[Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
Andrew Martin
amartin at xes-inc.com
Tue Apr 19 13:40:45 UTC 2016
I am also having this issue, however in my case it is worse - samba shares do not work
and "getent passwd <domain user>" also does not work. I tried adding the following to the
"[global]" section of my smb.conf as suggested elsewhere, but no improvement:
client ldap sasl wrapping = plain
My smb.conf is very similar to yours, however I also have the following options set:
encrypt passwords = true
winbind nss info = rfc2307
Thanks,
Andrew
----- Original Message -----
> From: "Dimitar Hristov" <dimitar.hristov at outlook.com>
> To: samba at lists.samba.org
> Sent: Tuesday, April 19, 2016 8:23:50 AM
> Subject: [Samba] wbinfo -u, wbinfo -g not working after samba update from 4.2.3 to 4.2.10
>
> Hi list,
>
>
>
>
>
> After the badlock patching of all samba machines in our organization
> (all of them are domain members), some functionalities have stopped
> working, more particularly:
>
>
> - wbinfo -g (no output at all)
>
>
> - wbinfo -u (no output at all)
>
>
> - getent passwd (displays only local users)
>
>
> - getent group
>
>
>
>
>
> working functionalities:
>
>
> - samba shares are still accessible, with appropriate users set as
> "valid", "write users" etc
>
>
> - getent passwd <domain user>
>
>
> - wbinfo --name-to-sid
>
>
>
>
>
>
>
>
> Configuration files:
>
>
> - /etc/samba/smb.conf
>
>
> [global]
>
>
> workgroup = EXAMPLE
>
>
> realm = EXAMPLE.COM
>
>
> security = ADS
>
>
> dedicated keytab file = /etc/krb5.keytab
>
>
> kerberos method = secrets and keytab
>
>
> log file = /var/log/samba/%m.log
>
>
> load printers = No
>
>
> printcap name = /dev/null
>
>
> winbind separator = +
>
>
> winbind enum users = Yes
>
>
> winbind enum groups = Yes
>
>
> winbind use default domain = Yes
>
>
> winbind refresh tickets = Yes
>
>
> idmap config example : backend = ad
>
>
> idmap config * : backend = tdb
>
>
> printing = bsd
>
>
>
>
>
> - /etc/krb5.conf
>
>
> [logging]
>
>
> default = FILE:/var/log/krb5libs.log
>
>
> kdc = FILE:/var/log/krb5kdc.log
>
>
> admin_server = FILE:/var/log/kadmind.log
>
>
>
>
>
> [libdefaults]
>
>
> dns_lookup_kdc = false
>
>
> dns_lookup_realm = false
>
>
> ticket_lifetime = 24h
>
>
> renew_lifetime = 7d
>
>
> forwardable = true
>
>
> rdns = false
>
>
> default_realm = EXAMPLE.COM
>
>
> default_ccache_name = KEYRING:persistent:%{uid}
>
>
>
>
>
> [realms]
>
>
> EXAMPLE.COM = {
>
>
> kdc = example-adc01.example.com
>
>
> admin_server = example-adc01.example.com
>
>
> }
>
>
>
>
>
> [domain_realm]
>
>
> .example.com = EXAMPLE.COM
>
>
> example.com = EXAMPLE.COM
>
>
>
>
>
> - /etc/nsswitch.conf
>
>
>
>
>
> passwd: files winbind
>
>
> shadow: files winbind
>
>
> group: files winbind
>
>
> initgroups: files
>
>
>
>
>
> hosts: files dns myhostname
>
>
>
>
>
> bootparams: nisplus [NOTFOUND=return] files
>
>
>
>
>
> ethers: files
>
>
> netmasks: files
>
>
> networks: files
>
>
> protocols: files winbind
>
>
> rpc: files winbind
>
>
> services: files winbind
>
>
>
>
>
> netgroup: nisplus sss
>
>
>
>
>
> publickey: nisplus
>
>
>
>
>
> automount: files nisplus
>
>
> aliases: files nisplus
>
>
>
>
>
> Installed packages:
>
>
> - working environment
>
>
> samba-4.2.3-12.el7_2.x86_64
>
>
> samba-common-4.2.3-12.el7_2.noarch
>
>
> samba-winbind-modules-4.2.3-12.el7_2.x86_64
>
>
> samba-winbind-clients-4.2.3-12.el7_2.x86_64
>
>
> samba-common-tools-4.2.3-12.el7_2.x86_64
>
>
> samba-common-libs-4.2.3-12.el7_2.x86_64
>
>
> samba-winbind-4.2.3-12.el7_2.x86_64
>
>
> samba-libs-4.2.3-12.el7_2.x86_64
>
>
> samba-client-libs-4.2.3-12.el7_2.x86_64
>
>
> krb5-workstation-1.13.2-12.el7_2.x86_64
>
>
> krb5-libs-1.13.2-12.el7_2.x86_64
>
>
>
>
>
> - not working (after the update)
