Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Problems after migration from samba 3.5.2 to samba 4.3.1
48 views
Skip to first unread message
Fernando Favero
Feb 15, 2016, 7:50:03 AM2/15/16
to
Hello,
3 months ago, I migrated my domain from samba 3.5.2 (NT4 with LDAP) to
samba 4.3.1 (compiled from source) following classic upgrade instructions
on wiki page. The samba 4.3.1 is using Samba Internal DNS.
20.000 users and 2.800 computers were migrated.
After the migration process, I joined 1 new DC server and 2 File Servers to
domain.
All users can login on domain, but we have some issues.
1 – “wbinfo -u” doesn't show users, but “wbinfo -g” show groups normally
2 – On DC servers, samba process listen ports 135 and 1024 is using 100% of
CPU
3 – On DC servers, samba process listen ports 464 and 88 are using ~ 50% of
CPU
4 – On File Servers, run a “ls -l” on directories with user/groups
permissions from domain is very slow
5 – Sometimes, file servers lost connections to winbind process.
wbinfo -t
checking the trust secret for domain UEL.BR via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
I have tried to find wath is wrong, but not found the solution yet.
Can someone help me ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
3 months ago, I migrated my domain from samba 3.5.2 (NT4 with LDAP) to
samba 4.3.1 (compiled from source) following classic upgrade instructions
on wiki page. The samba 4.3.1 is using Samba Internal DNS.
20.000 users and 2.800 computers were migrated.
After the migration process, I joined 1 new DC server and 2 File Servers to
domain.
All users can login on domain, but we have some issues.
1 – “wbinfo -u” doesn't show users, but “wbinfo -g” show groups normally
2 – On DC servers, samba process listen ports 135 and 1024 is using 100% of
CPU
3 – On DC servers, samba process listen ports 464 and 88 are using ~ 50% of
CPU
4 – On File Servers, run a “ls -l” on directories with user/groups
permissions from domain is very slow
5 – Sometimes, file servers lost connections to winbind process.
wbinfo -t
checking the trust secret for domain UEL.BR via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
I have tried to find wath is wrong, but not found the solution yet.
Can someone help me ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
Feb 15, 2016, 8:20:05 AM2/15/16
to
On 15/02/16 12:40, Fernando Favero wrote:
> Hello,
>
>
> 3 months ago, I migrated my domain from samba 3.5.2 (NT4 with LDAP) to
> samba 4.3.1 (compiled from source) following classic upgrade instructions
> on wiki page. The samba 4.3.1 is using Samba Internal DNS.
>
> 20.000 users and 2.800 computers were migrated.
>
> After the migration process, I joined 1 new DC server and 2 File Servers to
> domain.
>
> All users can login on domain, but we have some issues.
>
>
> 1 – “wbinfo -u” doesn't show users, but “wbinfo -g” show groups normally
>
> 2 – On DC servers, samba process listen ports 135 and 1024 is using 100% of
> CPU
>
> 3 – On DC servers, samba process listen ports 464 and 88 are using ~ 50% of
> CPU
>
> 4 – On File Servers, run a “ls -l” on directories with user/groups
> permissions from domain is very slow
>
> 5 – Sometimes, file servers lost connections to winbind process.
>
> wbinfo -t
>
> checking the trust secret for domain UEL.BR via RPC calls failed
>
> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
>
> Could not check secret
>
>
> I have tried to find wath is wrong, but not found the solution yet.
>
>
> Can someone help me ?
We can certainly try, but it will probably help if you can post your
> Hello,
>
>
> 3 months ago, I migrated my domain from samba 3.5.2 (NT4 with LDAP) to
> samba 4.3.1 (compiled from source) following classic upgrade instructions
> on wiki page. The samba 4.3.1 is using Samba Internal DNS.
>
> 20.000 users and 2.800 computers were migrated.
>
> After the migration process, I joined 1 new DC server and 2 File Servers to
> domain.
>
> All users can login on domain, but we have some issues.
>
>
> 1 – “wbinfo -u” doesn't show users, but “wbinfo -g” show groups normally
>
> 2 – On DC servers, samba process listen ports 135 and 1024 is using 100% of
> CPU
>
> 3 – On DC servers, samba process listen ports 464 and 88 are using ~ 50% of
> CPU
>
> 4 – On File Servers, run a “ls -l” on directories with user/groups
> permissions from domain is very slow
>
> 5 – Sometimes, file servers lost connections to winbind process.
