[Samba] Domain member seems to work, wbinfo -u not

L.P.H. van Belle belle at bazuin.nl
Fri Apr 15 13:54:54 UTC 2016


Yeah, i have an output of log level 10 while i do a wbinfo -u. 

As for the packages below. 
4.1.17, yes, im upgrading these as we speak, but now on hold due to this problem. 

4.2.20 .. error typo, is Version 4.2.10-Debian 

4.3.7.. yeah, but 4.3.8 is not in debian, the 4.3.7 is the package version debian used for the latest CVE fixes.

Im waiting until 4.4.2 is out of experimental so i can create a new package.

As far i can see, it only happens with the jessie patched packages. 

Still testing.. 
What i also see it that when i do the "wbinfo -u" i see a slow down. 
Looks like it getting info but not displaying. 

I see for example : 
log.winbindd:  validate_ns: NS/NTDOM/USERNAME ok 
( all my users are there like this ) 

But im not good at debugging the samba log.. :-( there to many in there.. 
Still looking...  Tried a third server, same problem. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: vrijdag 15 april 2016 15:08
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Domain member seems to work, wbinfo -u not
> 
> On 15/04/16 13:43, L.P.H. van Belle wrote:
> > Ok, i have tested a bit more also.
> >
> > Now i have this problem also on some other servers with D. Jessie.
> >
> > The sernet 4.2.11 debian wheezy works fine as far i can see now.
> >
> > All my member servers have these settings ( see below),.
> > Versies used are
> > 4.1.17 (all ok) ( debian jessie packages )
> > 4.2.20 (fail wbinfo -u) ( debian jessie packages )
> > 4.2.11 (all ok) ( debian wheezy sernet packages )
> > 4.3.6	 (all ok) ( debian sid recompiled to jessie package )
> > 4.3.7	 (fail wbinfo -u) ( debian sid recompiled to jessie package )
> >
> > 2 servers, now both on 4.2.10
> > On both work :
> > id username
> > getent username
> > wbinfo -g
> >
> > And both not wbinfo -u
> > disable-ing tls didnt help.
> >
> > Setting : ldap server require strong auth = no, yes or
> allow_sasl_over_tls didnt help.
> >
> > Rebooted the server also.
> >
> > DC's setup.
> > Backend AD.
> > All users have UID and needed groups also.
> >
> > Config member server.
> > [global]
> >      workgroup = NTDOM
> >      security = ADS
> >      realm = INTERNAL.DOMAIN.TLD
> >
> >      netbios name = memberserver10
> >      domain master = no
> >      host msdfs = no
> >
> >      dedicated keytab file = /etc/krb5.keytab
> >      kerberos method = secrets and keytab
> >      client signing = if_required
> >
> >      idmap config *:backend = tdb
> >      idmap config *:range = 2000-9999
> >      idmap config NTDOM:backend = ad
> >      idmap config NTDOM:schema_mode = rfc2307
> >      idmap config NTDOM:range = 10000-3999999
> >
> >      winbind nss info = rfc2307
> >      winbind trusted domains only = no
> >      winbind use default domain = yes
> >      winbind enum users  = yes
> >      winbind enum groups = yes
> >      winbind refresh tickets = yes
> >      winbind offline logon = yes
> >      winbind expand groups = 4
> >
> >      wins server = 192.168.0.1, 192.168.0.2
> >
> >      username map = /etc/samba/samba_usermapping
> >
> >      usershare path =
> >
> >      vfs objects = acl_xattr
> >      map acl inherit = Yes
> >      store dos attributes = Yes
> >
> >      unix extensions = no
> >      wide links = no
> >      reset on zero vc = yes
> >      veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> >      hide unreadable = yes
> >
> >      load printers = Yes
> >      printing = cups
> >      printcap name = cups
> >
> >      tls enabled = yes
> >      tls keyfile = ....
> >      tls certfile = ....
> >      tls cafile = ....
> >
> >
> >
> >
> 
> OK, this is strange, getent works but 'wbinfo -u' doesn't, it is usually
> the other way round :-)
> 
> Louis, you probably already have cranked the log level up to 10, but if
> you haven't, can you and then see if anything pops up.
> 
> As for your list of versions:
> 
> 4.1.17 (all ok) ( debian jessie packages )                  You really
> need to upgrade
> 4.2.20 (fail wbinfo -u) ( debian jessie packages ) Where did this come
> from, highest Samba 4.2 version: 4.2.11
> 4.2.11 (all ok) ( debian wheezy sernet packages )
> 4.3.6 (all ok) ( debian sid recompiled to jessie package )
> 4.3.7 (fail wbinfo -u) ( debian sid recompiled to jessie package ) Do
> not use, use 4.3.8
> 
> Rowland
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list