[Samba] wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
Adam Tauno Williams
awilliam at whitemice.org
Wed Apr 15 14:26:37 MDT 2015
Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>>>> It should work, it sounds like a mis-configuration somewhere, can you
>>>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and
>>>> /etc/krb5.conf from the member server.
>>> "wbinfo -u" lists 415 lines
>>> "getent passwd" returns 93 lines
>>> A host configured to use nslcd and LDAP directory returns 560 lines for
>>> "getent passwd".
>>> Samba on client is sernet-samba-4.1.17-11.el6.x86_64, AD DCs are all
>>> sernet-samba-4.0.21-7.el6.x86_64
>>> [root at barbel profiles]# wbinfo -i cleslie
>>> failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE
>> Is this the smb.conf from the AD DC or the member server ?
>> If it is the later, you don't need this : idmap_ldb:use rfc2307 = yes
>> It should only be on the DC.
>
> Removed that, it has no effect.
>
> [root at test123 ~]# wbinfo -i steve
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user steve
> [root at test123 ~]# id steve
> id: steve: No such user
> [root at test123 ~]# wbinfo -u | grep steve
> steve
Here is a debug level 10 from winbind when making the wbinfo -i request
2015/04/15 16:22:19.609439, 5, pid=9576, effective(0, 0), real(0, 0)]
../source3/libads/ldap.c:270(ads_try_connect)
ads_try_connect: sending CLDAP request to 192.168.1.79 (realm: micore.us)
[2015/04/15 16:22:19.613245, 1, pid=9576, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:296(ndr_print_debug)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000003fc (1020)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
0: NBT_SERVER_FULL_SECRET_DOMAIN_6
0: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : abebb63d-5fea-41fa-a061-36136b10964f
forest : 'micore.us'
dns_domain : 'micore.us'
pdc_dns_name : 'larkin28.micore.us'
domain_name : 'BACKBONE'
pdc_name : 'LARKIN28'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
[2015/04/15 16:22:19.614906, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/sitename_cache.c:70(sitename_store)
sitename_store: realm = [BACKBONE], sitename =
[Default-First-Site-Name], expire = [2085923199]
[2015/04/15 16:22:19.615117, 10, pid=9576, effective(0, 0), real(0,
0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob)
Did not store value for AD_SITENAME/DOMAIN/BACKBONE, we already got it
[2015/04/15 16:22:19.615196, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/sitename_cache.c:70(sitename_store)
sitename_store: realm = [micore.us], sitename =
[Default-First-Site-Name], expire = [2085923199]
[2015/04/15 16:22:19.615275, 10, pid=9576, effective(0, 0), real(0,
0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob)
Did not store value for AD_SITENAME/DOMAIN/MICORE.US, we already got it
[2015/04/15 16:22:19.615373, 3, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap.c:680(ads_connect)
Successfully contacted LDAP server 192.168.1.79
[2015/04/15 16:22:19.615457, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap.c:70(ldap_open_with_timeout)
Opening connection to LDAP server 'larkin28.micore.us:389', timeout
15 seconds
[2015/04/15 16:22:19.616733, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap.c:118(ldap_open_with_timeout)
Connected to LDAP server 'larkin28.micore.us:389'
[2015/04/15 16:22:19.616830, 3, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap.c:723(ads_connect)
Connected to LDAP server larkin28.micore.us
[2015/04/15 16:22:19.616903, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap.c:222(ads_closest_dc)
ads_closest_dc: NBT_SERVER_CLOSEST flag set
[2015/04/15 16:22:19.617083, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libsmb/namequery.c:86(saf_store)
saf_store: domain = [BACKBONE], server = [larkin28.micore.us],
expire = [1429130239]
[2015/04/15 16:22:19.617169, 10, pid=9576, effective(0, 0), real(0,
0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob)
Did not store value for SAF/DOMAIN/BACKBONE, we already got it
[2015/04/15 16:22:19.617268, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libsmb/namequery.c:86(saf_store)
saf_store: domain = [micore.us], server = [larkin28.micore.us],
expire = [1429130239]
[2015/04/15 16:22:19.617377, 10, pid=9576, effective(0, 0), real(0,
0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob)
Did not store value for SAF/DOMAIN/MICORE.US, we already got it
[2015/04/15 16:22:19.623553, 4, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap.c:3002(ads_current_time)
KDC time offset is 0 seconds
[2015/04/15 16:22:19.624101, 4, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/sasl.c:1312(ads_sasl_bind)
Found SASL mechanism GSS-SPNEGO
[2015/04/15 16:22:19.625174, 3, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/sasl.c:963(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2015/04/15 16:22:19.625274, 3, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/sasl.c:963(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2015/04/15 16:22:19.625345, 3, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/sasl.c:963(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2015/04/15 16:22:19.625415, 3, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/sasl.c:972(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178 at please_ignore
