Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
On 08/19/2011 03:54 AM, David Touzeau wrote: Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? Check the man pages (man idmap_rid) and (man idmap_ad): The RID method generates the uid/gid from the RID. As a result all users in Active Directory can access the Samba server. The AD method requires the use of the RFC2307bis extensions to the Active Directory schema and that you populate the uid and gid in with valid values using the Active Directory Users and Group management tool. If you have not populated the RFC2307bis uid/gid values the user will not be able to access the Samba server. Using the AD method the systems administrator has control over which users can and cannot access the Samba server/s. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le vendredi 19 août 2011 à 06:51 -0500, John H Terpstra a écrit : On 08/19/2011 03:54 AM, David Touzeau wrote: Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? Check the man pages (man idmap_rid) and (man idmap_ad): The RID method generates the uid/gid from the RID. As a result all users in Active Directory can access the Samba server. The AD method requires the use of the RFC2307bis extensions to the Active Directory schema and that you populate the uid and gid in with valid values using the Active Directory Users and Group management tool. If you have not populated the RFC2307bis uid/gid values the user will not be able to access the Samba server. Using the AD method the systems administrator has control over which users can and cannot access the Samba server/s. - John T. Good !! And what method did you suggest for better compatibilities and your experiences...? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le vendredi 19 août 2011 à 06:51 -0500, John H Terpstra a écrit : On 08/19/2011 03:54 AM, David Touzeau wrote: Le jeudi 18 août 2011 à 13:26 +0200, Benedikt Schindler a écrit : Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt i have set idmap config MYDOMAIN : backend = ad Is there any difference using idmap config MYDOMAIN : backend = rid instead idmap config MYDOMAIN : backend = ad When using Active Directory ? Check the man pages (man idmap_rid) and (man idmap_ad): The RID method generates the uid/gid from the RID. As a result all users in Active Directory can access the Samba server. The AD method requires the use of the RFC2307bis extensions to the Active Directory schema and that you populate the uid and gid in with valid values using the Active Directory Users and Group management tool. If you have not populated the RFC2307bis uid/gid values the user will not be able to access the Samba server. Using the AD method the systems administrator has control over which users can and cannot access the Samba server/s. - John T. This is very strange I have changed my settings according your example has follow security = ADS realm = MAISON.TOUZEAU.BIZ idmap config MAISON:backend = rid idmap config MAISON:read only = yes idmap config MAISON:range = 6-5000 idmap config MAISON:base_rid = 0 idmap config * : backend = tdb idmap config * : range = 100-199 client use spnego = No client use spnego principal = No encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No The winbindd allows to have correct informations #wbinfo -t checking the trust secret for domain MAISON via RPC calls succeeded #wbinfo -n MAISON/Administrateur S-1-5-21-3790408397-595478388-2982168515-500 SID_USER (1) #wbinfo -s S-1-5-21-3790408397-595478388-2982168515-500 MAISON/Administrateur 1 #wbinfo -S S-1-5-21-3790408397-595478388-2982168515-500 60500 Bet getent did not see any Active directoy users Any tips on this ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Am 19.08.2011 14:44, schrieb David Touzeau: The winbindd allows to have correct informations #wbinfo -t checking the trust secret for domain MAISON via RPC calls succeeded #wbinfo -n MAISON/Administrateur S-1-5-21-3790408397-595478388-2982168515-500 SID_USER (1) #wbinfo -s S-1-5-21-3790408397-595478388-2982168515-500 MAISON/Administrateur 1 #wbinfo -S S-1-5-21-3790408397-595478388-2982168515-500 60500 if this works. everything should be fine. Bet getent did not see any Active directoy users Any tips on this ? Does the service nscd run on your server? Turn it off and try again. You could also try if you could connect to the server, even if it does not list the users in getent. Before testing i would flush the cache net cache flush justin case :) I also don't know if it is a problem that your * range is in the range of MAISON. idmap config MAISON:range = 6-5000 idmap config * : range = 100-199 why don't you try idmap config * : backend = rid idmap config * : range = 5001-599 best regards Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le lundi 15 août 2011 à 15:11 +0200, Michael Adam a écrit : Hi David, David Touzeau wrote: Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit : Hi On 12 August 2011 10:23, David Touzeau da...@touzeau.eu wrote: Dear all I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. My Samba is connected to an Active Directory 2008 R2 the getent passwd did not display any ActiveDirectoy Domains users. ... I think there is a misconfiguration in my setup but did not find any solution: Where i'm wrong ? [global] ... idmap config TOUZEAU:backend = ad idmap config TOUZEAU:readonly = yes idmap config TOUZEAU:schema_mode = rfc2307 idmap config * : range = 16777216-33554431 The way idmap works was changed with 3.6.0. I don't know if the above is wrong, but perhaps it is something to consider. e.g. I don't know if readonly is supported. I've seen mention of read only, but not in the idmap_ad code. But maybe I missed it. Also, the idmap_ad documentation implies that you need something like this: idmap config * : backend = tdb idmap config * : range = 100-199 idmap config TOUZEAU : backend = ad idmap config TOUZEAU : range = 1000-99 idmap config TOUZEAU : schema_mode = rfc2307 I am not sure if the above is relevant to you :) but I hope it helps. Many thanks Michael i have changed values but it has no effect and the issue still alive... But the remarks by Michael were correct. You need to give the configuration for the ad backend (domain TOUZEAU) a range, otherwise it won't work. The readonly parameter will be ignored for the ad backend. (And for those backends that support it, the correct spelling is read only.) With the above config changes, you should narrow the source of