[Samba] 3.5.6: Unable to list group from AD and Strange behavior
David Touzeau
david at touzeau.eu
Thu Sep 15 04:45:45 MDT 2011
Dear
I have connected Samba 3.5.6 to an Active Directory server
this active Directory store about 1500 users
Winbind is unable to retrieve users and failed to retrieve group list.
The strange thing is Winbind found 775042106 users when trying to query
groups!!
How can i solve the issue ?
wbinfo --all-domains
BUILTIN
ONESYS-SAMBA
USGPEOPLEFR
ASP
SMARTPEOPLE
USGMCFR
USGPEOPLEAT
USGPEOPLEBE
USGPEOPLECH
USGPEOPLEDE
USGPEOPLEIT
USGPEOPLELU
USGPEOPLEPL
wbinfo --domain-info USGPEOPLEFR
Name : USGPEOPLEFR
Alt_Name : USGPeopleFR.int
SID : S-1-5-21-2550146075-3584545-4036094147
Active Directory : Yes
Native : Yes
Primary : Yes
wbinfo --domain USGPEOPLEFR -u
==> /var/log/samba/log.winbindd <==
[2011/09/13 10:13:10.627159, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 24
[2011/09/13 10:13:10.627242, 10]
winbindd/winbindd.c:620(process_request)
process_request: request fn INTERFACE_VERSION
[2011/09/13 10:13:10.627257, 3]
winbindd/winbindd_misc.c:352(winbindd_interface_version)
[28857]: request interface version
[2011/09/13 10:13:10.627282, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[28857:INTERFACE_VERSION]: deliverd
response to client
[2011/09/13 10:13:10.627352, 10]
winbindd/winbindd.c:620(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2011/09/13 10:13:10.627379, 3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)
[28857]: request location of privileged pipe
[2011/09/13 10:13:10.627415, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[28857:WINBINDD_PRIV_PIPE_DIR]:
deliverd response to client
[2011/09/13 10:13:10.627498, 6]
winbindd/winbindd.c:816(winbind_client_request_read)
closing socket 24, client exited
[2011/09/13 10:13:10.627540, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 24
[2011/09/13 10:13:10.627574, 10]
winbindd/winbindd.c:593(process_request)
process_request: Handling async request 28857:LIST_USERS
[2011/09/13 10:13:10.627590, 3]
winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
list_users USGPEOPLEFR
[2011/09/13 10:13:10.627620, 10]
winbindd/winbindd_cache.c:4674(wcache_fetch_ndr)
Entry has wrong sequence number: 33481252
[2011/09/13 10:13:10.627657, 10]
winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
Domain USGPEOPLEFR returned 774910266 users
[2011/09/13 10:13:10.627670, 10]
winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
List_users for domain USGPEOPLEFR failed
[2011/09/13 10:13:10.627682, 10]
winbindd/winbindd.c:655(wb_request_done)
wb_request_done[28857:LIST_USERS]: NT_STATUS_OK
[2011/09/13 10:13:10.627708, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[28857:LIST_USERS]: deliverd response
to client
[2011/09/13 10:13:10.627778, 6]
winbindd/winbindd.c:816(winbind_client_request_read)
closing socket 24, client exited
wbinfo --domain USGPEOPLEFR -g
==> /var/log/samba/log.winbindd <==
[2011/09/13 10:19:42.555210, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 24
[2011/09/13 10:19:42.555294, 10]
winbindd/winbindd.c:620(process_request)
process_request: request fn INTERFACE_VERSION
[2011/09/13 10:19:42.555310, 3]
winbindd/winbindd_misc.c:352(winbindd_interface_version)
[ 1915]: request interface version
[2011/09/13 10:19:42.555340, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[1915:INTERFACE_VERSION]: deliverd
response to client
[2011/09/13 10:19:42.555416, 10]
winbindd/winbindd.c:620(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2011/09/13 10:19:42.555443, 3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)
[ 1915]: request location of privileged pipe
[2011/09/13 10:19:42.555484, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[1915:WINBINDD_PRIV_PIPE_DIR]: deliverd
response to client
[2011/09/13 10:19:42.555573, 6]
winbindd/winbindd.c:816(winbind_client_request_read)
closing socket 24, client exited
[2011/09/13 10:19:42.555616, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 24
[2011/09/13 10:19:42.555651, 10]
winbindd/winbindd.c:593(process_request)
process_request: Handling async request 1915:LIST_GROUPS
[2011/09/13 10:19:42.555667, 3]
winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
list_groups USGPEOPLEFR
[2011/09/13 10:19:42.555729, 10]
winbindd/winbindd_cache.c:4674(wcache_fetch_ndr)
Entry has wrong sequence number: 33477448
[2011/09/13 10:19:42.555762, 10]
winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done)
