[Samba] wbinfo -u and -g gives no output

Lars Maes l.maes at mosadex.nl
Fri Jun 10 20:47:27 UTC 2016 

I had exact the same problem.

Try: client ldap sasl wrapping = plain in smb.conf

Op 10 jun. 2016 10:44 p.m. schreef Dennis Xu <dxu at uoguelph.ca>:
Hello,

I see this error when trying "wbinfo -g":

[2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args)
ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded

Any ideas about this?

Thanks.




----- Original Message -----

From: "Dennis Xu" <dxu at uoguelph.ca>
To: "Michael Adam" <obnox at samba.org>
Cc: "samba" <samba at lists.samba.org>
Sent: Thursday, June 9, 2016 2:02:04 PM
Subject: Re: [Samba] wbinfo -u and -g gives no output

>Note: the line 'idmap config ad' is not a correct samba option.
>But also this would not cause your issue.

I did not config this and I believe this comes from the default. Do you suggest to comment this out?

I tried "wbinfo -u" and "wbinfo -g" again and attached the log.wb-CFS file.

Sorry I forgot to mention, I did stop winbind, remove /var/lib/samba/winbindd_cache.tdb and start winbind again. That did not help.

Thanks.

Dennis


----- Original Message -----

From: "Michael Adam" <obnox at samba.org>
To: "Dennis Xu" <dxu at uoguelph.ca>
Cc: "samba" <samba at lists.samba.org>
Sent: Thursday, June 9, 2016 11:47:18 AM
Subject: Re: [Samba] wbinfo -u and -g gives no output

On 2016-06-09 at 10:17 -0400, Dennis Xu wrote:
> Hi Michael,
>
> Thank you for your suggestion.
>
> I did clone the server. After the clone, the server was not
> join to domain automatically, then I join the server to the
> domain separately. I did not change the local sid. Should I
> change that?

Not necessarily: It is rather cosmetic and probably not the
cause for your issue.

> Actually I followed this process to clone the first server and
> that server did not have the wbinfo -u issue. Then I tried to
> clone other servers then I started to see this issue. I also
> recently did a fresh install for a server and I have the same
> issue for that server as well.
>
> I have attached the smb.conf

Note: the line 'idmap config ad' is not a correct samba option.
But also this would not cause your issue.

> and winbind logs(in debug level 10 and after "wbinfo -u" was issued).

I'd also need to see log.wb-* (corresponding).
But I can already see that the attempts to
get the user's list times out. See below:

> I use Samba for FreeRADIUS integration to authenticate PEAP
> MS-CHAP2 wireless authentications against AD. The server seems
> still can authenticate users. I am not sure if this "wbinfo -u"
> issue will cause any authentication issues.

Likely not.


Here the important part from log.winbindd:

> [2016/06/09 10:04:31.071983, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
> process_request: Handling async request 11852:LIST_USERS
> [2016/06/09 10:04:31.072016, 3, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
> list_users CFS

Main winbind is asking the CFS child to list the CFS domain
users.

> [2016/06/09 10:04:31.072059, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryUserList: struct wbint_QueryUserList
> in: struct wbint_QueryUserList
> [2016/06/09 10:04:32.047364, 10, pid=11846, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:252(messaging_recv_cb)
> messaging_recv_cb: Received message 0x40c len 4 (num_fds:0) from 11847
> [2016/06/09 10:04:32.047421, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:364(winbind_msg_domain_offline)
> Domain CFS is marked as offline now.

Here I need to see the log.wb-CFS file, to see what the
domain child is up to. But I suspect that the domain
child can't contact any DCs and marks itself offline.

> [2016/06/09 10:04:32.048320, 1, pid=11846, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_QueryUserList: struct wbint_QueryUserList
> out: struct wbint_QueryUserList
> users : *
> users: struct wbint_userinfos
> num_userinfos : 0x00000000 (0)
> userinfos: ARRAY(0)
> result : NT_STATUS_IO_TIMEOUT

The list users request to the CFS domain times out.

> [2016/06/09 10:04:32.048409, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
> Domain CFS returned 0 users
> [2016/06/09 10:04:32.048434, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
> List_users for domain CFS failed
> [2016/06/09 10:04:32.048458, 10, pid=11846, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
> wb_request_done[11852:LIST_USERS]: NT_STATUS_OK

So my guess is that there is some issue with
finding and/or contacting domain controllers.
More after we get the other log.

Cheers - Michael

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list