>
> wbinfo -t
>
> checking the trust secret for domain UEL.BR via RPC calls failed
>
> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
>
> Could not check secret
>
>
> I have tried to find wath is wrong, but not found the solution yet.
>
>
> Can someone help me ?
smb.conf files from the various Samba machines.
Rowland
Fernando Favero
Feb 15, 2016, 12:30:04 PM2/15/16
to
My smb.conf files.
The OS is a CentOS 7
DC Server 1
-------------------------------
[global]
workgroup = EXAMPLE.COM
realm = campus.example.com
netbios name = DC-SERVER1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = 8.8.8.8
dsdb:schema update allowed = true
winbind max clients = 2000
bind interfaces only = yes
interfaces = eth0
log file = /var/log/samba/%m.log
log level = 1
[netlogon]
path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
DC Server 2
-------------------------------
[global]
workgroup = EXAMPLE.COM
realm = campus.example.com
netbios name = DC-SERVER2
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = 8.8.8.8
dsdb:schema update allowed = true
winbind max clients = 2000
bind interfaces only = yes
interfaces = eth0
log file = /var/log/samba/%m.log
log level = 1
[netlogon]
path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
FileServer1
-------------------------------
[global]
netbios name = FileServer1
server string = FileServer1
security = ADS
workgroup = EXAMPLE.COM
realm = CAMPUS.EXAMPLE.COM
bind interfaces only = yes
interfaces = lo eth0
winbind request timeout = 90
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind max clients = 2000
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
idmap config *:backend = tdb
idmap config *:range = 1000-50000
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
acl allow execute always = true
FileServer2
-------------------------------
[global]
netbios name = FileServer2
server string = FileServer2
security = ADS
workgroup = EXAMPLE.COM
realm = CAMPUS.EXAMPLE.COM
bind interfaces only = yes
interfaces = lo eth0
winbind request timeout = 90
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind max clients = 2000
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
idmap config *:backend = tdb
idmap config *:range = 1000-50000
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
acl allow execute always = true
The OS is a CentOS 7
DC Server 1
-------------------------------
[global]
workgroup = EXAMPLE.COM
realm = campus.example.com
netbios name = DC-SERVER1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = 8.8.8.8
dsdb:schema update allowed = true
winbind max clients = 2000
bind interfaces only = yes
interfaces = eth0
log file = /var/log/samba/%m.log
log level = 1
[netlogon]
path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
DC Server 2
-------------------------------
[global]
workgroup = EXAMPLE.COM
realm = campus.example.com
netbios name = DC-SERVER2
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = 8.8.8.8
dsdb:schema update allowed = true
winbind max clients = 2000
bind interfaces only = yes
interfaces = eth0
log file = /var/log/samba/%m.log
log level = 1
[netlogon]
path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
FileServer1
-------------------------------
[global]
netbios name = FileServer1
server string = FileServer1
security = ADS
workgroup = EXAMPLE.COM
realm = CAMPUS.EXAMPLE.COM
bind interfaces only = yes
interfaces = lo eth0
winbind request timeout = 90
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind max clients = 2000
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
idmap config *:backend = tdb
idmap config *:range = 1000-50000
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
acl allow execute always = true
FileServer2
-------------------------------
[global]
netbios name = FileServer2
server string = FileServer2
security = ADS
workgroup = EXAMPLE.COM
realm = CAMPUS.EXAMPLE.COM
bind interfaces only = yes
interfaces = lo eth0
winbind request timeout = 90
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind max clients = 2000
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
idmap config *:backend = tdb
idmap config *:range = 1000-50000
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
acl allow execute always = true
Rowland penny
Feb 15, 2016, 1:50:03 PM2/15/16
to
workgroup name, I would have just used 'EXAMPLE' i.e. no dot in the name.
Your idmap config stack is incorrect, you only have settings for the
builtin users & groups, see here for how you should set it up:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
Follow the links on that page for the correct settings.
