[Samba] Samba 3.6.0: unable to list Active Directoy users

Michael Adam obnox at samba.org
Mon Aug 15 07:11:42 MDT 2011


Hi David,

David Touzeau wrote:
> Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit :
> > Hi
> > 
> > On 12 August 2011 10:23, David Touzeau <david at touzeau.eu> wrote:
> > > Dear all
> > >
> > > I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
> > > My Samba is connected to an Active Directory 2008 R2
> > >
> > >
> > > the "getent passwd" did not display any ActiveDirectoy Domains users.
> > >
> > > ...
> > >
> > > I think there is a misconfiguration in my setup but did not find any
> > > solution:
> > > Where i'm wrong ?
> > >
> > >
> > > [global]
> > >        ...
> > >        idmap config TOUZEAU:backend = ad
> > >        idmap config TOUZEAU:readonly = yes
> > >        idmap config TOUZEAU:schema_mode = rfc2307
> > >        idmap config * : range = 16777216-33554431
> > 
> > The way idmap works was changed with 3.6.0.  I don't know if the above
> > is wrong, but perhaps it is something to consider.
> > 
> > e.g. I don't know if "readonly" is supported.  I've seen mention of
> > "read only", but not in the idmap_ad code.  But maybe I missed it.
> > 
> > Also, the idmap_ad documentation implies that you need something like this:
> > 
> >     idmap config * : backend = tdb
> >     idmap config * : range = 1000000-1999999
> > 
> >     idmap config TOUZEAU : backend  = ad
> >     idmap config TOUZEAU : range = 1000-999999
> >     idmap config TOUZEAU : schema_mode = rfc2307
> > 
> > I am not sure if the above is relevant to you :) but I hope it helps.
> > 
> 
> Many thanks Michael
> 
> i have changed values but it has no effect and the issue still alive...

But the remarks by Michael were correct. You need to give the
configuration for the ad backend (domain TOUZEAU) a range,
otherwise it won't work.

The "readonly" parameter will be ignored for the ad backend.
(And for those backends that support it, the correct spelling
is "read only".)

With the above config changes, you should narrow the source of problems
down as detailed here:

https://bugzilla.samba.org/show_bug.cgi?id=8371#c5

You should then post the level 10 logs of the most specific
failing command here, so we can debug further.

