[Samba] Failing identification of users in trusted domains?

NdK ndk.clanbo at gmail.com
Wed Nov 30 00:54:17 MST 2011 

Hi all.

I'm getting mad at this.
I use winbind to authenticate users in multiple domains from AD. The
config worked well, before upgrading from 3.5.3 to 3.5.10 in Mandriva.

Now, if I 'winbind -i user.name' (so using the joined domain PERSONALE)
I get the correct info, but if I do a 'winbind -i
STUDENTI\\another.name' the answer is a 'Could not get info for user
STUDENTI\another.name'...

On other machines, the same config works well.
I already tried uninstalling samba (both -winbind and -common), removing
/etc/samba, /var/cache/samba and /var/lib/samba then reinstalling after
copying /etc/samba/smb.conf from a working machine and rejoining.

Doing a tail -f /var/log/samba/* I could see the following:
[2011/11/28 11:43:51.053242, 10]
winbindd/winbindd_cache.c:536(refresh_sequence_number)
  refresh_sequence_number: PERSONALE time ok
[2011/11/28 11:43:51.053578, 10]
winbindd/winbindd_cache.c:581(refresh_sequence_number)
  refresh_sequence_number: PERSONALE seq number is now 343528996
[2011/11/28 11:43:51.053681, 10]
winbindd/winbindd_cache.c:913(wcache_save_name_to_sid)
  wcache_save_name_to_sid: STUDENTI\DIEGO.ZUCCATO2 ->
S-1-5-21-790525478-1035525444-682003330-86279 (NT_STATUS_OK)
[2011/11/28 11:43:51.053756, 10]
winbindd/winbindd_cache.c:935(wcache_save_sid_to_name)
  wcache_save_sid_to_name: S-1-5-21-790525478-1035525444-682003330-86279
-> diego.zuccato2 (NT_STATUS_OK)
[2011/11/28 11:43:51.053805,  1]
../librpc/ndr/ndr.c:251(ndr_print_function_debug)
       wbint_LookupName: struct wbint_LookupName
          out: struct wbint_LookupName
              type                     : *
                  type                     : SID_NAME_USER (1)
              sid                      : *
                  sid                      :
S-1-5-21-790525478-1035525444-682003330-86279
              result                   : NT_STATUS_OK
[2011/11/28 11:43:51.053997,  4]
winbindd/winbindd_dual.c:1532(fork_domain_child)
  Finished processing child request 63
[2011/11/28 11:43:51.054045, 10]
winbindd/winbindd_dual.c:1548(fork_domain_child)
  Writing 3532 bytes to parent
[2011/11/28 11:43:51.054113, 10] lib/events.c:183(get_timed_events_timeout)

==> log.winbindd <==
[2011/11/28 11:43:51.054550,  5]
winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv)
  Could not convert sid S-1-5-21-790525478-1035525444-682003330-86279:
NT_STATUS_UNSUCCESSFUL
[2011/11/28 11:43:51.054670, 10] winbindd/winbindd.c:655(wb_request_done)
  wb_request_done[17597:GETPWNAM]: NT_STATUS_UNSUCCESSFUL


It seems my account in STUDENTI gets written to cache, but then winbind
doesn't read it back ???? And why is the name all upper case when I
wrote it lower case?

Any hints?

Tks!

BYtE,
 Diego.

More information about the samba mailing list