problems down as detailed here: https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 You should then post the level 10 logs of the most specific failing command here, so we can debug further. Cheers - Michael For anybody here it is some relevant winbindd debug informations Adding 0 DC's from auto lookup [2011/08/12 10:39:31.945022, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: Default-First-Site-Name [2011/08/12 10:39:31.945047, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.945124, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.945151, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.945216, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 192.168.1.150 [2011/08/12 10:39:31.945304, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME KDC list = kdc = 192.168.1.150 [2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME' IP=192.168.1.150 [2011/08/12 10:39:31.945376, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for touzeau.home: Default-First-Site-Name [2011/08/12 10:39:31.945398, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name touzeau.home (sitename Default-First-Site-Name) using [ads] [2011/08/12 10:39:31.945432, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning WIN-RSF60G6AS1L.touzeau.home for touzeau.home domain [2011/08/12 10:39:31.945458, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: WIN-RSF60G6AS1L.touzeau.home, * [2011/08/12 10:39:31.945481, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up touzeau.home#1c (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945507, 5] libsmb/namecache.c:160(namecache_fetch) no entry for touzeau.home#1C found. [2011/08/12 10:39:31.945531, 5] libsmb/namequery.c:1869(resolve_ads) resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Le lundi 15 août 2011 à 15:11 +0200, Michael Adam a écrit : Hi David, David Touzeau wrote: Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit : Hi On 12 August 2011 10:23, David Touzeau da...@touzeau.eu wrote: Dear all I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. My Samba is connected to an Active Directory 2008 R2 the getent passwd did not display any ActiveDirectoy Domains users. ... I think there is a misconfiguration in my setup but did not find any solution: Where i'm wrong ? [global] ... idmap config TOUZEAU:backend = ad idmap config TOUZEAU:readonly = yes idmap config TOUZEAU:schema_mode = rfc2307 idmap config * : range = 16777216-33554431 The way idmap works was changed with 3.6.0. I don't know if the above is wrong, but perhaps it is something to consider. e.g. I don't know if readonly is supported. I've seen mention of read only, but not in the idmap_ad code. But maybe I missed it. Also, the idmap_ad documentation implies that you need something like this: idmap config * : backend = tdb idmap config * : range = 100-199 idmap config TOUZEAU : backend = ad idmap config TOUZEAU : range = 1000-99 idmap config TOUZEAU : schema_mode = rfc2307 I am not sure if the above is relevant to you :) but I hope it helps. Many thanks Michael i have changed values but it has no effect and the issue still alive... But the remarks by Michael were correct. You need to give the configuration for the ad backend (domain TOUZEAU) a range, otherwise it won't work. The readonly parameter will be ignored for the ad backend. (And for those backends that support it, the correct spelling is read only.) With the above config changes, you should narrow the source of problems down as detailed here: https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 You should then post the level 10 logs of the most specific failing command here, so we can debug further. Cheers - Michael For anybody here it is some relevant winbindd debug informations Adding 0 DC's from auto lookup [2011/08/12 10:39:31.945022, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: Default-First-Site-Name [2011/08/12 10:39:31.945047, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.945124, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.945151, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.945216, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 192.168.1.150 [2011/08/12 10:39:31.945304, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME KDC list = kdc = 192.168.1.150 [2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME' IP=192.168.1.150 [2011/08/12 10:39:31.945376, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for touzeau.home: Default-First-Site-Name [2011/08/12 10:39:31.945398, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name touzeau.home (sitename Default-First-Site-Name) using [ads] [2011/08/12 10:39:31.945432, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning WIN-RSF60G6AS1L.touzeau.home for touzeau.home domain [2011/08/12 10:39:31.945458, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: WIN-RSF60G6AS1L.touzeau.home, * [2011/08/12 10:39:31.945481, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up touzeau.home#1c (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945507, 5] libsmb/namecache.c:160(namecache_fetch) no entry for touzeau.home#1C found. [2011/08/12 10:39:31.945531, 5] libsmb/namequery.c:1869(resolve_ads) resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do
have a 3.5.8 installation running without problem (I understand some major
changes have happened.) I took the smb.conf from my 3.5.8 install and changed
appropriately for 3.6 (At least as far as I catell).
I followed the steps Michael posted on the bug report.
/usr/local/samba/bin/wbinfo -t
checking the trust secret for domain MYDOMAIN via RPC calls succeeded
/usr/local/samba/bin/wbinfo -n MYDOMAIN+peacocjo
S-1-5-21-4260745004-1716061493-1944009462-4325 SID_USER (1)
/usr/local/samba/bin/wbinfo -s S-1-5-21-4260745004-1716061493-1944009462-4325
MYDOMAIN+peacocjo 1
/usr/local/samba/bin/wbinfo -S S-1-5-21-4260745004-1716061493-1944009462-4325
failed to call wbcSidToUid: WBC_ERR_WINBIND_NOT_AVAILABLE Could not convert sid
S-1-5-21-4260745004-1716061493-1944009462-4325 to uid
I have the logs if you would like me to attach them to a the same bug report or
open a new one?
SMB.CONF
[global]
workgroup = MYDOMAIN
server string = %h server (Samba)
dns proxy = no
Debugging/Accounting
loglevel = 10
log file = /var/log/samba/log.%m
max log size = 1000
# syslog only = yes
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
# syslog = 10
### Authentication ###
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
