[Samba] Winbind AD nested group issues
Lars Maes
l.maes at mosadex.nl
Tue Jun 26 04:36:28 MDT 2012
Dear fellow samba users,
I have a weird issue. I’ve installed winbind 3.6.5 from the debian backports archive and joined is to an AD.
Wbinfo –u is ginving me all domain users.
Wbinfo –r is giving me the groups a user is members of but here comes the weird thing. Of some users it gives all Groups including nestedm but some are only returning 1 group.
Hereby some info from winbindd.log debug level 10:
[2012/06/25 14:53:03.203496, 6] winbindd/winbindd.c:792(new_connection)
accepted socket 25
[2012/06/25 14:53:03.203726, 10] winbindd/winbindd.c:642(process_request)
process_request: request fn INTERFACE_VERSION
[2012/06/25 14:53:03.203830, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version)
[13843]: request interface version
[2012/06/25 14:53:03.203931, 10] winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[13843:INTERFACE_VERSION]: delivered response to client
[2012/06/25 14:53:03.204102, 10] winbindd/winbindd.c:642(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2012/06/25 14:53:03.204181, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
[13843]: request location of privileged pipe
[2012/06/25 14:53:03.204287, 10] winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[13843:WINBINDD_PRIV_PIPE_DIR]: delivered response to client
[2012/06/25 14:53:03.204470, 6] winbindd/winbindd.c:792(new_connection)
accepted socket 32
[2012/06/25 14:53:03.204606, 6] winbindd/winbindd.c:840(winbind_client_request_read)
closing socket 25, client exited
[2012/06/25 14:53:03.204760, 10] winbindd/winbindd.c:615(process_request)
process_request: Handling async request 13843:GETGROUPS
[2012/06/25 14:53:03.204845, 3] winbindd/winbindd_getgroups.c:61(winbindd_getgroups_send)
getgroups lars
[2012/06/25 14:53:03.204928, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'SKYNET'
name : *
name : 'LARS'
flags : 0x00000008 (8)
[2012/06/25 14:53:03.205243, 10] winbindd/winbindd_cache.c:4894(wcache_fetch_ndr)
Entry has wrong sequence number: 131268
[2012/06/25 14:53:03.213909, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_USER (1)
sid : *
sid : S-1-5-21-3711188520-3956494374-1303323322-1125
result : NT_STATUS_OK
[2012/06/25 14:53:03.214189, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserGroups: struct wbint_LookupUserGroups
in: struct wbint_LookupUserGroups
sid : *
sid : S-1-5-21-3711188520-3956494374-1303323322-1125
[2012/06/25 14:53:03.214387, 10] winbindd/winbindd_cache.c:4894(wcache_fetch_ndr)
Entry has wrong sequence number: 131268
[2012/06/25 14:53:03.221577, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserGroups: struct wbint_LookupUserGroups
out: struct wbint_LookupUserGroups
sids : *
sids: struct wbint_SidArray
num_sids : 0x00000001 (1)
sids: ARRAY(1)
sids : S-1-5-21-3711188520-3956494374-1303323322-513
result : NT_STATUS_OK
[2012/06/25 14:53:03.221888, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
in: struct wbint_LookupUserAliases
sids : *
sids: struct wbint_SidArray
num_sids : 0x00000002 (2)
sids: ARRAY(2)
sids : S-1-5-21-3711188520-3956494374-1303323322-1125
sids : S-1-5-21-3711188520-3956494374-1303323322-513
[2012/06/25 14:53:03.234275, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
out: struct wbint_LookupUserAliases
rids : *
rids: struct wbint_RidArray
num_rids : 0x00000000 (0)
rids: ARRAY(0)
result : NT_STATUS_OK
[2012/06/25 14:53:03.234549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
in: struct wbint_LookupUserAliases
sids : *
sids: struct wbint_SidArray
num_sids : 0x00000002 (2)
sids: ARRAY(2)
sids : S-1-5-21-3711188520-3956494374-1303323322-1125
sids : S-1-5-21-3711188520-3956494374-1303323322-513
[2012/06/25 14:53:03.247027, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
out: struct wbint_LookupUserAliases
rids : *
rids: struct wbint_RidArray
num_rids : 0x00000000 (0)
rids: ARRAY(0)
result : NT_STATUS_OK
[2012/06/25 14:53:03.247319, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
idmap_cache_find_sid2gid found 1000513
[2012/06/25 14:53:03.247403, 10] winbindd/winbindd.c:677(wb_request_done)
wb_request_done[13843:GETGROUPS]: NT_STATUS_OK
[2012/06/25 14:53:03.247521, 10] winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[13843:GETGROUPS]: delivered response to client
[2012/06/25 14:53:03.248859, 6] winbindd/winbindd.c:840(winbind_client_request_read)
closing socket 32, client exited
[2012/06/25 14:53:34.606708, 6] winbindd/winbindd.c:792(new_connection)
accepted socket 25
[2012/06/25 14:53:34.606961, 10] winbindd/winbindd.c:642(process_request)
process_request: request fn INTERFACE_VERSION
[2012/06/25 14:53:34.607044, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version)
[13845]: request interface version
[2012/06/25 14:53:34.607143, 10] winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[13845:INTERFACE_VERSION]: delivered response to client
