[Samba] Samba 3.6.0: unable to list Active Directoy users "WBC_ERR_DOMAIN_NOT_FOUND"
David Touzeau
david at touzeau.eu
Mon Aug 15 08:48:04 MDT 2011
Le lundi 15 août 2011 à 15:11 +0200, Michael Adam a écrit :
> Hi David,
>
> David Touzeau wrote:
> > Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit :
> > > Hi
> > >
> > > On 12 August 2011 10:23, David Touzeau <david at touzeau.eu> wrote:
> > > > Dear all
> > > >
> > > > I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
> > > > My Samba is connected to an Active Directory 2008 R2
> > > >
> > > >
> > > > the "getent passwd" did not display any ActiveDirectoy Domains users.
> > > >
> > > > ...
> > > >
> > > > I think there is a misconfiguration in my setup but did not find any
> > > > solution:
> > > > Where i'm wrong ?
> > > >
> > > >
> > > > [global]
> > > > ...
> > > > idmap config TOUZEAU:backend = ad
> > > > idmap config TOUZEAU:readonly = yes
> > > > idmap config TOUZEAU:schema_mode = rfc2307
> > > > idmap config * : range = 16777216-33554431
> > >
> > > The way idmap works was changed with 3.6.0. I don't know if the above
> > > is wrong, but perhaps it is something to consider.
> > >
> > > e.g. I don't know if "readonly" is supported. I've seen mention of
> > > "read only", but not in the idmap_ad code. But maybe I missed it.
> > >
> > > Also, the idmap_ad documentation implies that you need something like this:
> > >
> > > idmap config * : backend = tdb
> > > idmap config * : range = 1000000-1999999
> > >
> > > idmap config TOUZEAU : backend = ad
> > > idmap config TOUZEAU : range = 1000-999999
> > > idmap config TOUZEAU : schema_mode = rfc2307
> > >
> > > I am not sure if the above is relevant to you :) but I hope it helps.
> > >
> >
> > Many thanks Michael
> >
> > i have changed values but it has no effect and the issue still alive...
>
> But the remarks by Michael were correct. You need to give the
> configuration for the ad backend (domain TOUZEAU) a range,
> otherwise it won't work.
>
> The "readonly" parameter will be ignored for the ad backend.
> (And for those backends that support it, the correct spelling
> is "read only".)
>
> With the above config changes, you should narrow the source of problems
> down as detailed here:
>
> https://bugzilla.samba.org/show_bug.cgi?id=8371#c5
>
> You should then post the level 10 logs of the most specific
> failing command here, so we can debug further.
>
> Cheers - Michael
>
> > For anybody here it is some relevant winbindd debug informations
> >
> > Adding 0 DC's from auto lookup
> > [2011/08/12 10:39:31.945022, 5]
> > libads/sitename_cache.c:105(sitename_fetch)
> > sitename_fetch: Returning sitename for TOUZEAU.HOME:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.945047, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> > internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> > (sitename Default-First-Site-Name)
> > [2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch)
> > name WIN-RSF60G6AS1L.touzeau.home#20 found.
> > [2011/08/12 10:39:31.945124, 9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> > check_negative_conn_cache returning result 0 for domain touzeau.home
> > server 192.168.1.150
> > [2011/08/12 10:39:31.945151, 10]
> > libsmb/namequery.c:1079(remove_duplicate_addrs2)
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > [2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list)
> > get_dc_list: returning 1 ip addresses in an ordered list
> > [2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list)
> > get_dc_list: 192.168.1.150:389
> > [2011/08/12 10:39:31.945216, 10]
> > libads/kerberos.c:825(get_kdc_ip_string)
> > get_kdc_ip_string: Returning kdc = 192.168.1.150
> >
> > [2011/08/12 10:39:31.945304, 5]
> > libads/kerberos.c:948(create_local_private_krb5_conf_for_domain)
> > create_local_private_krb5_conf_for_domain: wrote
> > file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME
> > KDC list = kdc = 192.168.1.150
> >
> > [2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name)
> > ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME'
> > IP=192.168.1.150
> > [2011/08/12 10:39:31.945376, 5]
> > libads/sitename_cache.c:105(sitename_fetch)
> > sitename_fetch: Returning sitename for touzeau.home:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.945398, 8]
> > libsmb/namequery.c:2652(get_sorted_dc_list)
> > get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
> > Default-First-Site-Name) using [ads]
> > [2011/08/12 10:39:31.945432, 5] libsmb/namequery.c:194(saf_fetch)
> > saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
> > domain
> > [2011/08/12 10:39:31.945458, 3] libsmb/namequery.c:2461(get_dc_list)
> > get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
> > [2011/08/12 10:39:31.945481, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> > internal_resolve_name: looking up touzeau.home#1c (sitename
> > Default-First-Site-Name)
> > [2011/08/12 10:39:31.945507, 5] libsmb/namecache.c:160(namecache_fetch)
> > no entry for touzeau.home#1C found.
