[Samba] wbinfo works for test authentication but cannot list users
Tim Riley
tim.riley at gmail.com
Wed Sep 21 11:41:59 GMT 2005
Hi all,
I have a Samba configuration that was in place on Ubuntu Warty (samba
3.0.7) workstations to allow winbind to authenticate domain users on
them. These computers have since been re-installed with Ubuntu Hoary
(samba 3.0.10) with the same configuration.
The workstations have been successfully joined to the domain using
`net rpc join`.
`wbinfo -t` shows that the trust between the workstation and the domain is fine.
`wbinfo -a user%pass` for a domain user reports successful authentication.
However, `wbinfo -u` now reports that there is an "Error looking up
domain users." Winbind is also configured in /etc/nsswitch.conf but
due to the above problem, windows users are not listed in `getent
passwd`.
I then ran `wbinfo --set-auth-user` with the same username and
password that was used to join the hosts to the domain, but this did
not change the `wbinfo -u` behaviour. In the previous installation,
this step was not needed -- user listing took place successfully after
just joining the domain and nothing more.
Since these machines were already attached to the domain in previous
installations (same hostnames), I deleted the machine accounts in the
domain and then re-added them, but to no change in the problem
mentioned above.
I am officially stumped. Any help or pointers on what to try next
would be greatly appreciated! I have attached the smb.conf and
relevant log file output below. The log file is saved from a host
that did not have the --set-auth-user configured, but the behaviour
with this is the same as when one has been set.
Thanks much,
Tim Riley
--
[global]
workgroup = PEMBROKE
server string = %h (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
log level = winbind:10
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = domain
password server = PHOENIX
encrypt passwords = true
passdb backend = tdbsam guest
obey pam restrictions = yes
invalid users = root
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
--
[2005/09/21 17:35:28, 10] nsswitch/winbindd.c:process_request(321)
process_request: request fn LIST_USERS
[2005/09/21 17:35:28, 3] nsswitch/winbindd_user.c:winbindd_list_users(587)
[ 8224]: list users
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(272)
fetch_cache_seqnum: invalid data size key [SEQNUM/PEMBROKE]
[2005/09/21 17:35:28, 10] nsswitch/winbindd_rpc.c:sequence_number(817)
rpc: fetch sequence_number for PEMBROKE
[2005/09/21 17:35:28, 8] nsswitch/winbindd_rpc.c:sequence_number(829)
using get_ldap_seq() to retrieve the sequence number
[2005/09/21 17:35:28, 3] nsswitch/winbindd_rpc.c:get_ldap_sequence_number(794)
get_ldap_sequence_number: Retrieved sequence number for Domain
(PEMBROKE) from DC (10.1.1.13:389)
[2005/09/21 17:35:28, 10] nsswitch/winbindd_rpc.c:sequence_number(834)
domain_sequence_number: LDAP for domain PEMBROKE is 17165694
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(325)
store_cache_seqnum: success [PEMBROKE][17165694 @ 1127289928]
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386)
refresh_sequence_number: PEMBROKE seq number is now 17165694
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:query_user_list(727)
query_user_list: [Cached] - doing backend query for list for domain PEMBROKE
[2005/09/21 17:35:28, 3] nsswitch/winbindd_rpc.c:query_user_list(47)
rpc: query_user_list
[2005/09/21 17:35:28, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
IPC$ connections done anonymously
[2005/09/21 17:35:28, 5] nsswitch/winbindd_cm.c:cm_open_connection(316)
anonymous connection attempt to PHOENIX from GETUPDATES-TEST
[2005/09/21 17:35:28, 3] nsswitch/winbindd_cache.c:query_user_list(731)
query_user_list: returned 0xc0000022, retrying
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(355)
refresh_sequence_number: PEMBROKE time ok
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386)
refresh_sequence_number: PEMBROKE seq number is now 17165694
[2005/09/21 17:35:28, 10] nsswitch/winbindd.c:client_write(524)
client_write: wrote 1300 bytes.
[2005/09/21 17:35:28, 10] nsswitch/winbindd.c:winbind_client_read(470)
client_read: read 0 bytes. Need 1824 more for a full request.
[2005/09/21 17:35:28, 5] nsswitch/winbindd.c:winbind_client_read(477)
read failed on sock 19, pid 8224: EOF
[2005/09/21 17:35:30, 6] nsswitch/winbindd.c:new_connection(356)
accepted socket 18
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
client_read: read 1824 bytes. Need 0 more for a full request.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:process_request(321)
process_request: request fn INTERFACE_VERSION
[2005/09/21 17:35:30, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[ 8225]: request interface version
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524)
client_write: wrote 1300 bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
client_read: read 1824 bytes. Need 0 more for a full request.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:process_request(321)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/09/21 17:35:30, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[ 8225]: request location of privileged pipe
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524)
client_write: wrote 1300 bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(569)
client_write: need to write 35 extra data bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524)
client_write: wrote 35 bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(558)
client_write: client_write: complete response written.
[2005/09/21 17:35:30, 6] nsswitch/winbindd.c:new_connection(356)
accepted socket 19
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
client_read: read 0 bytes. Need 1824 more for a full request.
[2005/09/21 17:35:30, 5] nsswitch/winbindd.c:winbind_client_read(477)
read failed on sock 18, pid 8225: EOF
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
client_read: read 1824 bytes. Need 0 more for a full request.
More information about the samba
mailing list