wbinfo -u /-g error after upgrade to 4.4.2 or 4.3.8 (security = ads)
Dr. Hansjoerg Maurer
hansjoerg.maurer at itsd.de
Wed Apr 13 11:51:36 UTC 2016
Hi
I tested the new 4.4.2 and 4.3.8 releases in an security = ads environment wie Windows2012 DC's and I recognized, that
wbinfo -u oder wbinfo -g did not show any domain users/groups any more
When I set
client ldap sasl wrapping = plain
it works again.
Is this a know issue and can anybody try to reproduce?
The log shows
[2016/04/13 13:48:35.538729, 3] ../source3/libads/ldap.c:661(ads_connect)
Connected to LDAP server XXXXX
[2016/04/13 13:48:35.540871, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2016/04/13 13:48:35.540910, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2016/04/13 13:48:35.540923, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2016/04/13 13:48:35.540935, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2016/04/13 13:48:35.540960, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2016/04/13 13:48:35.549900, 1] ../auth/gensec/spnego.c:664(gensec_spnego_create_negTokenInit)
Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR
...
[2016/04/13 13:49:44.616462, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2016/04/13 13:49:44.616498, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2016/04/13 13:49:44.616510, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2016/04/13 13:49:44.616522, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2016/04/13 13:49:44.616549, 3] ../source3/libads/sasl.c:723(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2016/04/13 13:49:45.986675, 3] ../source3/libads/ldap.c:981(ads_do_paged_search_args)
ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded
[2016/04/13 13:49:45.986720, 1] ../source3/libads/ldap_utils.c:93(ads_do_search_retry_internal)
Reducing LDAP page size from 500 to 250 due to IO_TIMEOUT
Regards
Hansjörg
----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.
Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6948 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160413/3ac931a9/smime.bin>
More information about the samba-technical
mailing list