[Samba] Problems after migration from samba 3.5.2 to samba 4.3.1
Fernando Favero
favero.fernando at gmail.com
Wed Feb 17 18:10:41 UTC 2016
Well.... I know that this problem is very weird, but, does anyone know how
to identify where the problem is??
My domain controler shows only groups... not users, and smbclient shows:
Samba version 4.3.1
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
13570 -1 -1 u183848 (ipv4:10.90.35.221:62129)
SMB2_02
13557 -1 -1 10.90.74.154 (ipv4:10.90.74.154:51183)
SMB2_10
13993 -1 -1 10.90.78.109 (ipv4:10.90.78.109:50260)
SMB2_10
13746 -1 -1 10.90.76.136 (ipv4:10.90.76.136:50233)
SMB2_10
13517 -1 -1 10.90.68.77 (ipv4:10.90.68.77:56510)
SMB2_10
14322 -1 -1 10.90.11.221 (ipv4:10.90.11.221:58934)
SMB2_10
14312 -1 -1 10.90.12.114 (ipv4:10.90.12.114:49750)
SMB3_02
13521 -1 -1 u225158 (ipv4:10.90.13.122:51219)
SMB2_10
14350 -1 -1 10.90.22.91 (ipv4:10.90.22.91:59956)
SMB2_10
13573 -1 -1 10.90.52.213 (ipv4:10.90.52.213:57004)
SMB2_10
13510 nobody 3000010 u225158 (ipv4:10.90.13.122:51217)
SMB2_10
14117 -1 -1 10.90.21.62 (ipv4:10.90.21.62:2250)
NT1
Thanks
On Tue, Feb 16, 2016 at 11:46 AM, Fernando Favero <favero.fernando at gmail.com
> wrote:
> Hi Rowland
>
>
>
>
>> OK, two things jump out at me, I wouldn't use 'EXAMPLE.COM' for the
>> workgroup name, I would have just used 'EXAMPLE' i.e. no dot in the name.
>>
>>
> I understand, but, change the workgroup involves migrate domain, right ??
> Or can I simply change workgroup and restart samba ??
>
>
>> Your idmap config stack is incorrect, you only have settings for the
>> builtin users & groups, see here for how you should set it up:
>>
>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>
>> Follow the links on that page for the correct settings.
>>
>>
> ldconfig -v | grep winbind shows "libnss_winbind.so.2 ->
> libnss_winbind.so.2"
>
> nsswitch.conf:
> passwd: files winbind
> shadow: files winbind
> group: files winbind
>
>
> I changed smb.conf in a test environment with same problem with the
> following parameters.
> idmap config *:backend = tdb
> idmap config *:range = 1000-1999
> idmap config EXAMPLE.COM:range = 2000-50000
> idmap config EXAMPLE.COM:backend = ad
> idmap config EXAMPLE.COM:schema_mode = rfc2307
>
> getent passwd show local users only
> getent group show all groups (loca and domain)
> wbinfo -u show nothing
> wbinfo -g show all groups (local and domain)
>
> winbindd.log show the following lines when debug level = 10,
>
> Running "wbinfo -g"
> .
> .
> .
> [2016/02/16 11:29:26.185376, 3, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name)
> [31101]: request domain name
> [2016/02/16 11:29:26.185431, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[31101:DOMAIN_NAME]: delivered response
> to client
> [2016/02/16 11:29:26.185540, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:758(process_request)
> process_request: request fn DOMAIN_INFO
> [2016/02/16 11:29:26.185610, 3, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
> [31101]: domain_info [EXAMPLE.COM]
> [2016/02/16 11:29:26.185710, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[31101:DOMAIN_INFO]: delivered response
> to client
> [2016/02/16 11:29:26.185825, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
> process_request: Handling async request 31101:LIST_GROUPS
> [2016/02/16 11:29:26.185866, 3, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
> list_groups EXAMPLE.COM
> [2016/02/16 11:29:26.185920, 1, pid=31022, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryGroupList: struct wbint_QueryGroupList
> in: struct wbint_QueryGroupList
> [2016/02/16 11:29:26.593525, 1, pid=31022, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryGroupList: struct wbint_QueryGroupList
> out: struct wbint_QueryGroupList
> groups : *
> groups: struct wbint_Principals
> num_principals : 562
> principals: ARRAY(562)
> principals: struct wbint_Principal
> sid :
> S-1-5-21-1479197986-680052183-3269973696-571
> type : SID_NAME_DOM_GRP
> (2)
> name : *
> name : 'Allowed RODC
> Password Replication Group'
> principals: struct wbint_Principal
> sid :
> S-1-5-21-1479197986-680052183-3269973696-498
> type : SID_NAME_DOM_GRP
> (2)
> name : *
> name : 'Enterprise
> Read-Only Domain Controllers'
> .
