[Samba] Samba 3.6.0: unable to list Active Directoy users
David Touzeau
david at touzeau.eu
Fri Aug 12 04:34:42 MDT 2011
Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit :
> Hi
>
> On 12 August 2011 10:23, David Touzeau <david at touzeau.eu> wrote:
> > Dear all
> >
> > I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
> > My Samba is connected to an Active Directory 2008 R2
> >
> >
> > the "getent passwd" did not display any ActiveDirectoy Domains users.
> > the "net ads group" display correctly the ActiveDirectory groups :
> >
> > net ads group
> > Administrateurs
> > Utilisateurs
> > Invités
> > Opérateurs d’impression
> > Opérateurs de sauvegarde
> > Duplicateurs
> > Utilisateurs du Bureau à distance
> > Opérateurs de configuration réseau
> > Utilisateurs de l’Analyseur de performances
> > Utilisateurs du journal de performances
> > Utilisateurs du modèle COM distribué
> > IIS_IUSRS
> > Opérateurs de chiffrement
> > Lecteurs des journaux d’événements
> > Accès DCOM service de certificats
> > Ordinateurs du domaine
> >
> >
> >
> > I think there is a misconfiguration in my setup but did not find any
> > solution:
> > Where i'm wrong ?
> >
> >
> > [global]
> > workgroup = TOUZEAU
> > netbios name = bdc2
> > server string = %h server
> > disable netbios =no
> > max protocol = SMB2
> > name resolve order =host lmhosts wins bcast
> > dns proxy = No
> > wins support = No
> > min protocol = NT1
> > syslog = 3
> > log level = 10
> > log file = /var/log/samba/log.%m
> > debug timestamp = yes
> >
> > # Enable symbolics links -----------------------------------
> > follow symlinks = yes
> > wide links = yes
> > unix extensions = no
> >
> > usershare allow guests = no
> > usershare max shares = 100
> > usershare owner only = true
> > usershare path=/var/lib/samba/usershares/data
> >
> > #Guest access
> > guest account = nobody
> > map to guest = Bad Password
> > template homedir = /home/%U
> > template shell = /bin/false
> > enable privileges = yes
> > os level = 40
> > ldap passwd sync = no
> >
> > #WINBINDD *******************************************************
> > security = ADS
> > realm = TOUZEAU.HOME
> >
> > idmap config TOUZEAU:backend = ad
> > idmap config TOUZEAU:readonly = yes
> > idmap config TOUZEAU:schema_mode = rfc2307
> > idmap config * : range = 16777216-33554431
>
> The way idmap works was changed with 3.6.0. I don't know if the above
> is wrong, but perhaps it is something to consider.
>
> e.g. I don't know if "readonly" is supported. I've seen mention of
> "read only", but not in the idmap_ad code. But maybe I missed it.
>
> Also, the idmap_ad documentation implies that you need something like this:
>
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
>
> idmap config TOUZEAU : backend = ad
> idmap config TOUZEAU : range = 1000-999999
> idmap config TOUZEAU : schema_mode = rfc2307
>
> I am not sure if the above is relevant to you :) but I hope it helps.
>
Many thanks Michael
i have changed values but it has no effect and the issue still alive...
For anybody here it is some relevant winbindd debug informations
Adding 0 DC's from auto lookup
[2011/08/12 10:39:31.945022, 5]
libads/sitename_cache.c:105(sitename_fetch)
sitename_fetch: Returning sitename for TOUZEAU.HOME:
"Default-First-Site-Name"
[2011/08/12 10:39:31.945047, 10]
libsmb/namequery.c:1975(internal_resolve_name)
internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
(sitename Default-First-Site-Name)
[2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch)
name WIN-RSF60G6AS1L.touzeau.home#20 found.
[2011/08/12 10:39:31.945124, 9]
libsmb/conncache.c:150(check_negative_conn_cache)
check_negative_conn_cache returning result 0 for domain touzeau.home
server 192.168.1.150
[2011/08/12 10:39:31.945151, 10]
libsmb/namequery.c:1079(remove_duplicate_addrs2)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list)
get_dc_list: returning 1 ip addresses in an ordered list
[2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list)
get_dc_list: 192.168.1.150:389
[2011/08/12 10:39:31.945216, 10]
libads/kerberos.c:825(get_kdc_ip_string)
get_kdc_ip_string: Returning kdc = 192.168.1.150
[2011/08/12 10:39:31.945304, 5]
libads/kerberos.c:948(create_local_private_krb5_conf_for_domain)
create_local_private_krb5_conf_for_domain: wrote
file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME
KDC list = kdc = 192.168.1.150
[2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name)
ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME'
IP=192.168.1.150
[2011/08/12 10:39:31.945376, 5]
libads/sitename_cache.c:105(sitename_fetch)
sitename_fetch: Returning sitename for touzeau.home:
"Default-First-Site-Name"
[2011/08/12 10:39:31.945398, 8]
libsmb/namequery.c:2652(get_sorted_dc_list)
get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
Default-First-Site-Name) using [ads]
[2011/08/12 10:39:31.945432, 5] libsmb/namequery.c:194(saf_fetch)
saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
domain
[2011/08/12 10:39:31.945458, 3] libsmb/namequery.c:2461(get_dc_list)
get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
[2011/08/12 10:39:31.945481, 10]
libsmb/namequery.c:1975(internal_resolve_name)
internal_resolve_name: looking up touzeau.home#1c (sitename
Default-First-Site-Name)
[2011/08/12 10:39:31.945507, 5] libsmb/namecache.c:160(namecache_fetch)
no entry for touzeau.home#1C found.