[2012/06/25 14:53:34.607314, 10] winbindd/winbindd.c:642(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2012/06/25 14:53:34.607393, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
[13845]: request location of privileged pipe
[2012/06/25 14:53:34.607504, 10] winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[13845:WINBINDD_PRIV_PIPE_DIR]: delivered response to client
[2012/06/25 14:53:34.607996, 6] winbindd/winbindd.c:792(new_connection)
accepted socket 32
[2012/06/25 14:53:34.608133, 6] winbindd/winbindd.c:840(winbind_client_request_read)
closing socket 25, client exited
[2012/06/25 14:53:34.608292, 10] winbindd/winbindd.c:615(process_request)
process_request: Handling async request 13845:GETGROUPS
[2012/06/25 14:53:34.608374, 3] winbindd/winbindd_getgroups.c:61(winbindd_getgroups_send)
getgroups marco
[2012/06/25 14:53:34.608459, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'SKYNET'
name : *
name : 'MARCO'
flags : 0x00000008 (8)
[2012/06/25 14:53:34.608760, 10] winbindd/winbindd_cache.c:4894(wcache_fetch_ndr)
Entry has wrong sequence number: 131268
[2012/06/25 14:53:34.617857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_USER (1)
sid : *
sid : S-1-5-21-3711188520-3956494374-1303323322-1108
result : NT_STATUS_OK
[2012/06/25 14:53:34.618139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserGroups: struct wbint_LookupUserGroups
in: struct wbint_LookupUserGroups
sid : *
sid : S-1-5-21-3711188520-3956494374-1303323322-1108
[2012/06/25 14:53:34.618332, 10] winbindd/winbindd_cache.c:4894(wcache_fetch_ndr)
Entry has wrong sequence number: 131268
[2012/06/25 14:53:34.626107, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserGroups: struct wbint_LookupUserGroups
out: struct wbint_LookupUserGroups
sids : *
sids: struct wbint_SidArray
num_sids : 0x00000005 (5)
sids: ARRAY(5)
sids : S-1-5-21-3711188520-3956494374-1303323322-513
sids : S-1-5-21-3711188520-3956494374-1303323322-1509
sids : S-1-5-21-3711188520-3956494374-1303323322-1119
sids : S-1-5-21-3711188520-3956494374-1303323322-1510
sids : S-1-5-21-3711188520-3956494374-1303323322-1136
result : NT_STATUS_OK
[2012/06/25 14:53:34.626573, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
in: struct wbint_LookupUserAliases
sids : *
sids: struct wbint_SidArray
num_sids : 0x00000006 (6)
sids: ARRAY(6)
sids : S-1-5-21-3711188520-3956494374-1303323322-1108
sids : S-1-5-21-3711188520-3956494374-1303323322-513
sids : S-1-5-21-3711188520-3956494374-1303323322-1509
sids : S-1-5-21-3711188520-3956494374-1303323322-1119
sids : S-1-5-21-3711188520-3956494374-1303323322-1510
sids : S-1-5-21-3711188520-3956494374-1303323322-1136
[2012/06/25 14:53:34.634512, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
out: struct wbint_LookupUserAliases
rids : *
rids: struct wbint_RidArray
num_rids : 0x00000000 (0)
rids: ARRAY(0)
result : NT_STATUS_OK
[2012/06/25 14:53:34.634787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
in: struct wbint_LookupUserAliases
sids : *
sids: struct wbint_SidArray
num_sids : 0x00000006 (6)
sids: ARRAY(6)
sids : S-1-5-21-3711188520-3956494374-1303323322-1108
sids : S-1-5-21-3711188520-3956494374-1303323322-513
sids : S-1-5-21-3711188520-3956494374-1303323322-1509
sids : S-1-5-21-3711188520-3956494374-1303323322-1119
sids : S-1-5-21-3711188520-3956494374-1303323322-1510
sids : S-1-5-21-3711188520-3956494374-1303323322-1136
[2012/06/25 14:53:34.642731, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_LookupUserAliases: struct wbint_LookupUserAliases
out: struct wbint_LookupUserAliases
rids : *
rids: struct wbint_RidArray
num_rids : 0x00000000 (0)
rids: ARRAY(0)
result : NT_STATUS_OK
[2012/06/25 14:53:34.643024, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
idmap_cache_find_sid2gid found 1000513
[2012/06/25 14:53:34.643122, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
idmap_cache_find_sid2gid found 1001509
[2012/06/25 14:53:34.643216, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
idmap_cache_find_sid2gid found 1001119
[2012/06/25 14:53:34.643310, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
idmap_cache_find_sid2gid found 1001510
[2012/06/25 14:53:34.643403, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
idmap_cache_find_sid2gid found 1001136
[2012/06/25 14:53:34.643483, 10] winbindd/winbindd.c:677(wb_request_done)
wb_request_done[13845:GETGROUPS]: NT_STATUS_OK
[2012/06/25 14:53:34.643581, 10] winbindd/winbindd.c:738(winbind_client_response_written)
winbind_client_response_written[13845:GETGROUPS]: delivered response to client
[2012/06/25 14:53:34.644778, 6] winbindd/winbindd.c:840(winbind_client_request_read)
closing socket 32, client exited
these are 2 lookups of users that are in the same Group.
Can anyone help me with this?
Met vriendelijke groet,
Lars Maes
Systeembeheer
T: 046-4203929
F: 046-4583267
logo_handtekening
Business Park Stein 414
6181MD Elsloo
Postbus 518
6180AA Elsloo
T: 046-4203900
F: 046-4583083
More information about the samba
mailing list