[Samba] FW: Domain member seems to work, wbinfo -u not (update5)
L.P.H. van Belle
belle at bazuin.nl
Mon Apr 18 15:06:48 UTC 2016
Ok i compaired my setup to Rowlands install.
And i dont see any difference between Rowlands setup and mine.
Tested the following.
I got the samba 4.4.2 source recompiled it in a deb file and installed it.
apt-cache policy winbind
winbind:
Installed: 2:4.4.2-lvb1
Candidate: 2:4.4.2-lvb1
Version table:
*** 2:4.4.2-lvb1 0
500 http://maybe.inthe.future.tld/debian/ jessie/ Packages
100 /var/lib/dpkg/status
2:4.2.10+dfsg-0+deb8u2 0
500 http://security.debian.org/ jessie/updates/main amd64 Packages
2:4.1.17+dfsg-2+deb8u2 0
500 http://ftp.nl.debian.org/debian/ jessie/main amd64 Packages
Startup, clean logs, wbinfo -g (works) wbinfo -u not .. :-(
I see again :
[2016/04/18 16:56:38.145224, 10, pid=27010, effective(0, 0), real(0, 0)] ../auth/kerberos/gssapi_helper.c:303(gssapi_unseal_packet)
Unsealed 32 bytes, with 76 bytes header/signature.
[2016/04/18 16:56:38.145236, 10, pid=27010, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:525(cli_pipe_validate_current_pdu)
Got pdu len 140, data_len 24
[2016/04/18 16:56:38.145249, 10, pid=27010, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
rpc_api_pipe: got frag len of 140 at offset 0: NT_STATUS_OK
[2016/04/18 16:56:38.145261, 10, pid=27010, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:1075(rpc_api_pipe_got_pdu)
rpc_api_pipe: host dc2.internal.domain.tld returned 24 bytes.
[2016/04/18 16:56:38.145279, 1, pid=27010, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
samr_Close: struct samr_Close
out: struct samr_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
[2016/04/18 16:56:38.145362, 5, pid=27010, effective(0, 0), real(0, 0)] ../libcli/smb/smb2_signing.c:93(smb2_signing_sign_pdu)
signed SMB2 message
[2016/04/18 16:56:38.145697, 1, pid=27010, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
out: struct wbint_QueryUserList
users : *
users: struct wbint_userinfos
num_userinfos : 0x00000000 (0)
userinfos: ARRAY(0)
result : NT_STATUS_IO_TIMEOUT
[2016/04/18 16:56:38.145769, 4, pid=27010, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1397(child_handler)
Finished processing child request 59
Tomorrow i'll setup a new server with my script, but without the debian samba packages, install the source packages and see what happend then.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> Verzonden: maandag 18 april 2016 14:34
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] FW: Domain member seems to work, wbinfo -u not
> (update4)
>
> Uhh, yeah, thats hard to debug if you dont get the errors..
>
> Can you the output of.
>
> dpkg --get-selections | grep install | grep -v deinstall
>
> Lets see if im missing something compaired to you.
> And can you post you :
> smb.conf
> nsswithch.conf
> idmap.conf
> resolv.conf
>
> apt-cache policy winbind
>
> to be sure so i can set it exact the same and test again.
>
>
> Greetz,
>
> Louis
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> > Verzonden: maandag 18 april 2016 14:26
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] FW: Domain member seems to work, wbinfo -u not
> > (update4)
> >
> > On 18/04/16 12:52, L.P.H. van Belle wrote:
> > > Ok. I've done the following, any samba dev, please read below.
> > >
> > > Looks to me some bug in librpc/ndr/ndr.c
> > >
> > > But im not a coder.. so please have a look.
> > >
> > >
> > >
> > >
> > >
> > > Environment.
> > >
> > > Debian Jessie, samba 4.2.10 (debian)
> > >
> > >
> > >
> > > I remove my proxy2 server from the domain, cleared up the AD.
> > >
> > > Removed all content from /var/(lib/cache)/samba
> > >
> > > Removed all other unnneeded services for this test.
> > >
> > > Removed all samba kerberos (squid) etc packages.
> > >
> > > Removed the /etc/krb5.keytab
> > >
> > >
> > >
> > > In short, now a clean server only ssh installed.
> > >
> > >
> > >
> > > I installed only winbind again.
> > >
> > > With this line.
> > >
> > > apt-get install -y --no-install-recommends winbind smbclient krb5-
> user
> > libpam-winbind libnss-winbind ssh-krb5 libpam-krb5 samba-vfs-modules
> > >
> > >
> > >
> > > tested kinit, works fine.
