[Samba] wbinfo fails: Error looking up domain users

[Marc Rechté]

Hello,

I am trying to setup an AD member server. I followed the wiki
(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server). I am
on Fedora 21.

The domain join succeeded

But wbinfo fails:

$ wbinfo -u
Error looking up domain users

I tried to increase windbind log verbosity to 10, but I can see no trace
when issuing wbinfo:
/etc/smb.conf
log level = winbind:10

Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Rowland Penny]

On 17/06/15 08:16, Marc Rechté wrote:
> Hello,
>
> I am trying to setup an AD member server. I followed the wiki
> (https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server). I
> am on Fedora 21.
>
> The domain join succeeded
>
> But wbinfo fails:
>
> $ wbinfo -u
> Error looking up domain users
>
> I tried to increase windbind log verbosity to 10, but I can see no
> trace when issuing wbinfo:
> /etc/smb.conf
> log level = winbind:10
>
> Thanks

OK, I can assure you what is on that page works (well it does on
Debian). Straight after the join, before you do anything else, wbinfo -u
should work, the links are only required for getent to work.

I don't think anybody can help you fix this problem without more info,
what's in /etc/resolv.conf, /etc/krb5.conf, smb.conf etc

Rowland

[Marc Rechté]

Thanks Rowland,

I am trying to setup an AD member server. I followed the wiki
(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server). I am
on Fedora 21.

The domain join succeeded

But wbinfo fails:

$ wbinfo -u
Error looking up domain users

I tried to increase windbind log verbosity to 10, but I can see no trace
when issuing wbinfo:
/etc/smb.conf
log level = winbind:10

Here are some more details:
***************************

# net ads testjoin
Join is OK

# wbinfo -u

Error looking up domain users

$ rpm -q samba-winbind
samba-winbind-4.1.17-1.fc21.x86_64

$ cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.0.84 linuxmr.studelec-sa.com linuxmr

/etc/samba/smb.conf is here: http://pastebin.com/gAk6nX0x

$ cat /etc/resolv.conf
search studelec-sa.com
nameserver 192.168.0.250

$ cat /etc/krb5.conf (ALTHOUGH THE WIKI DOES STATE ANY CONFIGURATION IS
REQUIRED IN THAT FILE)
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
# Utile ou pas ?
default_realm = STUDELEC-SA.COM
dns_lookup_kdc = true
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

[Rowland Penny]

OK, there doesn't seem to much wrong with your smb.conf, only thing I
would change, remove this line:

server role = member server

My /etc/krb5.conf is just this:

[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true

But yours has those lines in it.

So, we fall back to what is usually the problem on redhat when something
doesn't work, Selinux. Try disabling this and see if this works, failing
that, is the firewall running ? if it is, try turning it off.

Rowland

[Marc Rechte]

Opened a bug on Fedora and solution was given: one must uninstall
sssd-libwbclient package.

Now let's move to the next problem: nsswitch does not see the domain
users / groups, but I assume this is out of the scope of this list ?

Thanks

[Marc Rechte]

Opened a bug on Fedora and solution was given: one must uninstall
sssd-libwbclient package.

Now let's move to the next problem: nsswitch does not see the domain
users / groups, but I assume this is out of the scope of this list ?

Thanks

Le 18/06/2015 10:05, Rowland Penny a écrit :

--