[Samba] Ubuntu 14.04 samba update
Jeff Sadowski
jeff.sadowski at gmail.com
Thu Apr 21 13:51:03 UTC 2016
I found all the new options here
https://wiki.samba.org/index.php/Sam...b.conf_options
<https://wiki.samba.org/index.php/Samba_4.3_Features_added/changed#New_smb.conf_options>
The ones relevant for me where
ldap server require strong auth = no
client ldap sasl wrapping = plain
I added those and my problem was fixed.
On Wed, Apr 20, 2016 at 8:46 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:
> I added
>
> log level = 10
> log file = /var/log/samba/%m.log
>
> to my smb.conf
>
> in the logs when I run wbinfo -u I get
>
> [2016/04/20 08:24:15.864222, 3, pid=19397, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
> [19441]: domain_info [SUBDOMAIN]
> [2016/04/20 08:24:15.864238, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[19441:DOMAIN_INFO]: delivered response
> to client
> [2016/04/20 08:24:15.864252, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
> process_request: Handling async request 19441:LIST_USERS
> [2016/04/20 08:24:15.864257, 3, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
> list_users SUBDOMAIN
> [2016/04/20 08:24:15.864264, 1, pid=19397, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryUserList: struct wbint_QueryUserList
> in: struct wbint_QueryUserList
> [2016/04/20 08:24:15.864285, 1, pid=19397, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryUserList: struct wbint_QueryUserList
> out: struct wbint_QueryUserList
> users : *
> users: struct wbint_userinfos
> num_userinfos : 0x00000000 (0)
> userinfos: ARRAY(0)
> result : NT_STATUS_IO_TIMEOUT
> [2016/04/20 08:24:15.864306, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
> Domain SUBDOMAIN returned 0 users
> [2016/04/20 08:24:15.864310, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
> List_users for domain SUBDOMAIN failed
> [2016/04/20 08:24:15.864315, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:793(wb_request_done)
> wb_request_done[19441:LIST_USERS]: NT_STATUS_OK
> [2016/04/20 08:24:15.864324, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[19441:LIST_USERS]: delivered response to
> client
> [2016/04/20 08:24:15.864390, 6, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:965(winbind_client_request_read)
> closing socket 28, client exited
>
>
> If I run wbinfo -g I get
>
> [2016/04/20 08:28:15.575371, 3, pid=19397, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
> [19483]: domain_info [SUBDOMAIN]
> [2016/04/20 08:28:15.575390, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[19483:DOMAIN_INFO]: delivered response
> to client
> [2016/04/20 08:28:15.575432, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
> process_request: Handling async request 19483:LIST_GROUPS
> [2016/04/20 08:28:15.575440, 3, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
> list_groups SUBDOMAIN
> [2016/04/20 08:28:15.575448, 1, pid=19397, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryGroupList: struct wbint_QueryGroupList
> in: struct wbint_QueryGroupList
> [2016/04/20 08:28:15.575537, 1, pid=19397, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryGroupList: struct wbint_QueryGroupList
> out: struct wbint_QueryGroupList
> groups : *
> groups: struct wbint_Principals
> num_principals : 213
> principals: ARRAY(213)
> principals: struct wbint_Principal
> sid : S-X-X-X-X-X-X-X
> type : SID_NAME_DOM_GRP
> (2)
> name : *
> name : 'Domain Users'
> principals: struct wbint_Principal
> sid : S-X-X-X-X-X-X-X
> type : SID_NAME_DOM_GRP
> (2)
> name : *
> name : 'Domain
> Guests'
> principals: struct wbint_Principal
> sid : S-X-X-X-X-X-X-X
> type : SID_NAME_DOM_GRP
> (2)
> name : *
> name : 'Cert
> Publishers'
> ...
> result : NT_STATUS_OK
> [2016/04/20 08:28:15.579824, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_groups.c:128(winbindd_list_groups_done)
> Domain SUBDOMAIN returned 213 groups
> [2016/04/20 08:28:15.579923, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:793(wb_request_done)
> wb_request_done[19483:LIST_GROUPS]: NT_STATUS_OK
> [2016/04/20 08:28:15.579942, 10, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[19483:LIST_GROUPS]: delivered response
> to client
> [2016/04/20 08:28:15.580234, 6, pid=19397, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:965(winbind_client_request_read)
> closing socket 28, client exited
>
>
> On Wed, Apr 20, 2016 at 8:05 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
> wrote:
>
>> I was looking at https://www.samba.org/samba/latest_news.html#4.4.2
>>
>> and added
>>
>> server signing = mandatory
>> ntlm auth = no
>>
>> to smb.conf but that seems to have made it worse. Before adding that I
>> was still able to do wbinfo -g and get a group listing
>>
>> Is there settings to set it back to the untrusted way before the security
>> updates that happened?
>> I'd like to set it up properly but I need to be able to get things
>> working for now.
>>
>>
>> On Wed, Apr 20, 2016 at 7:51 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
>> wrote:
>>
>>> When ubuntu 14.04 went from samba 4.1.6 to 4.3.8 it killed my setup.
>>> Before the change I was able to run wbinfo -u and get a list of users. Now
>>> when I run wbinfo -u it returns nothing. I tried dis-joining and rejoining
>>> the domain with no luck,
>>>
>>> Here is my complete smb.conf
>>> [global]
>>> security = ads
>>> realm = SUBDOMAIN.DOMAIN.TOP
>>> workgroup = SUBDOMAIN
>>> idmap config * : backend = tdb
>>> idmap config * : range = 2000-7999
>>> idmap config SUBDOMAIN:backend = ad
>>> idmap config SUBDOMAIN:schema_mode = rfc2307
>>> idmap config SUBDOMAIN:range = 8000-9999999
>>> winbind nss info = rfc2307
>>> winbind use default domain = yes
>>>
>>> Here is my script to connect to the domain. I call it net_join.sh
>>>
>>> echo Enter a Machine Name
>>> read machine
>>> echo $machine > /etc/hostname
>>> hostname `cat /etc/hostname`
>>> echo Enter a Domain Admin Account ex:Administrator
>>> read admin
>>> OSNAME="`lsb_release -a|grep "^Distributor ID:"|cut -d: -f2|awk '{print
>>> $1}'` joined `date "+%F"`"
>>> OSVERSION="`lsb_release -a|grep "^Release:"|cut -d: -f2|awk '{print
>>> $1}'`"
>>> net ads join -U $admin osName="${OSNAME}" osVersion="${OSVERSION}"
>>>
>>> Here is my script to leave the domain. I call it net_leave.sh
>>>
>>> read admin
>>> net ads leave -U $admin
>>>
>>> Here is my script to clear the winbind cache with a change from samba to
>>> smb when samba changed. I call it winbind_clear.sh
>>>
>>> service winbind stop
>>> service smbd stop
>>> #service samba stop
>>> net cache flush
>>> rm -f /var/lib/samba/*.tdb
>>> rm -f /var/lib/samba/group_mapping.ldb
>>> sleep 1
>>> #service samba start
>>> service smbd start
>>> service winbind start
>>>
>>> Can anyone point me to why my setup has stopped working? Or maybe some
>>> steps I can take to learn why it is failing. Do I need to add something for
>>> debugging?
>>> I also tried upgrading to the beta version of Ubuntu 16.04 to see if I
>>> could get it working with it, no luck.
>>>
>>
>>
>
More information about the samba
mailing list