Fernando Favero
Feb 16, 2016, 8:50:03 AM2/16/16
to
Hi Rowland
> OK, two things jump out at me, I wouldn't use 'EXAMPLE.COM' for the
> workgroup name, I would have just used 'EXAMPLE' i.e. no dot in the name.
>
>
I understand, but, change the workgroup involves migrate domain, right ??
Or can I simply change workgroup and restart samba ??
> Your idmap config stack is incorrect, you only have settings for the
> builtin users & groups, see here for how you should set it up:
>
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> Follow the links on that page for the correct settings.
>
>
ldconfig -v | grep winbind shows "libnss_winbind.so.2 ->
libnss_winbind.so.2"
nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
I changed smb.conf in a test environment with same problem with the
following parameters.
idmap config EXAMPLE.COM:range = 2000-50000
idmap config EXAMPLE.COM:backend = ad
idmap config EXAMPLE.COM:schema_mode = rfc2307
getent passwd show local users only
getent group show all groups (loca and domain)
wbinfo -u show nothing
wbinfo -g show all groups (local and domain)
winbindd.log show the following lines when debug level = 10,
Running "wbinfo -g"
.
.
.
[2016/02/16 11:29:26.185376, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name)
[31101]: request domain name
[2016/02/16 11:29:26.185431, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31101:DOMAIN_NAME]: delivered response to
client
[2016/02/16 11:29:26.185540, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:758(process_request)
process_request: request fn DOMAIN_INFO
[2016/02/16 11:29:26.185610, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
[31101]: domain_info [EXAMPLE.COM]
[2016/02/16 11:29:26.185710, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31101:DOMAIN_INFO]: delivered response to
client
[2016/02/16 11:29:26.185825, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
process_request: Handling async request 31101:LIST_GROUPS
[2016/02/16 11:29:26.185866, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
list_groups EXAMPLE.COM
[2016/02/16 11:29:26.185920, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
in: struct wbint_QueryGroupList
[2016/02/16 11:29:26.593525, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
out: struct wbint_QueryGroupList
groups : *
groups: struct wbint_Principals
num_principals : 562
principals: ARRAY(562)
principals: struct wbint_Principal
sid :
S-1-5-21-1479197986-680052183-3269973696-571
type : SID_NAME_DOM_GRP
(2)
name : *
name : 'Allowed RODC
Password Replication Group'
principals: struct wbint_Principal
sid :
S-1-5-21-1479197986-680052183-3269973696-498
type : SID_NAME_DOM_GRP
(2)
name : *
name : 'Enterprise
Read-Only Domain Controllers'
.
.
.
Running "wbinfo -u"
.
.
.
[2016/02/16 11:30:07.352308, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name)
[31117]: request domain name
[2016/02/16 11:30:07.352368, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31117:DOMAIN_NAME]: delivered response to
client
[2016/02/16 11:30:07.352428, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:758(process_request)
process_request: request fn DOMAIN_INFO
[2016/02/16 11:30:07.352452, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
[31117]: domain_info [EXAMPLE.COM]
[2016/02/16 11:30:07.352526, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31117:DOMAIN_INFO]: delivered response to
client
[2016/02/16 11:30:07.352648, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
process_request: Handling async request 31117:LIST_USERS
[2016/02/16 11:30:07.352697, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
list_users EXAMPLE.COM
[2016/02/16 11:30:07.352740, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
in: struct wbint_QueryUserList
[2016/02/16 11:30:17.465320, 5, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:1132(remove_timed_out_clients)
Idle client timed out, shutting down sock 33, pid 31053
[2016/02/16 11:31:07.763617, 10, pid=31022, effective(0, 0), real(0, 0)]
../source4/lib/messaging/messaging.c:417(imessaging_dgm_recv)
imessaging_dgm_recv: dst 31022 matches my id: 31022, type=0x40c
[2016/02/16 11:31:07.763671, 10, pid=31022, effective(0, 0), real(0, 0)]
../source3/lib/messages.c:254(messaging_recv_cb)
messaging_recv_cb: Received message 0x40c len 7 (num_fds:0) from 31026
[2016/02/16 11:31:07.763691, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cm.c:365(winbind_msg_domain_offline)
Domain EXAMPLE.COM is marked as offline now.
