[Samba] Samba 3.6.0: unable to list Active Directoy users "WBC_ERR_DOMAIN_NOT_FOUND"

David Touzeau david at touzeau.eu
Mon Aug 15 09:57:08 MDT 2011 

Le lundi 15 août 2011 à 15:11 +0200, Michael Adam a écrit :
> Hi David,
> 
> David Touzeau wrote:
> > Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit :
> > > Hi
> > > 
> > > On 12 August 2011 10:23, David Touzeau <david at touzeau.eu> wrote:
> > > > Dear all
> > > >
> > > > I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
> > > > My Samba is connected to an Active Directory 2008 R2
> > > >
> > > >
> > > > the "getent passwd" did not display any ActiveDirectoy Domains users.
> > > >
> > > > ...
> > > >
> > > > I think there is a misconfiguration in my setup but did not find any
> > > > solution:
> > > > Where i'm wrong ?
> > > >
> > > >
> > > > [global]
> > > >        ...
> > > >        idmap config TOUZEAU:backend = ad
> > > >        idmap config TOUZEAU:readonly = yes
> > > >        idmap config TOUZEAU:schema_mode = rfc2307
> > > >        idmap config * : range = 16777216-33554431
> > > 
> > > The way idmap works was changed with 3.6.0.  I don't know if the above
> > > is wrong, but perhaps it is something to consider.
> > > 
> > > e.g. I don't know if "readonly" is supported.  I've seen mention of
> > > "read only", but not in the idmap_ad code.  But maybe I missed it.
> > > 
> > > Also, the idmap_ad documentation implies that you need something like this:
> > > 
> > >     idmap config * : backend = tdb
> > >     idmap config * : range = 1000000-1999999
> > > 
> > >     idmap config TOUZEAU : backend  = ad
> > >     idmap config TOUZEAU : range = 1000-999999
> > >     idmap config TOUZEAU : schema_mode = rfc2307
> > > 
> > > I am not sure if the above is relevant to you :) but I hope it helps.
> > > 
> > 
> > Many thanks Michael
> > 
> > i have changed values but it has no effect and the issue still alive...
> 
> But the remarks by Michael were correct. You need to give the
> configuration for the ad backend (domain TOUZEAU) a range,
> otherwise it won't work.
> 
> The "readonly" parameter will be ignored for the ad backend.
> (And for those backends that support it, the correct spelling
> is "read only".)
> 
> With the above config changes, you should narrow the source of problems
> down as detailed here:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=8371#c5
> 
> You should then post the level 10 logs of the most specific
> failing command here, so we can debug further.
> 
> Cheers - Michael
> 
> > For anybody here it is some relevant winbindd debug informations 
> > 
> >   Adding 0 DC's from auto lookup
> > [2011/08/12 10:39:31.945022,  5]
> > libads/sitename_cache.c:105(sitename_fetch)
> >   sitename_fetch: Returning sitename for TOUZEAU.HOME:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.945047, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> >   internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> > (sitename Default-First-Site-Name)
> > [2011/08/12 10:39:31.945076,  5] libsmb/namecache.c:165(namecache_fetch)
> >   name WIN-RSF60G6AS1L.touzeau.home#20 found.
> > [2011/08/12 10:39:31.945124,  9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> >   check_negative_conn_cache returning result 0 for domain touzeau.home
> > server 192.168.1.150
> > [2011/08/12 10:39:31.945151, 10]
> > libsmb/namequery.c:1079(remove_duplicate_addrs2)
> >   remove_duplicate_addrs2: looking for duplicate address/port pairs
> > [2011/08/12 10:39:31.945172,  4] libsmb/namequery.c:2601(get_dc_list)
> >   get_dc_list: returning 1 ip addresses in an ordered list
> > [2011/08/12 10:39:31.945193,  4] libsmb/namequery.c:2602(get_dc_list)
> >   get_dc_list: 192.168.1.150:389 
> > [2011/08/12 10:39:31.945216, 10]
> > libads/kerberos.c:825(get_kdc_ip_string)
> >   get_kdc_ip_string: Returning 	kdc = 192.168.1.150
> >   
> > [2011/08/12 10:39:31.945304,  5]
> > libads/kerberos.c:948(create_local_private_krb5_conf_for_domain)
> >   create_local_private_krb5_conf_for_domain: wrote
> > file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME
> > KDC list = 	kdc = 192.168.1.150
> >   
> > [2011/08/12 10:39:31.945347,  4] libsmb/namequery_dc.c:148(ads_dc_name)
> >   ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME'
> > IP=192.168.1.150
> > [2011/08/12 10:39:31.945376,  5]
> > libads/sitename_cache.c:105(sitename_fetch)
> >   sitename_fetch: Returning sitename for touzeau.home:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.945398,  8]
> > libsmb/namequery.c:2652(get_sorted_dc_list)
> >   get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
> > Default-First-Site-Name) using [ads]
> > [2011/08/12 10:39:31.945432,  5] libsmb/namequery.c:194(saf_fetch)
> >   saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
> > domain
> > [2011/08/12 10:39:31.945458,  3] libsmb/namequery.c:2461(get_dc_list)
> >   get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
> > [2011/08/12 10:39:31.945481, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> >   internal_resolve_name: looking up touzeau.home#1c (sitename
> > Default-First-Site-Name)
> > [2011/08/12 10:39:31.945507,  5] libsmb/namecache.c:160(namecache_fetch)
> >   no entry for touzeau.home#1C found.
> > [2011/08/12 10:39:31.945531,  5] libsmb/namequery.c:1869(resolve_ads)
