[Samba] winbind rfc2307 - wbinfo -i fails

Oliver Heinz o.heinz at schunk.net
Thu Dec 8 11:52:53 UTC 2016 

I'm trying to get Samba 4 AD to work with rfc2307 extensions.

wbinfo -i fails

root at m1:~# wbinfo -i SAMDOM\\demo01

failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND


winbindd.log it here: http://pastebin.com/X0rEaLt2

Pretty much everything else seems to work:

root at m1:~# wbinfo --ping-dc

checking the NETLOGON for domain[SAMDOM] dc connection to "dc1.samdom.example.com" succeeded

root at m1:~# wbinfo  --uid-to-sid=10000

S-1-5-21-2104162034-3764151921-3268498227-1108

root at m1:~# wbinfo --name-to-sid SAMDOM\\demo01

S-1-5-21-2104162034-3764151921-3268498227-1108 SID_USER (1)


What did  I miss?


My setup:

dc1.example.com as per 
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
m1.example.com as per 
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

Both with SerNet 4.5.2-9 Packages


root at dc1:~# cat /etc/samba/smb.conf

# Global parameters

[global]

         netbios name = DC1

         realm = SAMDOM.EXAMPLE.COM

         workgroup = SAMDOM

         dns forwarder = 192.168.8.10

         server role = active directory domain controller

         idmap_ldb:use rfc2307 = yes

[netlogon]

         path = /var/lib/samba/sysvol/samdom.example.com/scripts

         read only = No

[sysvol]

         path = /var/lib/samba/sysvol

         read only = No

root at m1:~# cat /etc/samba/smb.conf

[global]

        security = ADS

        workgroup = SAMDOM

        realm = SAMDOM.EXAMPLE.COM

        log file = /var/log/samba/%m.log

        log level = 1 winbind:10

        # idmap config used for your domain.

        # Click on the following links for more information

        # on the available winbind idmap backends,

        # Choose the one that fits your requirements

        # then add the corresponding configuration.

        idmap config * : backend = tdb

        idmap config * : range = 2000-9999

        # idmap config for the SAMDOM domain

        idmap config SAMDOM:backend = ad

        idmap config SAMDOM:schema_mode = rfc2307

        idmap config SAMDOM:range = 10000-999999

        winbind nss info = rfc2307

root at dc1:~# ldbsearch -H ldap://localhost -Uadministrator%Test234! samaccountname=demo01

# record 1

dn: CN=demo01,OU=example,DC=samdom,DC=example,DC=com

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: user

cn: demo01

instanceType: 4

whenCreated: 20161207153641.0Z

uSNCreated: 3797

name: demo01

objectGUID: f636d153-a965-4251-a5ae-64ac05c89e5d

badPwdCount: 0

codePage: 0

countryCode: 0

badPasswordTime: 0

lastLogoff: 0

lastLogon: 0

primaryGroupID: 513

objectSid: S-1-5-21-2104162034-3764151921-3268498227-1108

accountExpires: 9223372036854775807

logonCount: 0

sAMAccountName: demo01

sAMAccountType: 805306368

userPrincipalName: demo01 at samdom.example.com

objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c

  om

uidNumber: 10000

loginShell: /bin/bash

unixHomeDirectory: /home/demo01

msSFU30NisDomain: samdom

msSFU30Name: demo01

unixUserPassword: ABCD!efgh12345$67890

pwdLastSet: 131255986018743120

userAccountControl: 512

gidNumber: 10000

uid: demo01

whenChanged: 20161208113015.0Z

uSNChanged: 3832

distinguishedName: CN=demo01,OU=example,DC=samdom,DC=example,DC=com

# Referral

ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com

# Referral

ref: ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com

# Referral

ref: ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com

# returned 4 records

# 1 entries

# 3 referrals

root at dc1:~# ldbsearch -H ldap://localhost -Uadministrator%Test234! cn=demogroup

# record 1

dn: CN=demogroup,OU=example,DC=samdom,DC=example,DC=com

objectClass: top

objectClass: group

cn: demogroup

instanceType: 4

whenCreated: 20161207161213.0Z

uSNCreated: 3815

name: demogroup

objectGUID: 30ea6c61-63fc-44f7-87d9-0311abbac9ae

objectSid: S-1-5-21-2104162034-3764151921-3268498227-1110

sAMAccountName: demogroup

sAMAccountType: 268435456

groupType: -2147483646

objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=co

  m

msSFU30NisDomain: SAMDOM

gidNumber: 10000

whenChanged: 20161208104335.0Z

uSNChanged: 3824

distinguishedName: CN=demogroup,OU=example,DC=samdom,DC=example,DC=com

# Referral

ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com

# Referral

ref: ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com

# Referral

ref: ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com

# returned 4 records

# 1 entries

# 3 referrals


TIA,
Oliver

More information about the samba mailing list