[Samba] wbinfo -u and -g gives no output

Dennis Xu dxu at uoguelph.ca
Thu Jun 9 18:02:04 UTC 2016 

>Note: the line 'idmap config ad' is not a correct samba option. 
>But also this would not cause your issue. 

I did not config this and I believe this comes from the default. Do you suggest to comment this out? 

I tried "wbinfo -u" and "wbinfo -g" again and attached the log.wb-CFS file. 

Sorry I forgot to mention, I did stop winbind, remove /var/lib/samba/winbindd_cache.tdb and start winbind again. That did not help. 

Thanks. 

Dennis 


----- Original Message -----

From: "Michael Adam" <obnox at samba.org> 
To: "Dennis Xu" <dxu at uoguelph.ca> 
Cc: "samba" <samba at lists.samba.org> 
Sent: Thursday, June 9, 2016 11:47:18 AM 
Subject: Re: [Samba] wbinfo -u and -g gives no output 

On 2016-06-09 at 10:17 -0400, Dennis Xu wrote: 
> Hi Michael, 
> 
> Thank you for your suggestion. 
> 
> I did clone the server. After the clone, the server was not 
> join to domain automatically, then I join the server to the 
> domain separately. I did not change the local sid. Should I 
> change that? 

Not necessarily: It is rather cosmetic and probably not the 
cause for your issue. 

> Actually I followed this process to clone the first server and 
> that server did not have the wbinfo -u issue. Then I tried to 
> clone other servers then I started to see this issue. I also 
> recently did a fresh install for a server and I have the same 
> issue for that server as well. 
> 
> I have attached the smb.conf 

Note: the line 'idmap config ad' is not a correct samba option. 
But also this would not cause your issue. 

> and winbind logs(in debug level 10 and after "wbinfo -u" was issued). 

I'd also need to see log.wb-* (corresponding). 
But I can already see that the attempts to 
get the user's list times out. See below: 

> I use Samba for FreeRADIUS integration to authenticate PEAP 
> MS-CHAP2 wireless authentications against AD. The server seems 
> still can authenticate users. I am not sure if this "wbinfo -u" 
> issue will cause any authentication issues. 

Likely not. 


Here the important part from log.winbindd: 

> [2016/06/09 10:04:31.071983, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request) 
> process_request: Handling async request 11852:LIST_USERS 
> [2016/06/09 10:04:31.072016, 3, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send) 
> list_users CFS 

Main winbind is asking the CFS child to list the CFS domain 
users. 

> [2016/06/09 10:04:31.072059, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) 
> wbint_QueryUserList: struct wbint_QueryUserList 
> in: struct wbint_QueryUserList 
> [2016/06/09 10:04:32.047364, 10, pid=11846, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:252(messaging_recv_cb) 
> messaging_recv_cb: Received message 0x40c len 4 (num_fds:0) from 11847 
> [2016/06/09 10:04:32.047421, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline) 
> Domain CFS is marked as offline now. 

Here I need to see the log.wb-CFS file, to see what the 
domain child is up to. But I suspect that the domain 
child can't contact any DCs and marks itself offline. 

> [2016/06/09 10:04:32.048320, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) 
> wbint_QueryUserList: struct wbint_QueryUserList 
> out: struct wbint_QueryUserList 
> users : * 
> users: struct wbint_userinfos 
> num_userinfos : 0x00000000 (0) 
> userinfos: ARRAY(0) 
> result : NT_STATUS_IO_TIMEOUT 

The list users request to the CFS domain times out. 

> [2016/06/09 10:04:32.048409, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done) 
> Domain CFS returned 0 users 
> [2016/06/09 10:04:32.048434, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done) 
> List_users for domain CFS failed 
> [2016/06/09 10:04:32.048458, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done) 
> wb_request_done[11852:LIST_USERS]: NT_STATUS_OK 

So my guess is that there is some issue with 
finding and/or contacting domain controllers. 
More after we get the other log. 

Cheers - Michael 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.wb-CFS.txt
URL: <http://lists.samba.org/pipermail/samba/attachments/20160609/1ac81cd8/log.wb-CFS.txt>

More information about the samba mailing list