[Samba] Winbind error "Could not fetch our SID - did we join?"
Sven Schwedas
sven.schwedas at tao.at
Mon Nov 13 10:02:48 UTC 2017
We did, in fact, join mere seconds ago, but for some reason, winbind
still can't find itself. ADUC etc meanwhile have no trouble finding the
newly added computer account.
Wiping /var/{lib,cache}/samba/ (and the computer account) makes no
difference, the error persists.
How do I proceed?
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
-------------- next part --------------
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
Processing section "[global]"
Processing section "[homes]"
Processing section "[1_TAO_VISION_und_VERWALTUNG]"
Processing section "[2_TAO_GESCHAEFTSFELDINFOS]"
Processing section "[3_TAO_DENK_und_WERKZEUGE_TOOLS]"
Processing section "[4_TAO_PROJEKTE]"
Processing section "[5_TAO_ARCHIV]"
Processing section "[Bilder]"
Processing section "[buchhaltung]"
Processing section "[DBS]"
Processing section "[DSC_Scanner]"
Processing section "[public-villach]"
Processing section "[Videos]"
Processing section "[printers]"
Processing section "[print$]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain ad.tao.at
finddcs: looking for SRV records for _ldap._tcp.ad.tao.at
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.ad.tao.at<0x0>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
ads_dns_lookup_srv: 4 records returned in the answer section.
finddcs: DNS SRV response 0 at '192.168.17.65'
finddcs: DNS SRV response 1 at '192.168.16.213'
finddcs: DNS SRV response 2 at '192.168.17.66'
finddcs: DNS SRV response 3 at '192.168.16.211'
finddcs: performing CLDAP query on 192.168.17.65
finddcs: Found matching DC 192.168.17.65 with server_type=0x000003fd
Mapped to DCERPC endpoint \pipe\lsarpc
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 46080
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [AD\sven.schwedas]:
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1400
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will have no cryptographic protection
Mapped to DCERPC endpoint 135
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1400
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name graz-dc-sem.ad.tao.at<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1392
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
ldb_wrap open of ldap://graz-dc-sem.ad.tao.at
ldb_wrap open of secrets.ldb
Joined domain AD (S-1-5-21-3879549028-3895635520-2867903743)
-------------- next part --------------
[2017/11/13 10:56:40.771086, 3] ../source3/param/loadparm.c:3739(lp_load_ex)
lp_load_ex: refreshing parameters
[2017/11/13 10:56:40.771168, 5] ../source3/param/loadparm.c:1312(free_param_opts)
Freeing parametrics:
[2017/11/13 10:56:40.771236, 3] ../source3/param/loadparm.c:542(init_globals)
Initialising global parameters
[2017/11/13 10:56:40.771276, 2] ../source3/param/loadparm.c:314(max_open_files)
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2017/11/13 10:56:40.771369, 3] ../source3/param/loadparm.c:2668(lp_do_section)
Processing section "[global]"
doing parameter log level = 5
[2017/11/13 10:56:40.771422, 5] ../lib/util/debug.c:642(debug_dump_status)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
doing parameter workgroup = AD
doing parameter realm = AD.TAO.AT
doing parameter security = ADS
doing parameter idmap config * : backend = tdb
doing parameter idmap config * : range = 60000-61000
doing parameter idmap config AD : backend = ad
doing parameter idmap config AD : range = 4500-50000
doing parameter idmap config AD : schema_mode = rfc2307
doing parameter winbind nss info = rfc2307
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind offline logon = yes
doing parameter winbind max domain connections = 32
doing parameter winbind expand groups = 4
doing parameter winbind refresh tickets = yes
doing parameter state directory = /var/cache/samba/
doing parameter cache directory = /var/cache/samba/
doing parameter lock directory = /var/cache/samba/
doing parameter template homedir = /home/%U
doing parameter template shell = /bin/bash
doing parameter winbind reconnect delay = 5
doing parameter winbind cache time = 30
doing parameter load printers = no
doing parameter unix extensions = no
doing parameter include = /etc/samba/site.conf
[2017/11/13 10:56:40.772409, 3] ../source3/param/loadparm.c:2668(lp_do_section)
Processing section "[global]"
doing parameter netbios name = VILLACH-FILE
doing parameter server string = Netzlaufwerke Villach