> > [2011/08/12 10:39:31.945531, 5] libsmb/namequery.c:1869(resolve_ads)
> > resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
> > [2011/08/12 10:39:31.945890, 3] libads/dns.c:345(dns_send_req)
> > ads_dns_lookup_srv: Failed to resolve
> > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.touzeau.home
> > (Succès)
> > [2011/08/12 10:39:31.945925, 3] libads/dns.c:415(ads_dns_lookup_srv)
> > ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> > [2011/08/12 10:39:31.946132, 3] libads/dns.c:345(dns_send_req)
> > ads_dns_lookup_srv: Failed to resolve
> > _ldap._tcp.dc._msdcs.touzeau.home (Succès)
> > [2011/08/12 10:39:31.946166, 3] libads/dns.c:415(ads_dns_lookup_srv)
> > ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> > [2011/08/12 10:39:31.946189, 8] libsmb/namequery.c:2482(get_dc_list)
> > Adding 0 DC's from auto lookup
> > [2011/08/12 10:39:31.946220, 5]
> > libads/sitename_cache.c:105(sitename_fetch)
> > sitename_fetch: Returning sitename for TOUZEAU.HOME:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.946245, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> > internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> > (sitename Default-First-Site-Name)
> > [2011/08/12 10:39:31.946274, 5] libsmb/namecache.c:165(namecache_fetch)
> > name WIN-RSF60G6AS1L.touzeau.home#20 found.
> > [2011/08/12 10:39:31.946323, 9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> > check_negative_conn_cache returning result 0 for domain touzeau.home
> > server 192.168.1.150
> > [2011/08/12 10:39:31.946351, 10]
> > libsmb/namequery.c:1079(remove_duplicate_addrs2)
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > [2011/08/12 10:39:31.946373, 4] libsmb/namequery.c:2601(get_dc_list)
> > get_dc_list: returning 1 ip addresses in an ordered list
> > [2011/08/12 10:39:31.946394, 4] libsmb/namequery.c:2602(get_dc_list)
> > get_dc_list: 192.168.1.150:389
> > [2011/08/12 10:39:31.946423, 9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> > check_negative_conn_cache returning result 0 for domain TOUZEAU server
> > 192.168.1.150
> > [2011/08/12 10:39:31.946447, 8]
> > libsmb/namequery.c:2652(get_sorted_dc_list)
> > get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
> > NULL) using [ads]
> > [2011/08/12 10:39:31.946480, 5] libsmb/namequery.c:194(saf_fetch)
> > saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
> > domain
> > [2011/08/12 10:39:31.946506, 3] libsmb/namequery.c:2461(get_dc_list)
> > get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
> > [2011/08/12 10:39:31.946528, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> > internal_resolve_name: looking up touzeau.home#1c (sitename (null))
> > [2011/08/12 10:39:31.946555, 5] libsmb/namecache.c:160(namecache_fetch)
> > no entry for touzeau.home#1C found.
> > [2011/08/12 10:39:31.946579, 5] libsmb/namequery.c:1869(resolve_ads)
> > resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
> > [2011/08/12 10:39:31.946781, 3] libads/dns.c:345(dns_send_req)
> > ads_dns_lookup_srv: Failed to resolve
> > _ldap._tcp.dc._msdcs.touzeau.home (Succès)
> > [2011/08/12 10:39:31.946815, 3] libads/dns.c:415(ads_dns_lookup_srv)
> > ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> > [2011/08/12 10:39:31.946916, 8] libsmb/namequery.c:2482(get_dc_list)
> > Adding 0 DC's from auto lookup
> > [2011/08/12 10:39:31.946948, 5]
> > libads/sitename_cache.c:105(sitename_fetch)
> > sitename_fetch: Returning sitename for TOUZEAU.HOME:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.946973, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> > internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> > (sitename Default-First-Site-Name)
> > [2011/08/12 10:39:31.947002, 5] libsmb/namecache.c:165(namecache_fetch)
> > name WIN-RSF60G6AS1L.touzeau.home#20 found.