> >   resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
> > [2011/08/12 10:39:31.945890,  3] libads/dns.c:345(dns_send_req)
> >   ads_dns_lookup_srv: Failed to resolve
> > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.touzeau.home
> > (Succès)
> > [2011/08/12 10:39:31.945925,  3] libads/dns.c:415(ads_dns_lookup_srv)
> >   ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> > [2011/08/12 10:39:31.946132,  3] libads/dns.c:345(dns_send_req)
> >   ads_dns_lookup_srv: Failed to resolve
> > _ldap._tcp.dc._msdcs.touzeau.home (Succès)
> > [2011/08/12 10:39:31.946166,  3] libads/dns.c:415(ads_dns_lookup_srv)
> >   ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> > [2011/08/12 10:39:31.946189,  8] libsmb/namequery.c:2482(get_dc_list)
> >   Adding 0 DC's from auto lookup
> > [2011/08/12 10:39:31.946220,  5]
> > libads/sitename_cache.c:105(sitename_fetch)
> >   sitename_fetch: Returning sitename for TOUZEAU.HOME:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.946245, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> >   internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> > (sitename Default-First-Site-Name)
> > [2011/08/12 10:39:31.946274,  5] libsmb/namecache.c:165(namecache_fetch)
> >   name WIN-RSF60G6AS1L.touzeau.home#20 found.
> > [2011/08/12 10:39:31.946323,  9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> >   check_negative_conn_cache returning result 0 for domain touzeau.home
> > server 192.168.1.150
> > [2011/08/12 10:39:31.946351, 10]
> > libsmb/namequery.c:1079(remove_duplicate_addrs2)
> >   remove_duplicate_addrs2: looking for duplicate address/port pairs
> > [2011/08/12 10:39:31.946373,  4] libsmb/namequery.c:2601(get_dc_list)
> >   get_dc_list: returning 1 ip addresses in an ordered list
> > [2011/08/12 10:39:31.946394,  4] libsmb/namequery.c:2602(get_dc_list)
> >   get_dc_list: 192.168.1.150:389 
> > [2011/08/12 10:39:31.946423,  9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> >   check_negative_conn_cache returning result 0 for domain TOUZEAU server
> > 192.168.1.150
> > [2011/08/12 10:39:31.946447,  8]
> > libsmb/namequery.c:2652(get_sorted_dc_list)
> >   get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
> > NULL) using [ads]
> > [2011/08/12 10:39:31.946480,  5] libsmb/namequery.c:194(saf_fetch)
> >   saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
> > domain
> > [2011/08/12 10:39:31.946506,  3] libsmb/namequery.c:2461(get_dc_list)
> >   get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
> > [2011/08/12 10:39:31.946528, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> >   internal_resolve_name: looking up touzeau.home#1c (sitename (null))
> > [2011/08/12 10:39:31.946555,  5] libsmb/namecache.c:160(namecache_fetch)
> >   no entry for touzeau.home#1C found.
> > [2011/08/12 10:39:31.946579,  5] libsmb/namequery.c:1869(resolve_ads)
> >   resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
> > [2011/08/12 10:39:31.946781,  3] libads/dns.c:345(dns_send_req)
> >   ads_dns_lookup_srv: Failed to resolve
> > _ldap._tcp.dc._msdcs.touzeau.home (Succès)
> > [2011/08/12 10:39:31.946815,  3] libads/dns.c:415(ads_dns_lookup_srv)
> >   ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> > [2011/08/12 10:39:31.946916,  8] libsmb/namequery.c:2482(get_dc_list)
> >   Adding 0 DC's from auto lookup
> > [2011/08/12 10:39:31.946948,  5]
> > libads/sitename_cache.c:105(sitename_fetch)
> >   sitename_fetch: Returning sitename for TOUZEAU.HOME:
> > "Default-First-Site-Name"
> > [2011/08/12 10:39:31.946973, 10]
> > libsmb/namequery.c:1975(internal_resolve_name)
> >   internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> > (sitename Default-First-Site-Name)
> > [2011/08/12 10:39:31.947002,  5] libsmb/namecache.c:165(namecache_fetch)
> >   name WIN-RSF60G6AS1L.touzeau.home#20 found.
> > [2011/08/12 10:39:31.947051,  9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> >   check_negative_conn_cache returning result 0 for domain touzeau.home
> > server 192.168.1.150
> > [2011/08/12 10:39:31.947078, 10]
> > libsmb/namequery.c:1079(remove_duplicate_addrs2)
> >   remove_duplicate_addrs2: looking for duplicate address/port pairs
> > [2011/08/12 10:39:31.947100,  4] libsmb/namequery.c:2601(get_dc_list)
> >   get_dc_list: returning 1 ip addresses in an ordered list
> > [2011/08/12 10:39:31.947128,  4] libsmb/namequery.c:2602(get_dc_list)
> >   get_dc_list: 192.168.1.150:389 
> > [2011/08/12 10:39:31.947159,  9]
> > libsmb/conncache.c:150(check_negative_conn_cache)
> >   check_negative_conn_cache returning result 0 for domain TOUZEAU server
> > 192.168.1.150
> > [2011/08/12 10:39:31.947201, 10]
> > lib/messages_local.c:255(messaging_tdb_store)
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba


I recall my last email the command line was not with "\\" but with "/"

so  my DOMAIN is "MAISON" 
i have reinstalled a new one 

wbinfo -n MAISON/Administrateur
S-1-5-21-3790408397-595478388-2982168515-500 SID_USER (1)

wbinfo -s S-1-5-21-3790408397-595478388-2982168515-500
MAISON/Administrateur 1

wbinfo -S S-1-5-21-3790408397-595478388-2982168515-500
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-3790408397-595478388-2982168515-500 to
uid

And the error is the same...

More information about the samba mailing list