Cheers - Michael

> For anybody here it is some relevant winbindd debug informations 
> 
>   Adding 0 DC's from auto lookup
> [2011/08/12 10:39:31.945022,  5]
> libads/sitename_cache.c:105(sitename_fetch)
>   sitename_fetch: Returning sitename for TOUZEAU.HOME:
> "Default-First-Site-Name"
> [2011/08/12 10:39:31.945047, 10]
> libsmb/namequery.c:1975(internal_resolve_name)
>   internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> (sitename Default-First-Site-Name)
> [2011/08/12 10:39:31.945076,  5] libsmb/namecache.c:165(namecache_fetch)
>   name WIN-RSF60G6AS1L.touzeau.home#20 found.
> [2011/08/12 10:39:31.945124,  9]
> libsmb/conncache.c:150(check_negative_conn_cache)
>   check_negative_conn_cache returning result 0 for domain touzeau.home
> server 192.168.1.150
> [2011/08/12 10:39:31.945151, 10]
> libsmb/namequery.c:1079(remove_duplicate_addrs2)
>   remove_duplicate_addrs2: looking for duplicate address/port pairs
> [2011/08/12 10:39:31.945172,  4] libsmb/namequery.c:2601(get_dc_list)
>   get_dc_list: returning 1 ip addresses in an ordered list
> [2011/08/12 10:39:31.945193,  4] libsmb/namequery.c:2602(get_dc_list)
>   get_dc_list: 192.168.1.150:389 
> [2011/08/12 10:39:31.945216, 10]
> libads/kerberos.c:825(get_kdc_ip_string)
>   get_kdc_ip_string: Returning 	kdc = 192.168.1.150
>   
> [2011/08/12 10:39:31.945304,  5]
> libads/kerberos.c:948(create_local_private_krb5_conf_for_domain)
>   create_local_private_krb5_conf_for_domain: wrote
> file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME
> KDC list = 	kdc = 192.168.1.150
>   
> [2011/08/12 10:39:31.945347,  4] libsmb/namequery_dc.c:148(ads_dc_name)
>   ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME'
> IP=192.168.1.150
> [2011/08/12 10:39:31.945376,  5]
> libads/sitename_cache.c:105(sitename_fetch)
>   sitename_fetch: Returning sitename for touzeau.home:
> "Default-First-Site-Name"
> [2011/08/12 10:39:31.945398,  8]
> libsmb/namequery.c:2652(get_sorted_dc_list)
>   get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
> Default-First-Site-Name) using [ads]
> [2011/08/12 10:39:31.945432,  5] libsmb/namequery.c:194(saf_fetch)
>   saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
> domain
> [2011/08/12 10:39:31.945458,  3] libsmb/namequery.c:2461(get_dc_list)
>   get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
> [2011/08/12 10:39:31.945481, 10]
> libsmb/namequery.c:1975(internal_resolve_name)
>   internal_resolve_name: looking up touzeau.home#1c (sitename
> Default-First-Site-Name)
> [2011/08/12 10:39:31.945507,  5] libsmb/namecache.c:160(namecache_fetch)
>   no entry for touzeau.home#1C found.
> [2011/08/12 10:39:31.945531,  5] libsmb/namequery.c:1869(resolve_ads)
>   resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
> [2011/08/12 10:39:31.945890,  3] libads/dns.c:345(dns_send_req)
>   ads_dns_lookup_srv: Failed to resolve
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.touzeau.home
> (Succès)
> [2011/08/12 10:39:31.945925,  3] libads/dns.c:415(ads_dns_lookup_srv)
>   ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> [2011/08/12 10:39:31.946132,  3] libads/dns.c:345(dns_send_req)
>   ads_dns_lookup_srv: Failed to resolve
> _ldap._tcp.dc._msdcs.touzeau.home (Succès)
> [2011/08/12 10:39:31.946166,  3] libads/dns.c:415(ads_dns_lookup_srv)
>   ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> [2011/08/12 10:39:31.946189,  8] libsmb/namequery.c:2482(get_dc_list)
>   Adding 0 DC's from auto lookup
> [2011/08/12 10:39:31.946220,  5]
> libads/sitename_cache.c:105(sitename_fetch)
>   sitename_fetch: Returning sitename for TOUZEAU.HOME:
> "Default-First-Site-Name"
> [2011/08/12 10:39:31.946245, 10]
> libsmb/namequery.c:1975(internal_resolve_name)
>   internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> (sitename Default-First-Site-Name)
> [2011/08/12 10:39:31.946274,  5] libsmb/namecache.c:165(namecache_fetch)
>   name WIN-RSF60G6AS1L.touzeau.home#20 found.
> [2011/08/12 10:39:31.946323,  9]
> libsmb/conncache.c:150(check_negative_conn_cache)
>   check_negative_conn_cache returning result 0 for domain touzeau.home
> server 192.168.1.150
> [2011/08/12 10:39:31.946351, 10]
> libsmb/namequery.c:1079(remove_duplicate_addrs2)
>   remove_duplicate_addrs2: looking for duplicate address/port pairs
> [2011/08/12 10:39:31.946373,  4] libsmb/namequery.c:2601(get_dc_list)
>   get_dc_list: returning 1 ip addresses in an ordered list
> [2011/08/12 10:39:31.946394,  4] libsmb/namequery.c:2602(get_dc_list)
>   get_dc_list: 192.168.1.150:389 
> [2011/08/12 10:39:31.946423,  9]
> libsmb/conncache.c:150(check_negative_conn_cache)
>   check_negative_conn_cache returning result 0 for domain TOUZEAU server
> 192.168.1.150
> [2011/08/12 10:39:31.946447,  8]
> libsmb/namequery.c:2652(get_sorted_dc_list)
>   get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
> NULL) using [ads]
> [2011/08/12 10:39:31.946480,  5] libsmb/namequery.c:194(saf_fetch)
>   saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
> domain
> [2011/08/12 10:39:31.946506,  3] libsmb/namequery.c:2461(get_dc_list)
>   get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
> [2011/08/12 10:39:31.946528, 10]
> libsmb/namequery.c:1975(internal_resolve_name)
>   internal_resolve_name: looking up touzeau.home#1c (sitename (null))
> [2011/08/12 10:39:31.946555,  5] libsmb/namecache.c:160(namecache_fetch)
>   no entry for touzeau.home#1C found.
> [2011/08/12 10:39:31.946579,  5] libsmb/namequery.c:1869(resolve_ads)
>   resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
> [2011/08/12 10:39:31.946781,  3] libads/dns.c:345(dns_send_req)
>   ads_dns_lookup_srv: Failed to resolve
> _ldap._tcp.dc._msdcs.touzeau.home (Succès)
> [2011/08/12 10:39:31.946815,  3] libads/dns.c:415(ads_dns_lookup_srv)
>   ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> [2011/08/12 10:39:31.946916,  8] libsmb/namequery.c:2482(get_dc_list)
>   Adding 0 DC's from auto lookup
> [2011/08/12 10:39:31.946948,  5]
> libads/sitename_cache.c:105(sitename_fetch)
>   sitename_fetch: Returning sitename for TOUZEAU.HOME:
> "Default-First-Site-Name"
> [2011/08/12 10:39:31.946973, 10]
> libsmb/namequery.c:1975(internal_resolve_name)
>   internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> (sitename Default-First-Site-Name)
> [2011/08/12 10:39:31.947002,  5] libsmb/namecache.c:165(namecache_fetch)
>   name WIN-RSF60G6AS1L.touzeau.home#20 found.
> [2011/08/12 10:39:31.947051,  9]
> libsmb/conncache.c:150(check_negative_conn_cache)
>   check_negative_conn_cache returning result 0 for domain touzeau.home
> server 192.168.1.150
> [2011/08/12 10:39:31.947078, 10]
> libsmb/namequery.c:1079(remove_duplicate_addrs2)
>   remove_duplicate_addrs2: looking for duplicate address/port pairs
> [2011/08/12 10:39:31.947100,  4] libsmb/namequery.c:2601(get_dc_list)
>   get_dc_list: returning 1 ip addresses in an ordered list
> [2011/08/12 10:39:31.947128,  4] libsmb/namequery.c:2602(get_dc_list)
>   get_dc_list: 192.168.1.150:389 
> [2011/08/12 10:39:31.947159,  9]
> libsmb/conncache.c:150(check_negative_conn_cache)
>   check_negative_conn_cache returning result 0 for domain TOUZEAU server
> 192.168.1.150
> [2011/08/12 10:39:31.947201, 10]
> lib/messages_local.c:255(messaging_tdb_store)
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20110815/740b8938/attachment.pgp>


More information about the samba mailing list