> > [2011/08/12 10:39:31.947051, 9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> > check_negative_conn_cache returning result 0 for domain touzeau.home
> > server 192.168.1.150
> > [2011/08/12 10:39:31.947078, 10]
> > libsmb/namequery.c:1079(remove_duplicate_addrs2)
> > remove_duplicate_addrs2: looking for duplicate address/port pairs
> > [2011/08/12 10:39:31.947100, 4] libsmb/namequery.c:2601(get_dc_list)
> > get_dc_list: returning 1 ip addresses in an ordered list
> > [2011/08/12 10:39:31.947128, 4] libsmb/namequery.c:2602(get_dc_list)
> > get_dc_list: 192.168.1.150:389
> > [2011/08/12 10:39:31.947159, 9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> > check_negative_conn_cache returning result 0 for domain TOUZEAU server
> > 192.168.1.150
> > [2011/08/12 10:39:31.947201, 10]
> > lib/messages_local.c:255(messaging_tdb_store)
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
Dear i have found one error according wbinfo
================================================================================
wbinfo -t
checking the trust secret for domain TOUZEAU via RPC calls succeeded
================================================================================
root at bdc2:~# net ads info
LDAP server: 192.168.1.150
LDAP server name: WIN-RSF60G6AS1L.touzeau.home
Realm: TOUZEAU.HOME
Bind Path: dc=TOUZEAU,dc=HOME
LDAP port: 389
Server time: lun., 15 août 2011 16:31:25 CEST
KDC server: 192.168.1.150
Server time offset: 29
================================================================================
root at bdc2:~# wbinfo -n TOUZEAU\\Administrateur
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name TOUZEAU\Administrateur
here it is the winbind sequence
================================================================================
[2011/08/15 16:19:47.081829, 10]
winbindd/winbindd_cache.c:4296(pack_tdc_domains)
pack_tdc_domains: Packing domain BDC2 ()
[2011/08/15 16:19:47.081858, 10]
winbindd/winbindd_cache.c:4296(pack_tdc_domains)
pack_tdc_domains: Packing domain TOUZEAU (touzeau.home)
[2011/08/15 16:19:47.081889, 4]
winbindd/winbindd_dual.c:1556(fork_domain_child)
Finished processing child request 20
[2011/08/15 16:19:47.081912, 10]
winbindd/winbindd_dual.c:1572(fork_domain_child)
Writing 3560 bytes to parent
[2011/08/15 16:19:47.081978, 10]
lib/events.c:311(get_timed_events_timeout)
timed_events_timeout: 1433/834237
[2011/08/15 16:19:52.074477, 10] lib/events.c:221(run_events_poll)
Running timed event "rescan_trusted_domains" 0x1e39fb0
[2011/08/15 16:19:52.074620, 4]
winbindd/winbindd_dual.c:1548(fork_domain_child)
child daemon request 20
[2011/08/15 16:19:52.074656, 10]
winbindd/winbindd_dual.c:436(child_process_request)
child_process_request: request fn LIST_TRUSTDOM
[2011/08/15 16:19:52.074680, 3]
winbindd/winbindd_misc.c:160(winbindd_dual_list_trusted_domains)
[ 1415]: list trusted domains
[2011/08/15 16:19:52.074704, 10]
winbindd/winbindd_cache.c:2818(trusted_domains)
trusted_domains: [Cached] - doing backend query for info for domain
TOUZEAU
[2011/08/15 16:19:52.074726, 3]
winbindd/winbindd_ads.c:1299(trusted_domains)
ads: trusted_domains
[2011/08/15 16:19:52.074762,
1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
netr_DsrEnumerateDomainTrusts: struct
netr_DsrEnumerateDomainTrusts
in: struct netr_DsrEnumerateDomainTrusts
server_name : *
server_name :
'WIN-RSF60G6AS1L.TOUZEAU.HOME'
trust_flags : 0x00000023 (35)
1: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
[2011/08/15 16:19:52.074921,
1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0020 (32)
call_id : 0x000001cb (459)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000050 (80)
context_id : 0x0000 (0)