[2016/02/16 11:31:07.764062, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
out: struct wbint_QueryUserList
users : *
users: struct wbint_userinfos
num_userinfos : 0x00000000 (0)
userinfos: ARRAY(0)
result : NT_STATUS_IO_TIMEOUT
[2016/02/16 11:31:07.764138, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
Domain EXAMPLE.COM returned 0 users
[2016/02/16 11:31:07.764152, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
List_users for domain EXAMPLE.COM failed
[2016/02/16 11:31:07.764167, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:793(wb_request_done)
wb_request_done[31117:LIST_USERS]: NT_STATUS_OK
[2016/02/16 11:31:07.764222, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31117:LIST_USERS]: delivered response to
client
[2016/02/16 11:31:07.764940, 6, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:965(winbind_client_request_read)
closing socket 35, client exited
[2016/02/16 11:31:07.873705, 10, pid=31022, effective(0, 0), real(0, 0)]
../source4/lib/messaging/messaging.c:417(imessaging_dgm_recv)
imessaging_dgm_recv: dst 31022 matches my id: 31022, type=0x40b
[2016/02/16 11:31:07.873752, 10, pid=31022, effective(0, 0), real(0, 0)]
../source3/lib/messages.c:254(messaging_recv_cb)
messaging_recv_cb: Received message 0x40b len 7 (num_fds:0) from 31026
[2016/02/16 11:31:07.873775, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cm.c:385(winbind_msg_domain_online)
Domain EXAMPLE.COM is marked as online now.
> OK, two things jump out at me, I wouldn't use 'EXAMPLE.COM' for the
> workgroup name, I would have just used 'EXAMPLE' i.e. no dot in the name.
>
>
Or can I simply change workgroup and restart samba ??
> Your idmap config stack is incorrect, you only have settings for the
> builtin users & groups, see here for how you should set it up:
>
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> Follow the links on that page for the correct settings.
>
>
libnss_winbind.so.2"
nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
I changed smb.conf in a test environment with same problem with the
following parameters.
idmap config *:backend = tdb
idmap config *:range = 1000-1999
idmap config EXAMPLE.COM:range = 2000-50000
idmap config EXAMPLE.COM:backend = ad
idmap config EXAMPLE.COM:schema_mode = rfc2307
getent passwd show local users only
getent group show all groups (loca and domain)
wbinfo -u show nothing
wbinfo -g show all groups (local and domain)
winbindd.log show the following lines when debug level = 10,
Running "wbinfo -g"
.
.
.
[2016/02/16 11:29:26.185376, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name)
[31101]: request domain name
[2016/02/16 11:29:26.185431, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31101:DOMAIN_NAME]: delivered response to
client
[2016/02/16 11:29:26.185540, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:758(process_request)
process_request: request fn DOMAIN_INFO
[2016/02/16 11:29:26.185610, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
[31101]: domain_info [EXAMPLE.COM]
[2016/02/16 11:29:26.185710, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31101:DOMAIN_INFO]: delivered response to
client
[2016/02/16 11:29:26.185825, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
process_request: Handling async request 31101:LIST_GROUPS
[2016/02/16 11:29:26.185866, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_groups.c:58(winbindd_list_groups_send)
list_groups EXAMPLE.COM
[2016/02/16 11:29:26.185920, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
in: struct wbint_QueryGroupList
[2016/02/16 11:29:26.593525, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryGroupList: struct wbint_QueryGroupList
out: struct wbint_QueryGroupList
groups : *
groups: struct wbint_Principals
num_principals : 562
principals: ARRAY(562)
principals: struct wbint_Principal
sid :
S-1-5-21-1479197986-680052183-3269973696-571
type : SID_NAME_DOM_GRP
(2)
name : *
name : 'Allowed RODC
Password Replication Group'
principals: struct wbint_Principal
sid :
S-1-5-21-1479197986-680052183-3269973696-498
type : SID_NAME_DOM_GRP
(2)
name : *
name : 'Enterprise
Read-Only Domain Controllers'
.
.
.
Running "wbinfo -u"
.
.
.