> .
> .
>
>
>
> Running "wbinfo -u"
>
> .
> .
> .
> [2016/02/16 11:30:07.352308, 3, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name)
> [31117]: request domain name
> [2016/02/16 11:30:07.352368, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[31117:DOMAIN_NAME]: delivered response
> to client
> [2016/02/16 11:30:07.352428, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:758(process_request)
> process_request: request fn DOMAIN_INFO
> [2016/02/16 11:30:07.352452, 3, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
> [31117]: domain_info [EXAMPLE.COM]
> [2016/02/16 11:30:07.352526, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[31117:DOMAIN_INFO]: delivered response
> to client
> [2016/02/16 11:30:07.352648, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
> process_request: Handling async request 31117:LIST_USERS
> [2016/02/16 11:30:07.352697, 3, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
> list_users EXAMPLE.COM
> [2016/02/16 11:30:07.352740, 1, pid=31022, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryUserList: struct wbint_QueryUserList
> in: struct wbint_QueryUserList
> [2016/02/16 11:30:17.465320, 5, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:1132(remove_timed_out_clients)
> Idle client timed out, shutting down sock 33, pid 31053
> [2016/02/16 11:31:07.763617, 10, pid=31022, effective(0, 0), real(0, 0)]
> ../source4/lib/messaging/messaging.c:417(imessaging_dgm_recv)
> imessaging_dgm_recv: dst 31022 matches my id: 31022, type=0x40c
> [2016/02/16 11:31:07.763671, 10, pid=31022, effective(0, 0), real(0, 0)]
> ../source3/lib/messages.c:254(messaging_recv_cb)
> messaging_recv_cb: Received message 0x40c len 7 (num_fds:0) from 31026
> [2016/02/16 11:31:07.763691, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cm.c:365(winbind_msg_domain_offline)
> Domain EXAMPLE.COM is marked as offline now.
> [2016/02/16 11:31:07.764062, 1, pid=31022, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryUserList: struct wbint_QueryUserList
> out: struct wbint_QueryUserList
> users : *
> users: struct wbint_userinfos
> num_userinfos : 0x00000000 (0)
> userinfos: ARRAY(0)
> result : NT_STATUS_IO_TIMEOUT
> [2016/02/16 11:31:07.764138, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
> Domain EXAMPLE.COM returned 0 users
> [2016/02/16 11:31:07.764152, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
> List_users for domain EXAMPLE.COM failed
> [2016/02/16 11:31:07.764167, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:793(wb_request_done)
> wb_request_done[31117:LIST_USERS]: NT_STATUS_OK
> [2016/02/16 11:31:07.764222, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:861(winbind_client_response_written)
> winbind_client_response_written[31117:LIST_USERS]: delivered response to
> client
> [2016/02/16 11:31:07.764940, 6, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:965(winbind_client_request_read)
> closing socket 35, client exited
> [2016/02/16 11:31:07.873705, 10, pid=31022, effective(0, 0), real(0, 0)]
> ../source4/lib/messaging/messaging.c:417(imessaging_dgm_recv)
> imessaging_dgm_recv: dst 31022 matches my id: 31022, type=0x40b
> [2016/02/16 11:31:07.873752, 10, pid=31022, effective(0, 0), real(0, 0)]
> ../source3/lib/messages.c:254(messaging_recv_cb)
> messaging_recv_cb: Received message 0x40b len 7 (num_fds:0) from 31026
> [2016/02/16 11:31:07.873775, 10, pid=31022, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cm.c:385(winbind_msg_domain_online)
> Domain EXAMPLE.COM is marked as online now.
>
More information about the samba
mailing list