[Samba] Repeat Question with more Info about strange winbind behaviour

ray klassen julius_ahenobarbus at yahoo.co.uk
Thu May 26 23:16:33 UTC 2016

yup. Debian samba 4.2.1(1) is buggy. issues seem taken care with the sernet package. Very shocked that a stable debian package of anything would be buggy. Up to and including the kerberos noise visible on tcpdump. What the (heck) was it doing anyway?Tried creating my own debian package -- done that before with other software. stymied by dependencies and patches -- even one version later. Wish list item: a debian directory as part of the main source tree. Other software does it. Obviously it's a matter of priorities. But it's a valid wish nonetheless. 

    On Saturday, 21 May 2016, 0:09, Rowland penny <rpenny at samba.org> wrote:

 On 21/05/16 01:03, Jeremy Allison wrote:
> On Thu, May 19, 2016 at 07:05:56PM +0000, ray klassen wrote:
>> <original unanswered message>
>> OS: Debian Jessie Samba version: 2:4.2.10+dfsg-0+deb8u2
>> strange behaviours
>> before I set "winbind use rpc only = yes"
>> 1) "wbinfo -u" would pause and return nothing2) "getent passwd" would display only the user info in the local files
>> 3) "wbinfo -g" would return list of domain groups4) "wbinfo -i user" would display the user information of one user5) "getent passwd user" would display the user information in passwd format
>> after I set "winbind use rpc only = yes" everything seems to work normally. i.e. the 1 and 2 return a full list.this would seem to indicate to me that winbind was getting incomplete info from ldap on the PDC.I have no idea how this could happen. Other machines on my network do not have this issue. Even one almost identical. It's a mirror on the other end of a VPN. It doesn't seem to need "winbind use rpc only = yes" OpenLDAP had a size limit on lookups. Is there such a thing in the SAMBA 4 ldap backend?
>> Is needing "winbind use rpc only = yes" indicative of something wrong?
> Yes. It forces winbindd to only use the DCE-RPC
> calls to the AD-DC instead of the LDAP calls.
> You should not need this.

OK, you are using Debian Samba 4.2.10, which is really Samba 4.2.11 
(don't ask why), but 4.2.11 has been replaced by Samba 4.2.12 because of 
regressions caused by the security fixes. This could be your problem, 
see here for the release notes:


Your options to test if this is the case:

Wait until Debian releases a 4.2.12 package.
Use Sernets 4.2.12 package
Compile Samba yourself.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list