> > >
> > > Joined the domain, works.
> > >
> > >
> > >
> > > Tested and works.
> > >
> > > wbinfo --domain-info=NTDOMAIN
> > >
> > > wbinfo -p
> > >
> > > wbinfo -g
> > >
> > >
> > >
> > > and again a fail on wbinfo –u
> > >
> > >
> > >
> > > id username works.
> > >
> > > getent passwd username works fine
> > >
> > > username:*:10002:10000:M. Username:/home/users/username:/bin/bash
> > >
> > >
> > >
> > > getent passwd, has a “slow down” so something happens, but not putout.
> > >
> > > Also wbinfo –u has a “slow down” on screen but no output.
> > >
> > > All other checks are ok, sofar i can see.
> > >
> > >
> > >
> > >
> > >
> > > few snaps from the debug log lvl 10 of the wbinfo –u
> > >
> > > in the log.winbind i notice the following. ( see log below )
> > >
> > > snap of few messages.
> > >
> > > Domain NTDOMAIN returned 74 groups
> > >
> > > Domain NTDOMAIN returned 0 users
> > >
> > > List_users for domain NTDOMAIN failed
> > >
> > > wb_request_done[14198:LIST_USERS]: NT_STATUS_OK
> > >
> > > winbind_client_response_written[14198:LIST_USERS]: delivered
> response
> > to client
> > >
> > > closing socket 29, client exited
> > >
> > >
> > >
> > >
> > >
> > > the group output:
> > >
> > > [2016/04/18 13:25:38.723377, 1, pid=14148, effective(0, 0), real(0,
> 0)]
> > ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> > >
> > > wbint_QueryGroupList: struct wbint_QueryGroupList
> > >
> > > out: struct wbint_QueryGroupList
> > >
> > > groups : *
> > >
> > > groups: struct wbint_Principals
> > >
> > > num_principals : 74
> > >
> > > principals: ARRAY(74)
> > >
> > > principals: struct wbint_Principal
> > >
> > > sid : S-1-5-21-
> > 2934682428-2610421433-476865461-571
> > >
> > > type :
> > SID_NAME_DOM_GRP (2)
> > >
> > > name : *
> > >
> > > name : 'Allowed
> > RODC Password Replication Group'
> > >
> > > .. etc etc. 74 groups shown.
> > >
> > >
> > >
> > > [2016/04/18 13:25:41.051831, 1, pid=14148, effective(0, 0), real(0,
> 0)]
> > ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> > >
> > > wbint_QueryUserList: struct wbint_QueryUserList
> > >
> > > out: struct wbint_QueryUserList
> > >
> > > users : *
> > >
> > > users: struct wbint_userinfos
> > >
> > > num_userinfos : 0x00000000 (0)
> > >
> > > userinfos: ARRAY(0)
> > >
> > > result : NT_STATUS_IO_TIMEOUT
> > >
> > >
> > >
> > >
> > >
> > > The debug log lvl 10 of the wbinfo –g and -u ( -g are only the first 3
> > lines, result is ok )
> > >
> > > I have also logs of the domain join if needed.