opnum : 0x0028 (40)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
[2011/08/15 16:19:52.075160,
1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
&r: struct dcerpc_auth
auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68)
auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6)
auth_pad_length : 0x00 (0)
auth_reserved : 0x00 (0)
auth_context_id : 0x00000001 (1)
credentials : DATA_BLOB length=0
[2011/08/15 16:19:52.075247, 10]
librpc/rpc/dcerpc_helpers.c:498(add_schannel_auth_footer)
add_schannel_auth_footer: SCHANNEL seq_num=198
[2011/08/15 16:19:52.075293,
1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
&r: struct NL_AUTH_SIGNATURE
SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77)
SealAlgorithm : NL_SEAL_RC4 (0x7A)
Pad : 0xffff (65535)
Flags : 0x0000 (0)
SequenceNumber : b63160f4031bd749
Checksum : d4f502bfed22faf4
Confounder : d94220b3468cb847
[2011/08/15 16:19:52.075406, 5]
rpc_client/cli_pipe.c:738(rpc_api_pipe_send)
rpc_api_pipe: host WIN-RSF60G6AS1L.TOUZEAU.HOME
[2011/08/15 16:19:52.075452, 10] libsmb/clitrans.c:299(cli_trans_format)
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=144, this_data=144, max_data=4280, param_offset=84,
param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
[2011/08/15 16:19:52.075489, 10]
libsmb/smb_signing.c:243(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2011/08/15 16:19:52.075513, 10] ../lib/util/util.c:415(dump_data)
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
[2011/08/15 16:19:52.076117, 5] rpc_client/cli_pipe.c:97(rpc_read_send)
rpc_read_send: data_to_read: 232
[2011/08/15 16:19:52.076171,
1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x00f8 (248)
auth_length : 0x0038 (56)
call_id : 0x000001cb (459)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x0000009c (156)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=224
[0000] 0E CC EE 9D 1B B8 0D 2C F8 64 7D 24 80 84 A3
CC ......., .d}$....
[0010] A3 30 E7 4D 9F 65 B0 DE 9E 5B B8 CE 68 A1 F5
08 .0.M.e.. .[..h...
[0020] 05 C8 1E 11 8A DB C7 A6 40 8A 40 8F D6 8C 9A 96 ........
@. at .....
[0030] D3 DB 22 32 CC 47 6F 91 0F FA D2 2E 55 A6 6C
3A .."2.Go. ....U.l:
[0040] A3 2B 6C A3 EB AE 51 8D CA 9D 08 BA A5 AA A1
42 .+l...Q. .......B
[0050] D5 4A DA A0 84 16 BC 5D 44 DD 5F BC 5B 92 AE 65 .J.....]
D._.[..e
[0060] 85 56 D2 26 1F 3E 01 BF 7D AF 4F A0 1B 55 23
28 .V.&.>.. }.O..U#(
[0070] AC 64 95 71 90 05 81 5F DF 6C CE 6F 6D 57 26
CA .d.q..._ .l.omW&.
[0080] DB 18 81 EE AB 85 55 74 3A 80 77 CD FA 8B CE
72 ......Ut :.w....r
[0090] 08 89 12 04 01 A7 65 A6 40 17 D4 1D B8 9E 9B A9 ......e.
@.......
[00A0] 44 06 04 00 01 00 00 00 77 00 7A 00 FF FF 00 00 D.......
w.z.....
[00B0] 95 28 91 ED AD F0 85 D6 08 FC 7B E2 F4 84 57
9E .(...... ..{...W.
[00C0] 74 BE B9 1D 14 F9 25 30 00 00 00 00 00 00 00 00 t.....%
0 ........
[00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 ........ ........
[2011/08/15 16:19:52.076710, 10]
librpc/rpc/dcerpc_helpers.c:865(dcerpc_check_auth)
Requested Privacy.
[2011/08/15 16:19:52.076735,
6] ../librpc/rpc/dcerpc_util.c:140(dcerpc_pull_auth_trailer)
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4
[2011/08/15 16:19:52.076759, 10]
librpc/rpc/dcerpc_helpers.c:951(dcerpc_check_auth)
SCHANNEL auth
[2011/08/15 16:19:52.076801, 10]
rpc_client/cli_pipe.c:437(cli_pipe_validate_current_pdu)
Got pdu len 248, data_len 156, ss_len 4
[2011/08/15 16:19:52.076825, 10]
rpc_client/cli_pipe.c:882(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 248 at offset 0: NT_STATUS_OK
[2011/08/15 16:19:52.076848, 10]
rpc_client/cli_pipe.c:937(rpc_api_pipe_got_pdu)
rpc_api_pipe: host WIN-RSF60G6AS1L.TOUZEAU.HOME returned 156 bytes.