doing parameter max stat cache size = 4096
doing parameter client max protocol = SMB2
doing parameter deadtime = 2
doing parameter unix extensions = no
doing parameter local master = no
doing parameter read only = No
doing parameter acl group control = Yes
doing parameter create mask = 0770
doing parameter force create mode = 0660
doing parameter directory mask = 0770
doing parameter force directory mode = 02770
doing parameter inherit permissions = Yes
doing parameter inherit acls = Yes
doing parameter inherit owner = Yes
doing parameter aio read size = 16384
doing parameter aio write size = 16384
doing parameter map acl inherit = Yes
doing parameter block size = 4096
doing parameter use sendfile = Yes
doing parameter map archive = No
doing parameter map readonly = no
doing parameter store dos attributes = Yes
doing parameter ldap timeout = 5
doing parameter winbind reconnect delay = 2
doing parameter winbind refresh tickets = yes
doing parameter winbind request timeout = 5
doing parameter load printers = yes
[2017/11/13 10:56:40.773111, 4] ../source3/param/loadparm.c:3780(lp_load_ex)
pm_process() returned Yes
[2017/11/13 10:56:40.773303, 2] ../source3/lib/interface.c:345(add_interface)
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 10:56:40.773374, 1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.773420, 5] ../source3/lib/util_names.c:152(init_names)
Netbios name list:-
my_netbios_names[0]="VILLACH-FILE"
[2017/11/13 10:56:40.773550, 2] ../source3/lib/interface.c:345(add_interface)
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 10:56:40.774640, 4] ../source3/lib/time.c:266(TimeInit)
TimeInit: Serverzone is -3600
[2017/11/13 10:56:40.775680, 5] ../source3/lib/tdb_validate.c:195(tdb_validate_open)
tdb_validate_open called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.775777, 5] ../source3/lib/tdb_validate.c:112(tdb_validate)
tdb_validate called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.779563, 5] ../source3/lib/tdb_validate.c:179(tdb_validate)
tdb_validate returning code '0' for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.779663, 1] ../source3/lib/tdb_validate.c:480(tdb_validate_and_backup)
tdb '/var/cache/samba/winbindd_cache.tdb' is valid
[2017/11/13 10:56:40.779716, 3] ../source3/lib/tdb_validate.c:379(rename_file_with_suffix)
file '/var/cache/samba/winbindd_cache.tdb.bak' does not exist - so not moved
[2017/11/13 10:56:40.786847, 1] ../source3/lib/tdb_validate.c:490(tdb_validate_and_backup)
Created backup '/var/cache/samba/winbindd_cache.tdb.bak' of tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.787137, 5] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
check lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 10:56:40.787283, 5] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
release lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 10:56:40.787328, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 33 - private_data=(nil)
[2017/11/13 10:56:40.787365, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 13 - private_data=(nil)
[2017/11/13 10:56:40.787400, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1028 - private_data=(nil)
[2017/11/13 10:56:40.787434, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1027 - private_data=(nil)
[2017/11/13 10:56:40.787469, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1029 - private_data=(nil)
[2017/11/13 10:56:40.787503, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1036 - private_data=(nil)
[2017/11/13 10:56:40.787538, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1035 - private_data=(nil)
[2017/11/13 10:56:40.787575, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1280 - private_data=(nil)
[2017/11/13 10:56:40.787609, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1032 - private_data=(nil)
[2017/11/13 10:56:40.787644, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1033 - private_data=(nil)
[2017/11/13 10:56:40.787678, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1034 - private_data=(nil)
[2017/11/13 10:56:40.787712, 5] ../source3/lib/messages.c:356(messaging_register)
Registering messaging pointer for type 1 - private_data=(nil)
[2017/11/13 10:56:40.787746, 5] ../source3/lib/messages.c:371(messaging_register)
Overriding messaging pointer for type 1 - private_data=(nil)