>
>
> samba-winbind-4.2.10-6.el7_2.x86_64
>
>
> samba-libs-4.2.10-6.el7_2.x86_64
>
>
> samba-common-4.2.10-6.el7_2.noarch
>
>
> samba-client-libs-4.2.10-6.el7_2.x86_64
>
>
> samba-winbind-modules-4.2.10-6.el7_2.x86_64
>
>
> samba-winbind-clients-4.2.10-6.el7_2.x86_64
>
>
> samba-common-tools-4.2.10-6.el7_2.x86_64
>
>
> samba-common-libs-4.2.10-6.el7_2.x86_64
>
>
> samba-4.2.10-6.el7_2.x86_64
>
>
> krb5-workstation-1.13.2-12.el7_2.x86_64
>
>
> krb5-libs-1.13.2-12.el7_2.x86_64
>
>
>
>
>
> ---------------------
>
>
>
>
>
> Partial log output after "wbinfo -g" -
> /var/log/samba/winbind.log:
>
>
>
>
>
> [2016/04/19 14:58:40.635486, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:725(process_request)
>
>
> process_request: Handling async request 3640:LIST_GROUPS
>
>
> [2016/04/19 14:58:40.635501, 3, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
>
>
> list_groups EXAMPLE
>
>
> [2016/04/19 14:58:40.635520, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryGroupList: struct wbint_QueryGroupList
>
>
> in: struct wbint_QueryGroupList
>
>
> [2016/04/19 14:58:42.112485, 10, pid=3634, effective(0, 0), real(0,
> 0)] ../source3/lib/messages.c:252(messaging_recv_cb)
>
>
> messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from
> 3635
>
>
> [2016/04/19 14:58:42.112513, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline)
>
>
> Domain EXAMPLE is marked as offline now.
>
>
> [2016/04/19 14:58:42.113574, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryGroupList: struct wbint_QueryGroupList
>
>
> out: struct wbint_QueryGroupList
>
>
> groups : *
>
>
> groups: struct wbint_Principals
>
>
> num_principals : 0
>
>
> principals: ARRAY(0)
>
>
> result : NT_STATUS_IO_TIMEOUT
>
>
> [2016/04/19 14:58:42.113616, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done)
>
>
> Domain EXAMPLE returned 0 groups
>
>
> [2016/04/19 14:58:42.113623, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_list_groups.c:134(winbindd_list_groups_done)
>
>
> list_groups for domain EXAMPLE failed
>
>
> [2016/04/19 14:58:42.113630, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:787(wb_request_done)
>
>
> wb_request_done[3640:LIST_GROUPS]: NT_STATUS_OK
>
>
> [2016/04/19 14:58:42.113649, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
>
>
> winbind_client_response_written[3640:LIST_GROUPS]: delivered
> response to client
>
>
> [2016/04/19 14:58:42.114552, 6, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:957(winbind_client_request_read)
>
>
> closing socket 28, client exited
>
>
> [2016/04/19 14:59:13.272624, 10, pid=3634, effective(0, 0), real(0,
> 0)] ../source3/lib/messages.c:252(messaging_recv_cb)
>
>
> messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from
> 3635
>
>
> [2016/04/19 14:59:13.272656, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online)
>
>
> Domain EXAMPLE is marked as online now.
>
>
>
>
> Partial log output after "wbinfo -u" -
> /var/log/samba/winbind.log:
>
>
>
>
>
> [2016/04/19 15:03:25.308776, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:725(process_request)
>
>
> process_request: Handling async request 3666:LIST_USERS
>
>
> [2016/04/19 15:03:25.308788, 3, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
>
>
> list_users EXAMPLE
>
>
> [2016/04/19 15:03:25.308808, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryUserList: struct wbint_QueryUserList
>
>
> in: struct wbint_QueryUserList
>
>
> [2016/04/19 15:03:29.418016, 10, pid=3634, effective(0, 0), real(0,
> 0)] ../source3/lib/messages.c:252(messaging_recv_cb)
>
>
> messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from
> 3635
>
>
> [2016/04/19 15:03:29.418040, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline)
>
>
> Domain EXAMPLE is marked as offline now.