[2015/04/15 16:22:19.625600, 3, pid=9576, effective(0, 0), real(0,
0)] ../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
expiration Thu, 16 Apr 2015 02:22:19 EDT
[2015/04/15 16:22:19.625695, 10, pid=9576, effective(0, 0), real(0,
0)] ../lib/krb5_wrap/krb5_samba.c:533(ads_krb5_mk_req)
ads_krb5_mk_req: Ticket (ldap/larkin28.micore.us at MICORE.US) in
ccache (MEMORY:winbind_ccache) is valid until: (Thu, 16 Apr 2015
02:22:19 EDT - 1429165339)
[2015/04/15 16:22:19.625841, 10, pid=9576, effective(0, 0), real(0,
0)] ../lib/krb5_wrap/krb5_samba.c:776(get_krb5_smb_session_key)
Got KRB5 session key of length 16
[2015/04/15 16:22:19.633477, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap_schema.c:231(ads_check_posix_schema_mapping)
ads_check_posix_schema_mapping for schema mode: 3
[2015/04/15 16:22:19.725986, 5, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
Search for
(|(attributeId=1.3.6.1.1.1.1.0)(attributeId=1.3.6.1.1.1.1.1)(attributeId=1.3.6.1.1.1.1.3)(attributeId=1.3.6.1.1.1.1.4)(attributeId=1.3.6.1.1.1.1.2)(attributeId=0.9.2342.19200300.100.1.1)) in <CN=Schema,CN=Configuration,DC=micore,DC=us> gave 6
replies
OID 1.3.6.1.1.1.1.0 has name: uidNumber
OID 1.3.6.1.1.1.1.1 has name: gidNumber
OID 0.9.2342.19200300.100.1.1 has name: uid
OID 1.3.6.1.1.1.1.3 has name: unixHomeDirectory
OID 1.3.6.1.1.1.1.2 has name: gecos
OID 1.3.6.1.1.1.1.4 has name: loginShell
[2015/04/15 16:22:19.870445, 5, pid=9576, effective(0, 0), real(0,
0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
Search for (uid=steve) in <dc=MICORE,dc=US> gave 0 replies
[2015/04/15 16:22:19.870701, 5, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_cache.c:1272(resolve_alias_to_username)
resolve_alias_to_username: backend query returned
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2015/04/15 16:22:19.871341, 1, pid=9576, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'BACKBONE'
name : *
name : 'STEVE'
flags : 0x00000008 (8)
[2015/04/15 16:22:19.918433, 1, pid=9576, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_USER (1)
sid : *
sid :
S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406
result : NT_STATUS_OK
[2015/04/15 16:22:19.918869, 1, pid=9576, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
wbint_QueryUser: struct wbint_QueryUser
in: struct wbint_QueryUser
sid : *
sid :
S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406
[2015/04/15 16:22:20.124117, 1, pid=9576, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
wbint_QueryUser: struct wbint_QueryUser
out: struct wbint_QueryUser
info : *
info: struct wbint_userinfo
acct_name : *
acct_name : 'steve'
full_name : *
full_name : 'steve'
homedir : *
homedir : '/home/steve'
shell : *
shell : '/bin/ksh'
primary_gid : 0x00000000000000e6 (230)
user_sid :
S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406
group_sid :
S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513
result : NT_STATUS_OK
[2015/04/15 16:22:20.124742, 10, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
SID 0: S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406
[2015/04/15 16:22:20.124897, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406]:
value=[203:U]
[2015/04/15 16:22:20.125024, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406]:
id=[203], endptr=[:U]
[2015/04/15 16:22:20.125185, 10, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_util.c:791(find_lookup_domain_from_sid)
find_lookup_domain_from_sid(S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513)
[2015/04/15 16:22:20.125326, 10, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_util.c:801(find_lookup_domain_from_sid)
calling find_our_domain
[2015/04/15 16:22:20.125420, 1, pid=9576, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
in: struct wbint_LookupSid
sid : *
sid :
S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513
[2015/04/15 16:22:20.139329, 1, pid=9576, effective(0, 0), real(0,
0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
out: struct wbint_LookupSid
type : *
type : SID_NAME_DOM_GRP (2)
domain : *
domain : *
domain : 'BACKBONE'
name : *
name : *
name : 'Domain_Users'
result : NT_STATUS_OK
[2015/04/15 16:22:20.139720, 10, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
SID 0: S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513
[2015/04/15 16:22:20.139826, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513]:
value=[-1:N]
[2015/04/15 16:22:20.139900, 10, pid=9576, effective(0, 0), real(0,
0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-513]:
id=[4294967295], endptr=[:N]
[2015/04/15 16:22:20.140053, 5, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
Could not convert sid
S-1-5-21-***REPLACE-DDOMAINSID-WITHTHIS*-1406: NT_STATUS_NONE_MAPPED
[2015/04/15 16:22:20.140166, 10, pid=9576, effective(0, 0), real(0,
0), class=winbind] ../source3/winbindd/winbindd.c:755(wb_request_done)
wb_request_done[9584:GETPWNAM]: NT_STATUS_NONE_MAPPED
[2015/04/15 16:22:20.142258, 10, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:816(winbind_client_response_written)
winbind_client_response_written[9584:GETPWNAM]: delivered response to client
[2015/04/15 16:22:20.142450, 6, pid=9576, effective(0, 0), real(0,
0), class=winbind]
../source3/winbindd/winbindd.c:918(winbind_client_request_read)
More information about the samba
mailing list