[2017/11/13 10:56:40.787983, 1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.788077, 5] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 10:56:40.788117, 5] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 10:56:40.788175, 5] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 10:56:40.788217, 5] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 10:56:40.846132, 1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.846218, 1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.846261, 2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
Added domain BUILTIN (null) S-1-5-32
[2017/11/13 10:56:40.846313, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend smbpasswd
[2017/11/13 10:56:40.846360, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'smbpasswd'
[2017/11/13 10:56:40.846397, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend tdbsam
[2017/11/13 10:56:40.846433, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'tdbsam'
[2017/11/13 10:56:40.846469, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend wbc_sam
[2017/11/13 10:56:40.846505, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'wbc_sam'
[2017/11/13 10:56:40.846540, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend samba_dsdb
[2017/11/13 10:56:40.846576, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'samba_dsdb'
[2017/11/13 10:56:40.846611, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend samba4
[2017/11/13 10:56:40.846649, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'samba4'
[2017/11/13 10:56:40.846685, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend ldapsam
[2017/11/13 10:56:40.846721, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'ldapsam'
[2017/11/13 10:56:40.846756, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend NDS_ldapsam
[2017/11/13 10:56:40.846792, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'NDS_ldapsam'
[2017/11/13 10:56:40.846829, 5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
Attempting to register passdb backend IPA_ldapsam
[2017/11/13 10:56:40.846865, 5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
Successfully added passdb backend 'IPA_ldapsam'
[2017/11/13 10:56:40.846902, 5] ../source3/passdb/pdb_interface.c:155(make_pdb_method_name)
Attempting to find a passdb backend to match tdbsam (tdbsam)
[2017/11/13 10:56:40.846938, 5] ../source3/passdb/pdb_interface.c:176(make_pdb_method_name)
Found pdb backend tdbsam
[2017/11/13 10:56:40.846980, 5] ../source3/passdb/pdb_interface.c:187(make_pdb_method_name)
pdb backend tdbsam has a valid init
[2017/11/13 10:56:40.847021, 1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847092, 1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847139, 1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847176, 2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
Added domain VILLACH-FILE (null) S-1-5-21-2099295303-2754723936-1384751756
[2017/11/13 10:56:40.847223, 0] ../source3/winbindd/winbindd_util.c:902(init_domain_list)
Could not fetch our SID - did we join?
[2017/11/13 10:56:40.847319, 0] ../source3/winbindd/winbindd.c:1401(winbindd_register_handlers)
unable to initialize domain list
-------------- next part --------------
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
realm = AD.TAO.AT
server string = Netzlaufwerke Villach
workgroup = AD
local master = No
max stat cache size = 4096
ldap timeout = 5
cache directory = /var/cache/samba/
lock directory = /var/cache/samba/
state directory = /var/cache/samba/
client max protocol = SMB2
unix extensions = No
security = ADS
deadtime = 2
template homedir = /home/%U
template shell = /bin/bash
winbind cache time = 30
winbind enum groups = Yes
winbind enum users = Yes
winbind expand groups = 4
winbind max domain connections = 32
winbind nss info = rfc2307
winbind offline logon = Yes
winbind reconnect delay = 2
winbind refresh tickets = Yes
winbind request timeout = 5
winbind use default domain = Yes
idmap config ad : schema_mode = rfc2307
idmap config ad : range = 4500-50000
idmap config ad : backend = ad
idmap config * : range = 60000-61000
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
include = /etc/samba/site.conf
map acl inherit = Yes
acl group control = Yes
create mask = 0770
directory mask = 0770
force create mode = 0660
force directory mode = 02770
inherit acls = Yes
inherit owner = Yes
inherit permissions = Yes
read only = No
aio read size = 16384
aio write size = 16384
block size = 4096
use sendfile = Yes
[homes]
comment = ~
volume = nethome
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20171113/e5428cf7/signature.sig>
More information about the samba
mailing list