[2016/02/16 11:30:07.352308, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:405(winbindd_domain_name)
[31117]: request domain name
[2016/02/16 11:30:07.352368, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31117:DOMAIN_NAME]: delivered response to
client
[2016/02/16 11:30:07.352428, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:758(process_request)
process_request: request fn DOMAIN_INFO
[2016/02/16 11:30:07.352452, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_misc.c:237(winbindd_domain_info)
[31117]: domain_info [EXAMPLE.COM]
[2016/02/16 11:30:07.352526, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31117:DOMAIN_INFO]: delivered response to
client
[2016/02/16 11:30:07.352648, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:731(process_request)
process_request: Handling async request 31117:LIST_USERS
[2016/02/16 11:30:07.352697, 3, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:58(winbindd_list_users_send)
list_users EXAMPLE.COM
[2016/02/16 11:30:07.352740, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
in: struct wbint_QueryUserList
[2016/02/16 11:30:17.465320, 5, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:1132(remove_timed_out_clients)
Idle client timed out, shutting down sock 33, pid 31053
[2016/02/16 11:31:07.763617, 10, pid=31022, effective(0, 0), real(0, 0)]
../source4/lib/messaging/messaging.c:417(imessaging_dgm_recv)
imessaging_dgm_recv: dst 31022 matches my id: 31022, type=0x40c
[2016/02/16 11:31:07.763671, 10, pid=31022, effective(0, 0), real(0, 0)]
../source3/lib/messages.c:254(messaging_recv_cb)
messaging_recv_cb: Received message 0x40c len 7 (num_fds:0) from 31026
[2016/02/16 11:31:07.763691, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cm.c:365(winbind_msg_domain_offline)
Domain EXAMPLE.COM is marked as offline now.
[2016/02/16 11:31:07.764062, 1, pid=31022, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:439(ndr_print_function_debug)
wbint_QueryUserList: struct wbint_QueryUserList
out: struct wbint_QueryUserList
users : *
users: struct wbint_userinfos
num_userinfos : 0x00000000 (0)
userinfos: ARRAY(0)
result : NT_STATUS_IO_TIMEOUT
[2016/02/16 11:31:07.764138, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:128(winbindd_list_users_done)
Domain EXAMPLE.COM returned 0 users
[2016/02/16 11:31:07.764152, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_list_users.c:134(winbindd_list_users_done)
List_users for domain EXAMPLE.COM failed
[2016/02/16 11:31:07.764167, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:793(wb_request_done)
wb_request_done[31117:LIST_USERS]: NT_STATUS_OK
[2016/02/16 11:31:07.764222, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:861(winbind_client_response_written)
winbind_client_response_written[31117:LIST_USERS]: delivered response to
client
[2016/02/16 11:31:07.764940, 6, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:965(winbind_client_request_read)
closing socket 35, client exited
[2016/02/16 11:31:07.873705, 10, pid=31022, effective(0, 0), real(0, 0)]
../source4/lib/messaging/messaging.c:417(imessaging_dgm_recv)
imessaging_dgm_recv: dst 31022 matches my id: 31022, type=0x40b
[2016/02/16 11:31:07.873752, 10, pid=31022, effective(0, 0), real(0, 0)]
../source3/lib/messages.c:254(messaging_recv_cb)
messaging_recv_cb: Received message 0x40b len 7 (num_fds:0) from 31026
[2016/02/16 11:31:07.873775, 10, pid=31022, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cm.c:385(winbind_msg_domain_online)
Domain EXAMPLE.COM is marked as online now.
Fernando Favero
Feb 17, 2016, 1:20:03 PM2/17/16
to
Well.... I know that this problem is very weird, but, does anyone know how
to identify where the problem is??