**** strange ???
Domain USGPEOPLEFR returned 775042106 users
[2011/09/13 10:19:42.555776, 10]
winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done)
*** failed !
list_groups for domain USGPEOPLEFR failed
[2011/09/13 10:19:42.555789, 10]
winbindd/winbindd.c:655(wb_request_done)
wb_request_done[1915:LIST_GROUPS]: NT_STATUS_OK
[2011/09/13 10:19:42.555814, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[1915:LIST_GROUPS]: deliverd response
to client
[2011/09/13 10:19:42.555884, 6]
winbindd/winbindd.c:816(winbind_client_request_read)
closing socket 24, client exited
smb.conf :
[global]
workgroup = USGPEOPLEFR
netbios name = onesys-samba
server string = %h server
disable netbios =no
strict allocate = No
strict locking = Auto
sync always = No
getwd cache = Yes
max protocol = NT1
name resolve order =host lmhosts wins bcast
dns proxy = No
wins support = Yes
wins hook = /usr/bin/php5 /usr/share/artica-postfix/exec.samba.wins.php
min protocol = NT1
remote announce = 10.7.61.255/USGPEOPLEFR
syslog = 3
log level = 10
log file = /var/log/samba/log.%m
debug timestamp = yes
# Enable symbolics links -----------------------------------
follow symlinks = yes
wide links = yes
unix extensions = no
usershare allow guests = no
usershare max shares = 100
usershare owner only = true
usershare path=/var/lib/samba/usershares/data
#Guest access
guest account = nobody
map to guest = Bad Password
template homedir = /home/%U
template shell = /bin/false
enable privileges = yes
os level = 40
ldap passwd sync = no
#WINBINDD *******************************************************
security = ADS
realm = USGPEOPLEFR.INT
idmap config USGPEOPLEFR:backend = rid
idmap config USGPEOPLEFR:read only= yes
idmap config USGPEOPLEFR:range = 100000 - 199999
idmap config USGPEOPLEFR:base_rid = 0
idmap gid = 70000 - 99999
idmap uid = 70000 - 99999
encrypt passwords = Yes
client ntlmv2 auth = Yes
client lanman auth = No
winbind normalize names = Yes
winbind separator = /
winbind use default domain = No
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307
winbind reconnect delay = 30
winbind offline logon = true
winbind cache time = 1800
winbind refresh tickets = true
kerberos method = system keytab
allow trusted domains = Yes
server signing = auto
client signing = auto
lm announce = No
ntlm auth = No
lanman auth = No
preferred master = No
printing = bsd
# VISTA/Windows7 compatibility
# ACLs settings
nt acl support=yes
map acl inherit=yes
acl check permissions=yes
inherit permissions=no
inherit acls=yes
acl map full control=yes
dos filemode=yes
force unknown acl user = no
# LDAP settings -----------------------------------
ldap delete dn = no
passdb backend = ldapsam:ldap://127.0.0.1:389
#scripts -----------------------------------
add machine script = /usr/share/artica-postfix/bin/artica-install
--samba-add-computer "%u"
ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int
ldap suffix = dc=usgpeoplefr,dc=int
ldap group suffix = dc=organizations
ldap user suffix = dc=organizations
ldap machine suffix = ou=Computer,dc=samba,dc=organizations
ldap delete dn = yes
ldap ssl = off
ldap idmap suffix =
ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list