[Samba] wbinfo -u and -g gives no output

Dennis Xu dxu at uoguelph.ca
Thu Jun 9 14:17:07 UTC 2016 

Hi Michael, 

Thank you for your suggestion. 

I did clone the server. After the clone, the server was not join to domain automatically, then I join the server to the domain separately. I did not change the local sid. Should I change that? 

Actually I followed this process to clone the first server and that server did not have the wbinfo -u issue. Then I tried to clone other servers then I started to see this issue. I also recently did a fresh install for a server and I have the same issue for that server as well. 

I have attached the smb.conf and winbind logs(in debug level 10 and after "wbinfo -u" was issued). 

I use Samba for FreeRADIUS integration to authenticate PEAP MS-CHAP2 wireless authentications against AD. The server seems still can authenticate users. I am not sure if this "wbinfo -u" issue will cause any authentication issues. 

Dennis 




----- Original Message -----

From: "Michael Adam" <obnox at samba.org> 
To: "Dennis Xu" <dxu at uoguelph.ca> 
Cc: "samba" <samba at lists.samba.org> 
Sent: Wednesday, June 8, 2016 5:54:31 PM 
Subject: Re: [Samba] wbinfo -u and -g gives no output 

On 2016-06-08 at 16:00 -0400, Dennis Xu wrote: 
> Hi, I am checking again if there are any other suggestions. 
> 
> The Samba server is joined to AD successfully. I can 
> authenticate a user using "wbinfo -a" but "wbinfo -u" and 
> "wbinfo -g" commands give no output. 
> 
> Any ideas? 

So you say the machine is cloned from another one. 
Did you just copy the config or really clone it all? 
Did you join this separately? 
If you cloned, did you change the local sid? 
... 
So I hope you just copied the config. :-) 

But for our purposes, also the caches that you 
might have copied, make a difference. 
Please check whether /var/cache/samba/winbindd_cache.tdb 
exists (or /var/lib/samba/winbindd_cache.tdb), and 
if it does, stop winbind and remove this file and 
start winbind again. At least this could affect you 
if you are using 'winbind offline logons = yes'. 

If you had not mentioned the other identical servers 
without problems, I would have suspected that you have 
a very large domain (several 100,000 objects) which 
may cause wbinfo -u /-g to time out. But that does 
not seem to be the issue then... 

If clearing the caches above does not help, we'd need 
to see your smb.conf and the logs of winbind at level 
10 right from starting winbind to completion of 
wbinfo -u right as the first command. 

Cheers - Michael 



-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.winbindd-dc-connect.txt
URL: <http://lists.samba.org/pipermail/samba/attachments/20160609/1a81039f/log.winbindd-dc-connect.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.winbindd.txt
URL: <http://lists.samba.org/pipermail/samba/attachments/20160609/1a81039f/log.winbindd.txt>

More information about the samba mailing list