My domain controler shows only groups... not users, and smbclient shows:
Samba version 4.3.1
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
13570 -1 -1 u183848 (ipv4:10.90.35.221:62129)
SMB2_02
13557 -1 -1 10.90.74.154 (ipv4:10.90.74.154:51183)
SMB2_10
13993 -1 -1 10.90.78.109 (ipv4:10.90.78.109:50260)
SMB2_10
13746 -1 -1 10.90.76.136 (ipv4:10.90.76.136:50233)
SMB2_10
13517 -1 -1 10.90.68.77 (ipv4:10.90.68.77:56510)
SMB2_10
14322 -1 -1 10.90.11.221 (ipv4:10.90.11.221:58934)
SMB2_10
14312 -1 -1 10.90.12.114 (ipv4:10.90.12.114:49750)
SMB3_02
13521 -1 -1 u225158 (ipv4:10.90.13.122:51219)
SMB2_10
14350 -1 -1 10.90.22.91 (ipv4:10.90.22.91:59956)
SMB2_10
13573 -1 -1 10.90.52.213 (ipv4:10.90.52.213:57004)
SMB2_10
13510 nobody 3000010 u225158 (ipv4:10.90.13.122:51217)
SMB2_10
14117 -1 -1 10.90.21.62 (ipv4:10.90.21.62:2250)
NT1
Thanks
to identify where the problem is??
My domain controler shows only groups... not users, and smbclient shows:
Samba version 4.3.1
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
13570 -1 -1 u183848 (ipv4:10.90.35.221:62129)
SMB2_02
13557 -1 -1 10.90.74.154 (ipv4:10.90.74.154:51183)
SMB2_10
13993 -1 -1 10.90.78.109 (ipv4:10.90.78.109:50260)
SMB2_10
13746 -1 -1 10.90.76.136 (ipv4:10.90.76.136:50233)
SMB2_10
13517 -1 -1 10.90.68.77 (ipv4:10.90.68.77:56510)
SMB2_10
14322 -1 -1 10.90.11.221 (ipv4:10.90.11.221:58934)
SMB2_10
14312 -1 -1 10.90.12.114 (ipv4:10.90.12.114:49750)
SMB3_02
13521 -1 -1 u225158 (ipv4:10.90.13.122:51219)
SMB2_10
14350 -1 -1 10.90.22.91 (ipv4:10.90.22.91:59956)
SMB2_10
13573 -1 -1 10.90.52.213 (ipv4:10.90.52.213:57004)
SMB2_10
13510 nobody 3000010 u225158 (ipv4:10.90.13.122:51217)
SMB2_10
14117 -1 -1 10.90.21.62 (ipv4:10.90.21.62:2250)
NT1
Thanks
Rowland penny
Feb 17, 2016, 1:50:04 PM2/17/16
to
On 17/02/16 18:10, Fernando Favero wrote:
> Well.... I know that this problem is very weird, but, does anyone know how
> to identify where the problem is??
> My domain controler shows only groups... not users, and smbclient shows:
>
>
OK, whilst I cannot understand why 'wbinfo -u' doesn't show your users,
> Well.... I know that this problem is very weird, but, does anyone know how
> to identify where the problem is??
> My domain controler shows only groups... not users, and smbclient shows:
>
>
I see that you are now using the winbind 'ad' backend, have you given
all your users a unique uidNumber inside the range you have set in
smb.conf on the fileservers (2000-50000) ??? You will also need to give
'Domain Users' a gidNumber attribute, again inside the range set in
smb.conf.
Rowland
Fernando Favero
Feb 17, 2016, 3:00:05 PM2/17/16
to
On Wed, Feb 17, 2016 at 4:43 PM, Rowland penny <rpe...@samba.org> wrote:
> have you given all your users a unique uidNumber inside the range you have
> set in smb.conf on the fileservers (2000-50000) ???
Hmmm, looking my ldap, I discovered that I have duplicated uidNumbers.....
> have you given all your users a unique uidNumber inside the range you have
> set in smb.conf on the fileservers (2000-50000) ???
would that be the problem??? =:O
Rowland penny
Feb 17, 2016, 3:10:04 PM2/17/16
to
On 17/02/16 19:53, Fernando Favero wrote:
> On Wed, Feb 17, 2016 at 4:43 PM, Rowland penny <rpe...@samba.org> wrote:
>
>> have you given all your users a unique uidNumber inside the range you have
>> set in smb.conf on the fileservers (2000-50000) ???
>
> Hmmm, looking my ldap, I discovered that I have duplicated uidNumbers.....
> would that be the problem??? =:O
If any of your users in AD (please don't call it ldap, it confuses me)
> On Wed, Feb 17, 2016 at 4:43 PM, Rowland penny <rpe...@samba.org> wrote:
>
>> have you given all your users a unique uidNumber inside the range you have
>> set in smb.conf on the fileservers (2000-50000) ???
