proxy = no
wins server = 89.16.6.4

#log level = 2
log level = 0
log file = /usr/local/samba/var/log.%m
public = No
browseable = No
writable = No

Thanks in advance for any help.

Kind regards, Hans.

Hans Bø Randgaard
Senior Systems Engineer
Petroleum Engineering Department
Maersk Oil
50, Esplanaden, DK-1263, Copenhagen K.
Denmark
Phone: +45 3363 4002
Fax: +45 3363 4034
Email: hbr at maerskoil.dk




**********************************************************************
This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they 
are addressed. If you have received this e-mail in error please notify 
the system manager at hotline at maerskoil.dk.

This e-mail and its contents do not constitute and shall not be 
considered as a financial commitment of Maersk Olie og Gas AS 
and its affiliates. 
Maersk Olie og Gas AS expressly disclaims any responsibility
as to the accuracy and use of this e-mail and its contents.
**********************************************************************

More information about the samba mailing list