[Samba] Repeat Question with more Info about strange winbind behaviour

Rowland penny rpenny at samba.org
Sat May 21 07:07:23 UTC 2016

On 21/05/16 01:03, Jeremy Allison wrote:
> On Thu, May 19, 2016 at 07:05:56PM +0000, ray klassen wrote:
>> <original unanswered message>
>> OS: Debian Jessie Samba version: 2:4.2.10+dfsg-0+deb8u2
>> strange behaviours
>> before I set "winbind use rpc only = yes"
>> 1) "wbinfo -u" would pause and return nothing2) "getent passwd" would display only the user info in the local files
>> 3) "wbinfo -g" would return list of domain groups4) "wbinfo -i user" would display the user information of one user5) "getent passwd user" would display the user information in passwd format
>> after I set "winbind use rpc only = yes" everything seems to work normally. i.e. the 1 and 2 return a full list.this would seem to indicate to me that winbind was getting incomplete info from ldap on the PDC.I have no idea how this could happen. Other machines on my network do not have this issue. Even one almost identical. It's a mirror on the other end of a VPN. It doesn't seem to need "winbind use rpc only = yes" OpenLDAP had a size limit on lookups. Is there such a thing in the SAMBA 4 ldap backend?
>> Is needing "winbind use rpc only = yes" indicative of something wrong?
> Yes. It forces winbindd to only use the DCE-RPC
> calls to the AD-DC instead of the LDAP calls.
> You should not need this.

OK, you are using Debian Samba 4.2.10, which is really Samba 4.2.11 
(don't ask why), but 4.2.11 has been replaced by Samba 4.2.12 because of 
regressions caused by the security fixes. This could be your problem, 
see here for the release notes:


Your options to test if this is the case:

Wait until Debian releases a 4.2.12 package.
Use Sernets 4.2.12 package
Compile Samba yourself.


More information about the samba mailing list