On 04/06/2013 06:08 PM, François Lafont wrote:
Hello,
I have progressed but It still doesn't work. I recall:
- Domain controller on Debian Wheezy (domain = chezmoi.priv) with Samba version
4.0.4 (works fine).
- I *try* to install a member of the "chezmoi.priv" domain on an another Debian
Wheezy with Samba version 4.0.4.
Below, I explain what I have done on the member server. I have made 2 attemps
which don't work. Thanks in advance for your help.
Here is my /usr/local/samba/etc/smb.conf file in the member server:
-----------------------------------------------
[global]
workgroup = CHEZMOI
security = ADS
realm = CHEZMOI.PRIV
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config CHEZMOI:backend = ad
idmap config CHEZMOI:schema_mode = rfc2307
idmap config CHEZMOI:range = 500-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
-----------------------------------------------
root@member~# ln -s /usr/local/samba/lib/libnss_winbind.so
/lib/libnss_winbind.so
root@member~# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Here is my /etc/nsswitch.conf file:
-----------------------------------------------
passwd: compat winbind
group: compat winbind
...
-----------------------------------------------
1) First attempt to join the domain in the member server
root@member~# samba-tool domain join chezmoi.priv member -U administrator
--realm=chezmoi.priv
Password for [CHEZMOI\administrator]:
Joined domain CHEZMOI (S-1-5-21-3370545617-3166960116-3193249687)
root@member~# ldconfig
root@member~# smbd && nmbd
And now impossible to run winbindd.
-----------------------------------------------
root@member~# winbindd -i -d 10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Maximum core file size limits now 16777216(soft) -1(hard)
winbindd version 4.0.4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
doing parameter workgroup = CHEZMOI
doing parameter security = ADS
doing parameter realm = CHEZMOI.PRIV
doing parameter encrypt passwords = yes
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 70001-80000
doing parameter idmap config CHEZMOI:backend = ad
doing parameter idmap config CHEZMOI:schema_mode = rfc2307
doing parameter idmap config CHEZMOI:range = 500-40000
doing parameter winbind nss info = rfc2307
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Maximum core file size limits now 16777216(soft) -1(hard)
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
doing parameter workgroup = CHEZMOI
doing parameter security = ADS
doing parameter realm = CHEZMOI.PRIV
doing parameter encrypt passwords = yes
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 70001-80000
doing parameter idmap config CHEZMOI:backend = ad
doing parameter idmap config CHEZMOI:schema_mode = rfc2307
doing parameter idmap config CHEZMOI:range = 500-40000
doing parameter winbind nss info = rfc2307
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=fe80::a00:27ff:fe4b:65d3%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="WHEEZY-2"
added interface eth0 ip=fe80::a00:27ff:fe4b:65d3%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
Process with PID=2689 does not exist.
Deleting /usr/local/samba/var/run/winbindd.pid, since 2689 is not a Samba
process.
fcntl_lock 8 6 0 1 1
fcntl_lock: Lock call successful
TimeInit: Serverzone is -7200
initialize_winbindd_cache: clearing cache and re-creating with version number 2
check lock order 2 for /usr/local/samba/var/lock/serverid.tdb
lock order: 1:<none> 2:/usr/local/samba/var/lock/serverid.tdb 3:<none>
Locking key 870A000000000000FFFF
Allocated locked data 0x0x2136700
Unlocking key 870A000000000000FFFF
release lock order 2 for /usr/local/samba/var/lock/serverid.tdb
lock order: 1:<none> 2:<none> 3:<none>
Registering messaging pointer for type 33 - private_data=(nil)
Registering messaging pointer for type 13 - private_data=(nil)
Registering messaging pointer for type 1028 - private_data=(nil)
Registering messaging pointer for type 1027 - private_data=(nil)
Registering messaging pointer for type 1029 - private_data=(nil)
Registering messaging pointer for type 1280 - private_data=(nil)
Registering messaging pointer for type 1032 - private_data=(nil)
Registering messaging pointer for type 1033 - private_data=(nil)
Registering messaging pointer for type 1034 - private_data=(nil)
Registering messaging pointer for type 1 - private_data=(nil)
Overriding messaging pointer for type 1 - private_data=(nil)
wcache_tdc_add_domain: Adding domain BUILTIN (), SID S-1-5-32, flags = 0x0,
attributes = 0x0, type = 0x0
pack_tdc_domains: Packing 1 trusted domains
pack_tdc_domains: Packing domain BUILTIN ()
idmap config BUILTIN : range = not defined
Added domain BUILTIN S-1-5-32
wcache_tdc_add_domain: Adding domain WHEEZY-2 (), SID
S-1-5-21-210096926-4033722923-1792459932, flags = 0x0, attributes = 0x0, type =
0x0
pack_tdc_domains: Packing 2 trusted domains
pack_tdc_domains: Packing domain BUILTIN ()
pack_tdc_domains: Packing domain WHEEZY-2 ()
idmap config WHEEZY-2 : range = not defined
Added domain WHEEZY-2 S-1-5-21-210096926-4033722923-1792459932
Could not fetch our SID - did we join?
unable to initialize domain list
-----------------------------------------------
Hum, interesting, would be worth to check that from a clean setup you
have this issue again and again.
Boum !!! The command is stopped.
2) Second attempt to join the domain in the member server. It's better but It
doesn't work too.
root@member:~# net ads join -U administrator
Enter administrator's password:
Using short domain name -- CHEZMOI
Joined 'WHEEZY-2' to dns domain 'chezmoi.priv'
DNS Update for wheezy-2.chezmoi.priv failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
root@member:~# ldconfig
root@member:~# smbd && nmbd
root@member:~# winbindd -i -d 10
And winbindd seems to be ok. I have :
root@member:~# wbinfo -u
administrator
krbtgt
test10
test11
guest
test1
test2
test3
test4
test5
test6
...
root@member:~# wbinfo -i test9
test9:*:70004:70001:test9:/home/CHEZMOI/test9:/bin/false
But if I create an user in the domain controller server:
root@dc:~# samba-tool user add test12 --random-password
User 'test12' created successfully
after in the member server:
root@member:~# wbinfo -i test12
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user test12
Here is the stdout of winbindd during the command :
-----------------------------------------------
info : *
info: struct wbint_userinfo
acct_name : *
acct_name : 'test12'
full_name : NULL
homedir : NULL
shell : NULL
primary_gid : 0x00000000ffffffff (4294967295)
user_sid :
S-1-5-21-3370545617-3166960116-3193249687-1115
group_sid :
S-1-5-21-3370545617-3166960116-3193249687-513
result : NT_STATUS_NOT_FOUND
Could not convert sid S-1-5-21-3370545617-3166960116-3193249687-1115:
NT_STATUS_NOT_FOUND
wb_request_done[2813:GETPWNAM]: NT_STATUS_NOT_FOUND
winbind_client_response_written[2813:GETPWNAM]: delivered response to client
closing socket 23, client exited
-----------------------------------------------
Don't you have rfc2307 configured ? if so for the new user did you set
the needed attributes ?
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