>
> Hmmm, looking my ldap, I discovered that I have duplicated uidNumbers.....
> would that be the problem??? =:O
have a uidNumber attribute that is the same as another users, then you
need to sort this out. As standard (if you use ADUC) the numbers start
at 10000 for both uidNumber & gidNumber.
Rowland
Fernando Favero
Feb 17, 2016, 3:20:04 PM2/17/16
to
And, there is any problem if I change the uidNumber manually via ldbmodify
??
??
Rowland penny
Feb 17, 2016, 3:30:03 PM2/17/16
to
On 17/02/16 20:14, Fernando Favero wrote:
> And, there is any problem if I change the uidNumber manually via ldbmodify
> ??
>
> On Wed, Feb 17, 2016 at 6:03 PM, Rowland penny <rpe...@samba.org> wrote:
>
>> On 17/02/16 19:53, Fernando Favero wrote:
>>
>>> On Wed, Feb 17, 2016 at 4:43 PM, Rowland penny <rpe...@samba.org> wrote:
>>>
>>> have you given all your users a unique uidNumber inside the range you have
>>>> set in smb.conf on the fileservers (2000-50000) ???
>>>>
>>> Hmmm, looking my ldap, I discovered that I have duplicated uidNumbers.....
>>> would that be the problem??? =:O
>>>
>> If any of your users in AD (please don't call it ldap, it confuses me)
>> have a uidNumber attribute that is the same as another users, then you need
>> to sort this out. As standard (if you use ADUC) the numbers start at 10000
>> for both uidNumber & gidNumber.
>>
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
The only possible problem I can think of is, ownership of files, but
> And, there is any problem if I change the uidNumber manually via ldbmodify
> ??
>
> On Wed, Feb 17, 2016 at 6:03 PM, Rowland penny <rpe...@samba.org> wrote:
>
>> On 17/02/16 19:53, Fernando Favero wrote:
>>
>>> On Wed, Feb 17, 2016 at 4:43 PM, Rowland penny <rpe...@samba.org> wrote:
>>>
>>> have you given all your users a unique uidNumber inside the range you have
>>>> set in smb.conf on the fileservers (2000-50000) ???
>>>>
>>> Hmmm, looking my ldap, I discovered that I have duplicated uidNumbers.....
>>> would that be the problem??? =:O
>>>
>> If any of your users in AD (please don't call it ldap, it confuses me)
>> have a uidNumber attribute that is the same as another users, then you need
>> to sort this out. As standard (if you use ADUC) the numbers start at 10000
>> for both uidNumber & gidNumber.
>>
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
then you possibly already have files owned by several users.
Mueller
Feb 18, 2016, 3:00:04 AM2/18/16
to
The dublicated uid numbers where too a problem fo me on updating to samba 4.3.4 (groups and sudenly machines have uids the same).
As mentioned you have to sort them out and change them.
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: Rowland penny [mailto:rpe...@samba.org]
Gesendet: Mittwoch, 17. Februar 2016 21:25
An: sa...@lists.samba.org
Betreff: Re: [Samba] Problems after migration from samba 3.5.2 to samba 4.3.1
As mentioned you have to sort them out and change them.
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: Rowland penny [mailto:rpe...@samba.org]
Gesendet: Mittwoch, 17. Februar 2016 21:25
An: sa...@lists.samba.org
Betreff: Re: [Samba] Problems after migration from samba 3.5.2 to samba 4.3.1
Fernando Favero
Feb 19, 2016, 6:20:03 AM2/19/16
to
I changed duplicated uidNumber in my samba ad, restarted the server, but
wbinfo -u still not showing users.
I have 26000 users. So I tried to remove some users, and with 15000 users,
wbinfo -u worked. Are there limitations or tuning to do ???
P.S: I did it on a test server, restored from backup
I'm suspecting something that there was during the migration from samba3
wbinfo -u still not showing users.
I have 26000 users. So I tried to remove some users, and with 15000 users,
wbinfo -u worked. Are there limitations or tuning to do ???
P.S: I did it on a test server, restored from backup
I'm suspecting something that there was during the migration from samba3
0 new messages