[Samba] Domain member seems to work, wbinfo -u not

Rowland penny rpenny at samba.org
Fri Apr 15 09:17:29 UTC 2016 

On 15/04/16 09:55, Oktay Akbal wrote:
> Hello everyone,
>   
> any ideas on why a newly installed domain member (w2k8 domain) might seem to work fine in every test (wbinfo -g, wbinfo -t, getent group, wbinfo -n username, getent passwd user, share-access.., ) but only enumeration of users with wbinfo -u and getent passwd fail?
> wbinfo -u just returns without any output and getent passwd just shows the default centos7 users.
>   
> Even with debugging the only strange thing might be that the log.wb-DOMAIN seems to state an immediate (!!!) timeout on wbinfo -u
>   
>
> [2016/04/14 12:17:26.558350,  3, pid=2873, effective(0, 0), real(0, 0)] ../lib/krb5_wrap/krb5_samba.c:2502(kerberos_get_principal_from_service_hostname)
>    kerberos_get_principal_from_service_hostname: cannot get realm from, desthost host.domain.de or default ccache. Using default smb.conf realm DOMAIN.DE
> [2016/04/14 12:17:26.591090,  3, pid=2873, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args)
>    ads_do_paged_search_args: ldap_search_with_timeout((objectCategory=user)) -> Time limit exceeded
> [2016/04/14 12:17:26.591143,  1, pid=2873, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:135(ads_do_search_retry_internal)
>    ads reopen failed after error Time limit exceeded
> [2016/04/14 12:17:26.591154,  1, pid=2873, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:319(query_user_list)
>    query_user_list ads_search: Time limit exceeded
> [2016/04/14 12:17:26.591165,  3, pid=2873, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1519(query_user_list)
>    query_user_list: returned 0xc00000b5, retrying
>   
> wbinfo -g  instead shows
>   
>
> [2016/04/14 12:19:10.877696,  3, pid=2873, effective(0, 0), real(0, 0)] ../lib/krb5_wrap/krb5_samba.c:2502(kerberos_get_principal_from_service_hostname)
>    kerberos_get_principal_from_service_hostname: cannot get realm from, desthost host.domain.de or default ccache. Using default smb.conf realm DOMAIN.DE
> [2016/04/14 12:19:10.883354,  5, pid=2873, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
>    Search for (&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1)))) in <dc=DOMAIN,dc=DE> gave 31 replies
>   
> There are only about 100 users, latest samba 4.2.10-rpm from centos7.
> winbind enum users is set to yes.
>   
> Thanks for help
>

Can you please post your smb.conf

Rowland

More information about the samba mailing list