[Samba] wbinfo works for test authentication but cannot list users

Tim Riley tim.riley at gmail.com
Wed Sep 21 11:41:59 GMT 2005


Hi all,

I have a Samba configuration that was in place on Ubuntu Warty (samba
3.0.7) workstations to allow winbind to authenticate domain users on
them.  These computers have since been re-installed with Ubuntu Hoary
(samba 3.0.10) with the same configuration.

The workstations have been successfully joined to the domain using
`net rpc join`.

`wbinfo -t` shows that the trust between the workstation and the domain is fine.
`wbinfo -a user%pass` for a domain user reports successful authentication.

However, `wbinfo -u` now reports that there is an "Error looking up
domain users."  Winbind is also configured in /etc/nsswitch.conf but
due to the above problem, windows users are not listed in `getent
passwd`.

I then ran `wbinfo --set-auth-user` with the same username and
password that was used to join the hosts to the domain, but this did
not change the `wbinfo -u` behaviour.  In the previous installation,
this step was not needed -- user listing took place successfully after
just joining the domain and nothing more.

Since these machines were already attached to the domain in previous
installations (same hostnames), I deleted the machine accounts in the
domain and then re-added them, but to no change in the problem
mentioned above.

I am officially stumped.  Any help or pointers on what to try next
would be greatly appreciated!  I have attached the smb.conf and
relevant log file output below.  The log file is saved from a host
that did not have the --set-auth-user configured, but the behaviour
with this is the same as when one has been set.

Thanks much,

 Tim Riley

--

[global]
   workgroup = PEMBROKE
   server string = %h (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   log level = winbind:10
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = domain
   password server = PHOENIX
   encrypt passwords = true
   passdb backend = tdbsam guest
   obey pam restrictions = yes
   invalid users = root
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/bash
   template homedir = /home/%U
   winbind use default domain = yes

--

[2005/09/21 17:35:28, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn LIST_USERS
[2005/09/21 17:35:28, 3] nsswitch/winbindd_user.c:winbindd_list_users(587)
  [ 8224]: list users
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(272)
  fetch_cache_seqnum: invalid data size key [SEQNUM/PEMBROKE]
[2005/09/21 17:35:28, 10] nsswitch/winbindd_rpc.c:sequence_number(817)
  rpc: fetch sequence_number for PEMBROKE
[2005/09/21 17:35:28, 8] nsswitch/winbindd_rpc.c:sequence_number(829)
  using get_ldap_seq() to retrieve the sequence number
[2005/09/21 17:35:28, 3] nsswitch/winbindd_rpc.c:get_ldap_sequence_number(794)
  get_ldap_sequence_number: Retrieved sequence number for Domain
(PEMBROKE) from DC (10.1.1.13:389)
[2005/09/21 17:35:28, 10] nsswitch/winbindd_rpc.c:sequence_number(834)
  domain_sequence_number: LDAP for domain PEMBROKE is 17165694
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(325)
  store_cache_seqnum: success [PEMBROKE][17165694 @ 1127289928]
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386)
  refresh_sequence_number: PEMBROKE seq number is now 17165694
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:query_user_list(727)
  query_user_list: [Cached] - doing backend query for list for domain PEMBROKE
[2005/09/21 17:35:28, 3] nsswitch/winbindd_rpc.c:query_user_list(47)
  rpc: query_user_list
[2005/09/21 17:35:28, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
  IPC$ connections done anonymously
[2005/09/21 17:35:28, 5] nsswitch/winbindd_cm.c:cm_open_connection(316)
  anonymous connection attempt to PHOENIX from GETUPDATES-TEST
[2005/09/21 17:35:28, 3] nsswitch/winbindd_cache.c:query_user_list(731)
  query_user_list: returned 0xc0000022, retrying
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(355)
  refresh_sequence_number: PEMBROKE time ok
[2005/09/21 17:35:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(386)
  refresh_sequence_number: PEMBROKE seq number is now 17165694
[2005/09/21 17:35:28, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/09/21 17:35:28, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2005/09/21 17:35:28, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 19, pid 8224: EOF
[2005/09/21 17:35:30, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 18
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn INTERFACE_VERSION
[2005/09/21 17:35:30, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [ 8225]: request interface version
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/09/21 17:35:30, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [ 8225]: request location of privileged pipe
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(569)
  client_write: need to write 35 extra data bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 35 bytes.
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:client_write(558)
  client_write: client_write: complete response written.
[2005/09/21 17:35:30, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 19
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2005/09/21 17:35:30, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 18, pid 8225: EOF
[2005/09/21 17:35:30, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.


More information about the samba mailing list