>
>
> [2016/04/19 15:03:29.418101, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryUserList: struct wbint_QueryUserList
>
>
> out: struct wbint_QueryUserList
>
>
> users : *
>
>
> users: struct wbint_userinfos
>
>
> num_userinfos : 0x00000000 (0)
>
>
> userinfos: ARRAY(0)
>
>
> result : NT_STATUS_IO_TIMEOUT
>
>
> [2016/04/19 15:03:29.418172, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
>
>
> Domain EXAMPLE returned 0 users
>
>
> [2016/04/19 15:03:29.418180, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
>
>
> List_users for domain EXAMPLE failed
>
>
> [2016/04/19 15:03:29.418187, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:787(wb_request_done)
>
>
> wb_request_done[3666:LIST_USERS]: NT_STATUS_OK
>
>
> [2016/04/19 15:03:29.418206, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
>
>
> winbind_client_response_written[3666:LIST_USERS]: delivered
> response to client
>
>
> [2016/04/19 15:03:29.420295, 6, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:957(winbind_client_request_read)
>
>
> closing socket 28, client exited
>
>
> [2016/04/19 15:04:00.414647, 10, pid=3634, effective(0, 0), real(0,
> 0)] ../source3/lib/messages.c:252(messaging_recv_cb)
>
>
> messaging_recv_cb: Received message 0x40b len 8 (num_fds:0) from
> 3635
>
>
> [2016/04/19 15:04:00.414669, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_cm.c:384(winbind_msg_domain_online)
>
>
> Domain EXAMPLE is marked as online now.
>
>
>
>
> Partial log output after "getent passwd" -
> /var/log/samba/winbind.log (the local users get displayed,
> domain users - do not):
>
>
>
>
>
> [2016/04/19 15:04:41.367195, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:725(process_request)
>
>
> process_request: Handling async request 3673:GETPWENT
>
>
> [2016/04/19 15:04:41.367208, 3, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_getpwent.c:50(winbindd_getpwent_send)
>
>
> [ 3673]: getpwent
>
>
> [2016/04/19 15:04:41.367307, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryUserList: struct wbint_QueryUserList
>
>
> in: struct wbint_QueryUserList
>
>
> [2016/04/19 15:04:41.367621, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryUserList: struct wbint_QueryUserList
>
>
> out: struct wbint_QueryUserList
>
>
> users : *
>
>
> users: struct wbint_userinfos
>
>
> num_userinfos : 0x00000000 (0)
>
>
> userinfos: ARRAY(0)
>
>
> result : NT_STATUS_OK
>
>
> [2016/04/19 15:04:41.367652, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/wb_query_user_list.c:69(wb_query_user_list_done)
>
>
> dcerpc_wbint_QueryUserList returned 0 users
>
>
> [2016/04/19 15:04:41.367661, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryUserList: struct wbint_QueryUserList
>
>
> in: struct wbint_QueryUserList
>
>
> [2016/04/19 15:04:41.367680, 1, pid=3634, effective(0, 0), real(0,
> 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>
>
> wbint_QueryUserList: struct wbint_QueryUserList
>
>
> out: struct wbint_QueryUserList
>
>
> users : *
>
>
> users: struct wbint_userinfos
>
>
> num_userinfos : 0x00000000 (0)
>
>
> userinfos: ARRAY(0)
>
>
> result : NT_STATUS_IO_TIMEOUT
>
>
> [2016/04/19 15:04:41.367700, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/wb_next_pwent.c:109(wb_next_pwent_fetch_done)
>
>
> query_user_list for domain EXAMPLE returned NT_STATUS_IO_TIMEOUT
>
>
> [2016/04/19 15:04:41.367707, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd_getpwent.c:95(winbindd_getpwent_done)
>
>
> winbindd_getpwent_done: done with 0 users
>
>
> [2016/04/19 15:04:41.367712, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:787(wb_request_done)
>
>
> wb_request_done[3673:GETPWENT]: NT_STATUS_NO_MORE_ENTRIES
>
>
> [2016/04/19 15:04:41.367726, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
>
>
> winbind_client_response_written[3673:GETPWENT]: delivered response
> to client
>
>
> [2016/04/19 15:04:41.367900, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:725(process_request)
>
>
> process_request: Handling async request 3673:ENDPWENT
>
>
> [2016/04/19 15:04:41.367916, 10, pid=3634, effective(0, 0), real(0,
> 0), class=winbind]
> ../source3/winbindd/winbindd.c:787(wb_request_done)
>
>
> wb_request_done[3673:ENDPWENT]: NT_STATUS_OK
>
>
>
>
>
> I think that the issue is similar to the issues described by L.P.H.
> van Belle and Luca Bertoncello.
>
>
>
>
>
> The Domain Controllers are MS Windows Server 2012 R2, AD Scheme is
> 2012.
>
>
>
>
>
> Any ideas on how to solve this?
>
>
>
>
>
> Thanks,
>
>
> Dimitar
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list