[Samba] FIXED AGAIN: Win2003 ADS, wbinfo -u and -g bug

herman herman at aeronetworks.ca
Sat Oct 13 00:32:37 GMT 2007

System: Win2003 ADS, Samba 3.0.26a on RHEL5.
> I thought I had this fixed but sadly no - it came back.  The situation 
> changes when I reboot the PC, or cycle power on the PC.  This 
> indicates to me that there is a structure in winbind that is not 
> initialized properly.
> wbinfo -t: OK, shows domain joined fine.
> wbinfo -g: Shows all groups, or only the first two BUILTIN groups, or 
> nothing at all.
> wbinfo -u: Shows all users, or no users.
> Login works if wbinfo -g shows all groups, fails otherwise.
> kinit  user at DOMAIN: works
> wbinit -a user%domain: works
This weird Winbind/Kerberos problem has been fixed again - hopefully for 

I started to read the source code, followed the log messages at debug 
level 10 and sniffed the network with tcpdump.  Eventually, I figured 
out that Kerberos is generating an inordinate amount of traffic, with 
the result that the Windows server doesn't always get around to 
answering the LDAP request and the user/group query then times out.

The solution is to reset the Windows Administrator password.

I remembered reading in the Samba howto guide that the Administrator 
password reset also does something to Kerberos, so I tried it and it 
worked.  I haven't been able to break it again for the rest of the day.



More information about the samba mailing list