[2011/08/15 16:19:52.076881,
1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
netr_DsrEnumerateDomainTrusts: struct
netr_DsrEnumerateDomainTrusts
out: struct netr_DsrEnumerateDomainTrusts
trusts : *
trusts: struct netr_DomainTrustList
count : 0x00000001 (1)
array : *
array: ARRAY(1)
array: struct netr_DomainTrust
netbios_name : *
netbios_name :
'TOUZEAU'
dns_name : *
dns_name :
'touzeau.home'
trust_flags : 0x0000001d
(29)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
1: NETR_TRUST_FLAG_TREEROOT
1: NETR_TRUST_FLAG_PRIMARY
1: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000
(0)
trust_type :
NETR_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000
(0)
0:
NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE
0:
NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0:
NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0:
NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0:
NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0:
NETR_TRUST_ATTRIBUTE_WITHIN_FOREST
0:
NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
sid : *
sid :
S-1-5-21-3487440176-1554673074-2687830590
guid :
2ef9801b-cdff-4f18-94b1-2b4ed233e67f
result : WERR_OK
[2011/08/15 16:19:52.077307, 10]
winbindd/winbindd_ads.c:1383(trusted_domains)
trusted_domains(ads): Searching trusted domain list of TOUZEAU and
storing trust flags for domain touzeau.home
[2011/08/15 16:19:52.077334, 10]
winbindd/winbindd_cache.c:4468(wcache_tdc_add_domain)
wcache_tdc_add_domain: Adding domain TOUZEAU (touzeau.home), SID
S-1-5-21-3487440176-1554673074-2687830590, flags = 0x1d, attributes =
0x0, type = 0x2
[2011/08/15 16:19:52.077374, 10]
winbindd/winbindd_cache.c:4192(add_wbdomain_to_tdc_array)
add_wbdomain_to_tdc_array: Found existing record for TOUZEAU
[2011/08/15 16:19:52.077400, 10]
winbindd/winbindd_cache.c:4277(pack_tdc_domains)
pack_tdc_domains: Packing 3 trusted domains
[2011/08/15 16:19:52.077426, 10]
winbindd/winbindd_cache.c:4296(pack_tdc_domains)
pack_tdc_domains: Packing domain BUILTIN ()
[2011/08/15 16:19:52.077449, 10]
winbindd/winbindd_cache.c:4296(pack_tdc_domains)
pack_tdc_domains: Packing domain BDC2 ()
[2011/08/15 16:19:52.077472, 10]
winbindd/winbindd_cache.c:4296(pack_tdc_domains)
pack_tdc_domains: Packing domain TOUZEAU (touzeau.home)
[2011/08/15 16:19:52.077504, 4]
winbindd/winbindd_dual.c:1556(fork_domain_child)
Finished processing child request 20
[2011/08/15 16:19:52.077529, 10]
winbindd/winbindd_dual.c:1572(fork_domain_child)
Writing 3560 bytes to parent
[2011/08/15 16:19:52.077617, 10]
lib/events.c:311(get_timed_events_timeout)
timed_events_timeout: 1428/838597
[2011/08/15 16:19:52.129662, 6] winbindd/winbindd.c:792(new_connection)
accepted socket 26
[2011/08/15 16:19:52.129769, 10]
winbindd/winbindd.c:642(process_request)
process_request: request fn INTERFACE_VERSION
[2011/08/15 16:19:52.129812, 3]
winbindd/winbindd_misc.c:384(winbindd_interface_version)
[ 923]: request interface version
[2011/08/15 16:19:52.129850, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:INTERFACE_VERSION]: delivered
response to client
[2011/08/15 16:19:52.129917, 10]
winbindd/winbindd.c:642(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2011/08/15 16:19:52.129948, 3]
winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
[ 923]: request location of privileged pipe
[2011/08/15 16:19:52.129997, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:WINBINDD_PRIV_PIPE_DIR]: delivered
response to client
[2011/08/15 16:19:52.130071, 6] winbindd/winbindd.c:792(new_connection)
accepted socket 31
[2011/08/15 16:19:52.130129, 6]
winbindd/winbindd.c:840(winbind_client_request_read)
closing socket 26, client exited
[2011/08/15 16:19:52.130194, 10]
winbindd/winbindd.c:642(process_request)
process_request: request fn INTERFACE_VERSION
[2011/08/15 16:19:52.130225, 3]
winbindd/winbindd_misc.c:384(winbindd_interface_version)
[ 923]: request interface version
[2011/08/15 16:19:52.130258, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:INTERFACE_VERSION]: delivered
response to client
[2011/08/15 16:19:52.130319, 10]
winbindd/winbindd.c:642(process_request)
process_request: request fn INFO
[2011/08/15 16:19:52.130349, 3]
winbindd/winbindd_misc.c:372(winbindd_info)