[2011/08/12 10:39:31.945531, 5] libsmb/namequery.c:1869(resolve_ads)
resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
[2011/08/12 10:39:31.945890, 3] libads/dns.c:345(dns_send_req)
ads_dns_lookup_srv: Failed to resolve
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.touzeau.home
(Succès)
[2011/08/12 10:39:31.945925, 3] libads/dns.c:415(ads_dns_lookup_srv)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
[2011/08/12 10:39:31.946132, 3] libads/dns.c:345(dns_send_req)
ads_dns_lookup_srv: Failed to resolve
_ldap._tcp.dc._msdcs.touzeau.home (Succès)
[2011/08/12 10:39:31.946166, 3] libads/dns.c:415(ads_dns_lookup_srv)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
[2011/08/12 10:39:31.946189, 8] libsmb/namequery.c:2482(get_dc_list)
Adding 0 DC's from auto lookup
[2011/08/12 10:39:31.946220, 5]
libads/sitename_cache.c:105(sitename_fetch)
sitename_fetch: Returning sitename for TOUZEAU.HOME:
"Default-First-Site-Name"
[2011/08/12 10:39:31.946245, 10]
libsmb/namequery.c:1975(internal_resolve_name)
internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
(sitename Default-First-Site-Name)
[2011/08/12 10:39:31.946274, 5] libsmb/namecache.c:165(namecache_fetch)
name WIN-RSF60G6AS1L.touzeau.home#20 found.
[2011/08/12 10:39:31.946323, 9]
libsmb/conncache.c:150(check_negative_conn_cache)
check_negative_conn_cache returning result 0 for domain touzeau.home
server 192.168.1.150
[2011/08/12 10:39:31.946351, 10]
libsmb/namequery.c:1079(remove_duplicate_addrs2)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2011/08/12 10:39:31.946373, 4] libsmb/namequery.c:2601(get_dc_list)
get_dc_list: returning 1 ip addresses in an ordered list
[2011/08/12 10:39:31.946394, 4] libsmb/namequery.c:2602(get_dc_list)
get_dc_list: 192.168.1.150:389
[2011/08/12 10:39:31.946423, 9]
libsmb/conncache.c:150(check_negative_conn_cache)
check_negative_conn_cache returning result 0 for domain TOUZEAU server
192.168.1.150
[2011/08/12 10:39:31.946447, 8]
libsmb/namequery.c:2652(get_sorted_dc_list)
get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
NULL) using [ads]
[2011/08/12 10:39:31.946480, 5] libsmb/namequery.c:194(saf_fetch)
saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
domain
[2011/08/12 10:39:31.946506, 3] libsmb/namequery.c:2461(get_dc_list)
get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
[2011/08/12 10:39:31.946528, 10]
libsmb/namequery.c:1975(internal_resolve_name)
internal_resolve_name: looking up touzeau.home#1c (sitename (null))
[2011/08/12 10:39:31.946555, 5] libsmb/namecache.c:160(namecache_fetch)
no entry for touzeau.home#1C found.
[2011/08/12 10:39:31.946579, 5] libsmb/namequery.c:1869(resolve_ads)
resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
[2011/08/12 10:39:31.946781, 3] libads/dns.c:345(dns_send_req)
ads_dns_lookup_srv: Failed to resolve
_ldap._tcp.dc._msdcs.touzeau.home (Succès)
[2011/08/12 10:39:31.946815, 3] libads/dns.c:415(ads_dns_lookup_srv)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
[2011/08/12 10:39:31.946916, 8] libsmb/namequery.c:2482(get_dc_list)
Adding 0 DC's from auto lookup
[2011/08/12 10:39:31.946948, 5]
libads/sitename_cache.c:105(sitename_fetch)
sitename_fetch: Returning sitename for TOUZEAU.HOME:
"Default-First-Site-Name"
[2011/08/12 10:39:31.946973, 10]
libsmb/namequery.c:1975(internal_resolve_name)
internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
(sitename Default-First-Site-Name)
[2011/08/12 10:39:31.947002, 5] libsmb/namecache.c:165(namecache_fetch)
name WIN-RSF60G6AS1L.touzeau.home#20 found.
[2011/08/12 10:39:31.947051, 9]
libsmb/conncache.c:150(check_negative_conn_cache)
check_negative_conn_cache returning result 0 for domain touzeau.home
server 192.168.1.150
[2011/08/12 10:39:31.947078, 10]
libsmb/namequery.c:1079(remove_duplicate_addrs2)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2011/08/12 10:39:31.947100, 4] libsmb/namequery.c:2601(get_dc_list)
get_dc_list: returning 1 ip addresses in an ordered list
[2011/08/12 10:39:31.947128, 4] libsmb/namequery.c:2602(get_dc_list)
get_dc_list: 192.168.1.150:389
[2011/08/12 10:39:31.947159, 9]
libsmb/conncache.c:150(check_negative_conn_cache)
check_negative_conn_cache returning result 0 for domain TOUZEAU server
192.168.1.150
[2011/08/12 10:39:31.947201, 10]
lib/messages_local.c:255(messaging_tdb_store)
More information about the samba
mailing list