[Samba] Domain member seems to work, wbinfo -u not

Oktay Akbal oktay.akbal at abwesend.de
Fri Apr 15 08:55:32 UTC 2016


Hello everyone,
 
any ideas on why a newly installed domain member (w2k8 domain) might seem to work fine in every test (wbinfo -g, wbinfo -t, getent group, wbinfo -n username, getent passwd user, share-access.., ) but only enumeration of users with wbinfo -u and getent passwd fail?
wbinfo -u just returns without any output and getent passwd just shows the default centos7 users.
 
Even with debugging the only strange thing might be that the log.wb-DOMAIN seems to state an immediate (!!!) timeout on wbinfo -u
 

[2016/04/14 12:17:26.558350,  3, pid=2873, effective(0, 0), real(0, 0)] ../lib/krb5_wrap/krb5_samba.c:2502(kerberos_get_principal_from_service_hostname)
  kerberos_get_principal_from_service_hostname: cannot get realm from, desthost host.domain.de or default ccache. Using default smb.conf realm DOMAIN.DE
[2016/04/14 12:17:26.591090,  3, pid=2873, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args)
  ads_do_paged_search_args: ldap_search_with_timeout((objectCategory=user)) -> Time limit exceeded
[2016/04/14 12:17:26.591143,  1, pid=2873, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:135(ads_do_search_retry_internal)
  ads reopen failed after error Time limit exceeded
[2016/04/14 12:17:26.591154,  1, pid=2873, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:319(query_user_list)
  query_user_list ads_search: Time limit exceeded
[2016/04/14 12:17:26.591165,  3, pid=2873, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1519(query_user_list)
  query_user_list: returned 0xc00000b5, retrying
 
wbinfo -g  instead shows
 

[2016/04/14 12:19:10.877696,  3, pid=2873, effective(0, 0), real(0, 0)] ../lib/krb5_wrap/krb5_samba.c:2502(kerberos_get_principal_from_service_hostname)
  kerberos_get_principal_from_service_hostname: cannot get realm from, desthost host.domain.de or default ccache. Using default smb.conf realm DOMAIN.DE
[2016/04/14 12:19:10.883354,  5, pid=2873, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
  Search for (&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1)))) in <dc=DOMAIN,dc=DE> gave 31 replies
 
There are only about 100 users, latest samba 4.2.10-rpm from centos7.
winbind enum users is set to yes.
 
Thanks for help



More information about the samba mailing list