[Samba] Samba4 migration issues (wbinfo errors and UPNs)

Ryan Bair ryandbair at gmail.com
Tue Jul 16 11:04:13 MDT 2013 

I migrated over a Samba 3/LDAP domain to Samba 4 in a test environment.
After a few bumps due to not having all my machine accounts as
posixAccounts and clashing user/group names, the migration went relatively
smoothly. Great work, Samba team!

I have a few standing issues that I haven't been able to shake out:

1. wbinfo returns various errors when run on the DC.

wbinfo -D MYDOMAIN returns a SID of S-1-2-3-4. Typing gibberish for the
domain name yields the same results.

wbinfo --dc-info= returns "Could not find dc info example.com". Using the
short name doesn't work either.

wbinfo -u/-g does work. As does getent passwd/group for domain users.

The `net` command generally works for the equivalent queries however. For
instance `net ads info` returns the correct information.

Running wbinfo queries from a member server DOES seem to always work.


2. UPNs don't work on the DC (wbinfo -i, getent, pam, etc). wbinfo -i
user at domain fails with:

failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user user at example.com

UPNs do work on Samba 4 members however.

I did spotted this interesting bit in the log:
[2013/07/16 12:37:05.642113,  6, pid=6033, effective(0, 0), real(0, 0)]
../lib/u
til/util_ldb.c:60(gendb_search_v)
  gendb_search_v: DC=ad,DC=tsasinc,DC=com (&(sAMAccountName=
rbair at example.com
)(objectSid=*)) -> 0
[2013/07/16 12:37:05.642192,  1, pid=6033, effective(0, 0), real(0, 0)]
../librp
c/ndr/ndr.c:282(ndr_print_function_debug)
       lsa_LookupNames: struct lsa_LookupNames
          out: struct lsa_LookupNames
              domains                  : *
                  domains                  : *
                      domains: struct lsa_RefDomainList
                          count                    : 0x00000000 (0)
                          domains                  : NULL
                          max_size                 : 0x00000000 (0)
              sids                     : *
                  sids: struct lsa_TransSidArray
                      count                    : 0x00000001 (1)
                      sids                     : *
                          sids: ARRAY(1)
                              sids: struct lsa_TranslatedSid
                                  sid_type                 :
SID_NAME_UNKNOWN (8
)
                                  rid                      : 0x00000000 (0)
                                  sid_index                : 0xffffffff
(4294967
295)
              count                    : *
                  count                    : 0x00000000 (0)
              result                   : NT_STATUS_NONE_MAPPED


That message only comes up when running wbinfo -i on the server, not on a
member. It feels a little off that its searching for the UPN in
sAMAccountName.

I'm using the sernet 4.0.7-4 packages on Centos 6.4 64bit, no Samba 3
binaries in sight. Samba logs all look clean. DNS, LDAP and Kerberos all
works as expected. I have a feeling that both issues have a common cause,
but have been unable to find it.

Any ideas on either of these issues?

Thanks

More information about the samba mailing list