[Samba] wbinfo fails: Error looking up domain users

Rowland Penny rowlandpenny at googlemail.com
Thu Jun 18 02:05:12 MDT 2015


On 18/06/15 07:14, Marc Rechté wrote:
> Thanks Rowland,
>
> I am trying to setup an AD member server. I followed the wiki 
> (https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server). I 
> am on Fedora 21.
>
> The domain join succeeded
>
> But wbinfo fails:
>
> $ wbinfo -u
> Error looking up domain users
>
> I tried to increase windbind log verbosity to 10, but I can see no 
> trace when issuing wbinfo:
> /etc/smb.conf
>        log level = winbind:10
>
>
> Here are some more details:
> ***************************
>
> # net ads testjoin
> Join is OK
>
> # wbinfo -u
> Error looking up domain users
>
> $ rpm -q samba-winbind
> samba-winbind-4.1.17-1.fc21.x86_64
>
> $ cat /etc/hosts
> 127.0.0.1        localhost.localdomain localhost
> ::1        localhost6.localdomain6 localhost6
> 192.168.0.84    linuxmr.studelec-sa.com linuxmr
>
> /etc/samba/smb.conf is here:  http://pastebin.com/gAk6nX0x
>
> $ cat /etc/resolv.conf
> search studelec-sa.com
> nameserver 192.168.0.250
>
> $ cat /etc/krb5.conf (ALTHOUGH THE WIKI DOES STATE ANY CONFIGURATION 
> IS REQUIRED IN THAT FILE)
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>  dns_lookup_realm = false
>  ticket_lifetime = 24h
>  renew_lifetime = 7d
>  forwardable = true
>  rdns = false
> # default_realm = EXAMPLE.COM
>  # Utile ou pas ?
>  default_realm = STUDELEC-SA.COM
>  dns_lookup_kdc = true
>  default_ccache_name = KEYRING:persistent:%{uid}
>
> [realms]
> # EXAMPLE.COM = {
> #  kdc = kerberos.example.com
> #  admin_server = kerberos.example.com
> # }
>
> [domain_realm]
> # .example.com = EXAMPLE.COM
> # example.com = EXAMPLE.COM

OK, there doesn't seem to much wrong with your smb.conf, only thing I 
would change, remove this line:

server role = member server

My /etc/krb5.conf is just this:

[libdefaults]
      default_realm = EXAMPLE.COM
      dns_lookup_realm = false
      dns_lookup_kdc = true

But yours has those lines in it.

So, we fall back to what is usually the problem on redhat when something 
doesn't work, Selinux. Try disabling this and see if this works, failing 
that, is the firewall running ? if it is, try turning it off.

Rowland


More information about the samba mailing list