Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] winbind confused about the DC's

331 views
Skip to first unread message

Timo Aaltonen

unread,
Jan 28, 2010, 3:50:01 AM1/28/10
to

Hi

Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't.
The log.winbindd-idmap is filled with this:

[2010/01/28 10:32:56, 4] libsmb/namequery_dc.c:73(ads_dc_name)
ads_dc_name: domain=*
[2010/01/28 10:32:56, 3] libsmb/namequery.c:1972(get_dc_list)
get_dc_list: preferred server list: ", *"
[2010/01/28 10:32:56, 3] libads/dns.c:343(dns_send_req)
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
[2010/01/28 10:32:56, 3] libads/dns.c:413(ads_dns_lookup_srv)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
[2010/01/28 10:32:56, 4] libsmb/namequery.c:2004(get_dc_list)
get_dc_list: no servers found
[2010/01/28 10:32:56, 3] libsmb/namequery.c:1972(get_dc_list)
get_dc_list: preferred server list: ", *"
[2010/01/28 10:32:56, 3] libsmb/namequery.c:1225(resolve_lmhosts)
resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c>
[2010/01/28 10:32:56, 4] libsmb/namequery.c:839(startlmhosts)
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
[2010/01/28 10:32:56, 3] libsmb/namequery.c:1089(resolve_wins)
resolve_wins: Attempting wins lookup for name *<0x1c>
[2010/01/28 10:32:56, 3] libsmb/namequery.c:1093(resolve_wins)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2010/01/28 10:32:56, 3] libsmb/namequery.c:1016(name_resolve_bcast)
name_resolve_bcast: Attempting broadcast lookup for name *<0x1c>
[2010/01/28 10:32:57, 4] libsmb/namequery.c:2004(get_dc_list)
get_dc_list: no servers found
[2010/01/28 10:32:58, 3] libsmb/namequery_dc.c:167(rpc_dc_name)
Could not look up dc's for domain *
[2010/01/28 10:32:58, 1] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal)
ad_idmap_init: failed to connect to AD
[2010/01/28 10:32:58, 1] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids)
ADS uninitialized: No logon servers


The first one is alarming. Why does it try a wildcard? Especially since
log.winbindd-dc-connect has this:

[2010/01/28 10:41:10, 4] libsmb/namequery_dc.c:73(ads_dc_name)
ads_dc_name: domain=AALTO
[2010/01/28 10:41:10, 3] libsmb/namequery.c:1972(get_dc_list)
get_dc_list: preferred server list: "DC04.org.aalto.fi, *"
[2010/01/28 10:41:10, 4] libsmb/namequery.c:2105(get_dc_list)
get_dc_list: returning 4 ip addresses in an ordered list
[2010/01/28 10:41:10, 4] libsmb/namequery.c:2106(get_dc_list)
get_dc_list: 130.233.251.7:389 130.233.251.6:389 130.233.251.5:389 130.233.251.4:389
[2010/01/28 10:41:10, 3] libads/ldap.c:621(ads_connect)
Successfully contacted LDAP server 130.233.251.7
.
.
.

??

running 3.4.3 on ubuntu devel release.

t
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Timo Aaltonen

unread,
Jan 28, 2010, 9:20:02 AM1/28/10
to
On Thu, 28 Jan 2010, Timo Aaltonen wrote:

>
> Hi
>
> Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The
> log.winbindd-idmap is filled with this:

More verbose part of the log where it goes wrong:

[2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:479(set_domain_online_request)
set_domain_online_request: called for domain AALTO
[2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:508(set_domain_online_request)
set_domain_online_request: domain AALTO was globally offline.
[2010/01/28 13:29:52, 10] lib/events.c:287(s3_event_debug) s3_event:
Added timed event "check_domain_online_handler": 0x25635b0
[2010/01/28 13:29:52, 10] lib/events.c:148(get_timed_events_timeout)
timed_events_timeout: 4/999954
[2010/01/28 13:29:52, 4] winbindd/winbindd_dual.c:1452(fork_domain_child)
child daemon request 51
[2010/01/28 13:29:52, 10] winbindd/winbindd_dual.c:452(child_process_request)
child_process_request: request fn DUAL_SID2UID
[2010/01/28 13:29:52, 3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid) [26144]:
sid to uid S-1-5-21-2413826791-1553473826-2432194272-1265
[2010/01/28 13:29:52, 10] winbindd/idmap_util.c:157(idmap_sid_to_uid)
idmap_sid_to_uid: sid = [S-1-5-21-2413826791-1553473826-2432194272-1265], domain = ''
[2010/01/28 13:29:52, 10] winbindd/idmap.c:765(idmap_backends_sid_to_unixid)
idmap_backends_sid_to_unixid: domain = '', sid = [S-1-5-21-2413826791-1553473826-2432194272-1265]
[2010/01/28 13:29:52, 10] winbindd/idmap.c:465(idmap_find_domain)
idmap_find_domain called for domain ''

I've tried to debug it by setting the breakpoint at winbindd_dual_sid2uid,
but couldn't make anything of the backtrace.

Suggestions?

--
Timo Aaltonen
Systems Specialist
IT Services, Aalto University School of Science and Technology

Timo Aaltonen

unread,
Jan 28, 2010, 11:00:02 AM1/28/10
to
On Thu, 28 Jan 2010, Timo Aaltonen wrote:

> On Thu, 28 Jan 2010, Timo Aaltonen wrote:
>
>>
>> Hi
>>
>> Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't.
>> The log.winbindd-idmap is filled with this:
>
> More verbose part of the log where it goes wrong:

Bollocks. I had to change the config, this works:

[global]
workgroup = AALTO
realm = ORG.AALTO.FI
security = ADS
kerberos method = system keytab
idmap config AALTO : backend = ad
idmap config AALTO : readonly = yes
idmap config AALTO : schema_mode = rfc2307
idmap config AALTO : range = 1000-4000000000
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = rfc2307
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true

A summary of the changes:

- idmap backend = ad -> idmap config AALTO : backend = ad
- add range & idmap uid/gid
(- added winbind offline/cache/refresh, but they are irrelevant here)

Without setting the range the uid would be mapped to the default value
(which I asked about last fall).

0 new messages