[Samba] Domain member seems to work, wbinfo -u not

Rowland penny rpenny at samba.org
Fri Apr 15 13:07:56 UTC 2016 

On 15/04/16 13:43, L.P.H. van Belle wrote:
> Ok, i have tested a bit more also.
>
> Now i have this problem also on some other servers with D. Jessie.
>
> The sernet 4.2.11 debian wheezy works fine as far i can see now.
>
> All my member servers have these settings ( see below),.
> Versies used are
> 4.1.17 (all ok) ( debian jessie packages )
> 4.2.20 (fail wbinfo -u) ( debian jessie packages )
> 4.2.11 (all ok) ( debian wheezy sernet packages )
> 4.3.6	 (all ok) ( debian sid recompiled to jessie package )
> 4.3.7	 (fail wbinfo -u) ( debian sid recompiled to jessie package )
>
> 2 servers, now both on 4.2.10
> On both work :
> id username
> getent username
> wbinfo -g
>
> And both not wbinfo -u
> disable-ing tls didnt help.
>
> Setting : ldap server require strong auth = no, yes or allow_sasl_over_tls didnt help.
>
> Rebooted the server also.
>
> DC's setup.
> Backend AD.
> All users have UID and needed groups also.
>
> Config member server.
> [global]
>      workgroup = NTDOM
>      security = ADS
>      realm = INTERNAL.DOMAIN.TLD
>
>      netbios name = memberserver10
>      domain master = no
>      host msdfs = no
>
>      dedicated keytab file = /etc/krb5.keytab
>      kerberos method = secrets and keytab
>      client signing = if_required
>
>      idmap config *:backend = tdb
>      idmap config *:range = 2000-9999
>      idmap config NTDOM:backend = ad
>      idmap config NTDOM:schema_mode = rfc2307
>      idmap config NTDOM:range = 10000-3999999
>
>      winbind nss info = rfc2307
>      winbind trusted domains only = no
>      winbind use default domain = yes
>      winbind enum users  = yes
>      winbind enum groups = yes
>      winbind refresh tickets = yes
>      winbind offline logon = yes
>      winbind expand groups = 4
>
>      wins server = 192.168.0.1, 192.168.0.2
>
>      username map = /etc/samba/samba_usermapping
>
>      usershare path =
>
>      vfs objects = acl_xattr
>      map acl inherit = Yes
>      store dos attributes = Yes
>
>      unix extensions = no
>      wide links = no
>      reset on zero vc = yes
>      veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
>      hide unreadable = yes
>
>      load printers = Yes
>      printing = cups
>      printcap name = cups
>
>      tls enabled = yes
>      tls keyfile = ....
>      tls certfile = ....
>      tls cafile = ....
>
>
>
>

OK, this is strange, getent works but 'wbinfo -u' doesn't, it is usually 
the other way round :-)

Louis, you probably already have cranked the log level up to 10, but if 
you haven't, can you and then see if anything pops up.

As for your list of versions:

4.1.17 (all ok) ( debian jessie packages )                  You really 
need to upgrade
4.2.20 (fail wbinfo -u) ( debian jessie packages ) Where did this come 
from, highest Samba 4.2 version: 4.2.11
4.2.11 (all ok) ( debian wheezy sernet packages )
4.3.6 (all ok) ( debian sid recompiled to jessie package )
4.3.7 (fail wbinfo -u) ( debian sid recompiled to jessie package ) Do 
not use, use 4.3.8

Rowland

More information about the samba mailing list