wbinfo -u /-g error after upgrade to 4.4.2 or 4.3.8 (security = ads)

Dr. Hansjoerg Maurer hansjoerg.maurer at itsd.de
Wed Apr 13 11:51:36 UTC 2016 

Hi

I tested the new 4.4.2 and 4.3.8 releases in an security = ads environment wie Windows2012  DC's and I recognized, that 
wbinfo -u oder wbinfo -g did not show any domain users/groups any more

When I set
  

        client ldap sasl wrapping = plain

it works again.

Is this a know issue and can anybody try to reproduce?

The log shows


[2016/04/13 13:48:35.538729,  3] ../source3/libads/ldap.c:661(ads_connect)
  Connected to LDAP server XXXXX
[2016/04/13 13:48:35.540871,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2016/04/13 13:48:35.540910,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2016/04/13 13:48:35.540923,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2016/04/13 13:48:35.540935,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2016/04/13 13:48:35.540960,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2016/04/13 13:48:35.549900,  1] ../auth/gensec/spnego.c:664(gensec_spnego_create_negTokenInit)
  Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR

...

[2016/04/13 13:49:44.616462,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2016/04/13 13:49:44.616498,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2016/04/13 13:49:44.616510,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2016/04/13 13:49:44.616522,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2016/04/13 13:49:44.616549,  3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2016/04/13 13:49:45.986675,  3] ../source3/libads/ldap.c:981(ads_do_paged_search_args)
  ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded
[2016/04/13 13:49:45.986720,  1] ../source3/libads/ldap_utils.c:93(ads_do_search_retry_internal)
  Reducing LDAP page size from 500 to 250 due to IO_TIMEOUT




Regards 

Hansjörg






----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6948 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160413/3ac931a9/smime.bin>

More information about the samba-technical mailing list