[ 923]: request misc info
[2011/08/15 16:19:52.130383, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:INFO]: delivered response to
client
[2011/08/15 16:19:52.130465, 10]
winbindd/winbindd.c:642(process_request)
process_request: request fn NETBIOS_NAME
[2011/08/15 16:19:52.130499, 3]
winbindd/winbindd_misc.c:405(winbindd_netbios_name)
[ 923]: request netbios name
[2011/08/15 16:19:52.130534, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:NETBIOS_NAME]: delivered response
to client
[2011/08/15 16:19:52.130595, 10]
winbindd/winbindd.c:642(process_request)
process_request: request fn DOMAIN_NAME
[2011/08/15 16:19:52.130625, 3]
winbindd/winbindd_misc.c:394(winbindd_domain_name)
[ 923]: request domain name
[2011/08/15 16:19:52.130659, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:DOMAIN_NAME]: delivered response
to client
[2011/08/15 16:19:52.130720, 10]
winbindd/winbindd.c:642(process_request)
process_request: request fn DOMAIN_INFO
[2011/08/15 16:19:52.130750, 3]
winbindd/winbindd_misc.c:226(winbindd_domain_info)
[ 923]: domain_info [TOUZEAU]
[2011/08/15 16:19:52.130786, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:DOMAIN_INFO]: delivered response
to client
[2011/08/15 16:19:52.130869, 10]
winbindd/winbindd.c:615(process_request)
process_request: Handling async request 923:LOOKUPNAME
[2011/08/15 16:19:52.130905, 3]
winbindd/winbindd_lookupname.c:69(winbindd_lookupname_send)
lookupname TOUZEAU/TOUZEAU\Administrateur
[2011/08/15 16:19:52.130941,
1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'TOUZEAU'
name : *
name : 'TOUZEAU\ADMINISTRATEUR'
flags : 0x00000000 (0)
[2011/08/15 16:19:52.131059,
1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_USE_NONE (0)
sid : *
sid : S-0-0
result : NT_STATUS_NONE_MAPPED
[2011/08/15 16:19:52.131173,
1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'TOUZEAU'
name : *
name : 'TOUZEAU\ADMINISTRATEUR'
flags : 0x00000000 (0)
[2011/08/15 16:19:52.131279,
1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_USE_NONE (0)
sid : *
sid : S-0-0
result : NT_STATUS_NONE_MAPPED
[2011/08/15 16:19:52.131373, 5]
winbindd/winbindd_lookupname.c:104(winbindd_lookupname_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2011/08/15 16:19:52.131399, 10]
winbindd/winbindd.c:677(wb_request_done)
wb_request_done[923:LOOKUPNAME]: NT_STATUS_NONE_MAPPED
[2011/08/15 16:19:52.131434, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[923:LOOKUPNAME]: delivered response to
client
[2011/08/15 16:19:52.131573, 6]
winbindd/winbindd.c:840(winbind_client_request_read)
closing socket 31, client exited
Piece of settings :
================================================================================
[global]
workgroup = TOUZEAU
netbios name = bdc2
server string = %h server
disable netbios =no
max protocol = SMB2
name resolve order =host lmhosts wins bcast
dns proxy = No
wins support = No
min protocol = NT1
syslog = 3
log level = 10
log file = /var/log/samba/log.%m
debug timestamp = yes
# Enable symbolics links -----------------------------------
follow symlinks = yes
wide links = yes
unix extensions = no
usershare allow guests = no
usershare max shares = 100
usershare owner only = true
usershare path=/var/lib/samba/usershares/data
#Guest access
guest account = nobody
map to guest = Bad Password
template homedir = /home/%U
template shell = /bin/false
enable privileges = yes
os level = 40
ldap passwd sync = no
#WINBINDD *******************************************************
security = ADS
realm = TOUZEAU.HOME
idmap config TOUZEAU:backend = ad
idmap config TOUZEAU:readonly = yes
idmap config TOUZEAU:schema_mode = rfc2307
idmap config TOUZEAU:range = 1000-999999
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
client use spnego = No
client use spnego principal = No
encrypt passwords = Yes
client ntlmv2 auth = Yes
client lanman auth = No
winbind normalize names = Yes
winbind separator = /
winbind use default domain = No
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true
kerberos method = system keytab
allow trusted domains = Yes
server signing = mandatory
client signing = mandatory
lm announce = No
ntlm auth = No
lanman auth = No
preferred master = No
More information about the samba
mailing list