> > >
> > >
> > >
> > > [2016/04/18 13:25:38.725251, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> >
> ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done)
> > >
> > > Domain NTDOMAIN returned 74 groups
> > >
> > > [2016/04/18 13:25:38.725330, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
> > >
> > > wb_request_done[14197:LIST_GROUPS]: NT_STATUS_OK
> > >
> > > [2016/04/18 13:25:38.725373, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14197:LIST_GROUPS]: delivered
> > response to client
> > >
> > > [2016/04/18 13:25:38.725593, 6, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:957(winbind_client_request_read)
> > >
> > > closing socket 29, client exited
> > >
> > > [2016/04/18 13:25:41.050988, 6, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:906(new_connection)
> > >
> > > accepted socket 27
> > >
> > > [2016/04/18 13:25:41.051060, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:752(process_request)
> > >
> > > process_request: request fn INTERFACE_VERSION
> > >
> > > [2016/04/18 13:25:41.051073, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> > >
> > > [14198]: request interface version (version = 27)
> > >
> > > [2016/04/18 13:25:41.051108, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14198:INTERFACE_VERSION]: delivered
> > response to client
> > >
> > > [2016/04/18 13:25:41.051185, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:752(process_request)
> > >
> > > process_request: request fn WINBINDD_PRIV_PIPE_DIR
> > >
> > > [2016/04/18 13:25:41.051196, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
> > >
> > > [14198]: request location of privileged pipe
> > >
> > > [2016/04/18 13:25:41.051228, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14198:WINBINDD_PRIV_PIPE_DIR]:
> > delivered response to client
> > >
> > > [2016/04/18 13:25:41.051297, 6, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:906(new_connection)
> > >
> > > accepted socket 29
> > >
> > > [2016/04/18 13:25:41.051315, 6, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:957(winbind_client_request_read)
> > >
> > > closing socket 27, client exited
> > >
> > > [2016/04/18 13:25:41.051342, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:752(process_request)
> > >
> > > process_request: request fn INTERFACE_VERSION
> > >
> > > [2016/04/18 13:25:41.051353, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> > >
> > > [14198]: request interface version (version = 27)
> > >
> > > [2016/04/18 13:25:41.051376, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14198:INTERFACE_VERSION]: delivered
> > response to client
> > >
> > > [2016/04/18 13:25:41.051422, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:752(process_request)
> > >
> > > process_request: request fn INFO
> > >
> > > [2016/04/18 13:25:41.051434, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd_misc.c:383(winbindd_info)
> > >
> > > [14198]: request misc info
> > >
> > > [2016/04/18 13:25:41.051458, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14198:INFO]: delivered response to
> > client
> > >
> > > [2016/04/18 13:25:41.051503, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:752(process_request)
> > >
> > > process_request: request fn NETBIOS_NAME
> > >
> > > [2016/04/18 13:25:41.051514, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd_misc.c:416(winbindd_netbios_name)
> > >
> > > [14198]: request netbios name
> > >
> > > [2016/04/18 13:25:41.051537, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14198:NETBIOS_NAME]: delivered
> > response to client
> > >
> > > [2016/04/18 13:25:41.051583, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:752(process_request)
> > >
> > > process_request: request fn DOMAIN_NAME
> > >
> > > [2016/04/18 13:25:41.051606, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name)
> > >
> > > [14198]: request domain name
> > >
> > > [2016/04/18 13:25:41.051630, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14198:DOMAIN_NAME]: delivered
> > response to client
> > >
> > > [2016/04/18 13:25:41.051674, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:752(process_request)
> > >
> > > process_request: request fn DOMAIN_INFO
> > >
> > > [2016/04/18 13:25:41.051685, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
> > >
> > > [14198]: domain_info [NTDOMAIN]
> > >
> > > [2016/04/18 13:25:41.051714, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> > >
> > > winbind_client_response_written[14198:DOMAIN_INFO]: delivered
> > response to client
> > >
> > > [2016/04/18 13:25:41.051755, 10, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
> > >
> > > process_request: Handling async request 14198:LIST_USERS
> > >
> > > [2016/04/18 13:25:41.051767, 3, pid=14148, effective(0, 0), real(0,
> 0),
> > class=winbind]
> > ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
> > >
> > > list_users NTDOMAIN
> > >
> > > [2016/04/18 13:25:41.051785, 1, pid=14148, effective(0, 0), real(0,
> 0)]
> > ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> > >
> > > wbint_QueryUserList: struct wbint_QueryUserList
> > >
> > > in: struct wbint_QueryUserList
> > >
> > > [2016/04/18 13:25:41.051831, 1, pid=14148, effective(0, 0), real(0,
> 0)]
> > ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> > >
> > > wbint_QueryUserList: struct wbint_QueryUserList
> > >
> > > out: struct wbint_QueryUserList
> > >
> > > users : *
> > >
> > > users: struct wbint_userinfos
> > >
> > > num_userinfos : 0x00000000 (0)
> > >
> > > userinfos: ARRAY(0)
> > >
> > > result : NT_STATUS_IO_TIMEOUT
> >
> > Hi Louis, I am getting very confused here, I cannot make 'wbinfo -u'
> > fail :-\
> >
> > I have setup a VM with debian jessie and it works, if I find the line
> > above in my log file, I find this:
> >
> > [2016/04/18 13:09:00.418358, 1, pid=5241, effective(0, 0), real(0, 0)]
> > ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> > wbint_QueryUserList: struct wbint_QueryUserList
> > out: struct wbint_QueryUserList
> > users : *
> > users: struct wbint_userinfos
> > num_userinfos : 0x00000012 (18)
> > userinfos: ARRAY(18)
> >
> > It then goes on to list the users.
> >
> > How do you find out what the problem is, if you do not have the problem
> > ?????
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list