Re: [Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND
I read the bugreport that Dale linked and ended up using the workaround listed there. Changes made to '/etc/samba/smb.conf' follow: @@ -28,9 +28,12 @@ winbind enum users = Yes winbind enum groups = Yes panic action = /usr/share/samba/panic-action %d -idmap config CBJ_NT:backend = rid -idmap config CBJ_NT:base_rid = 0 -idmap config CBJ_NT:range = 1-65533 +idmap config * : backend = rid +idmap config * : base_rid = 0 +idmap config * : range = 1-65533 idmap config LIBRARY:backend = rid idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:range = 65535-7 Does anyone have any idea why not explictly specifying the domain fixes this issue? -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Tuesday, July 10, 2012 11:18 To: Kevin Elliott Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND On 07/10/2012 12:56 PM, Kevin Elliott wrote: Hello all, I recently upgraded from Samba 3.5.6 (the version contained in Debian Stable) to Samba 3.6.5 (the version from Debian Backports) in an effort to closer track the current development to try and chase some long standing bugs out. I think I've resolved one problem but introduced another. I'm getting the WBC_ERR_DOMAIN_NOT_FOUND when I try to perform a SID to UID lookup much like so: city-liza-lnx:/var/log/samba# wbinfo -t checking the trust secret for domain CBJ_NT via RPC calls succeeded city-liza-lnx:/var/log/samba# wbinfo -n CBJ_NT+kevin_elliott S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1) city-liza-lnx:/var/log/samba# wbinfo -s S-1-5-21-505306839-1977890393-20515302-14949 CBJ_NT+kevin_elliott 1 city-liza-lnx:/var/log/samba# wbinfo -S S-1-5-21-505306839-1977890393-20515302-14949 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-505306839-1977890393-20515302-14949 to uid This looks like it has all the markings of following bugreport: https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 Before I follow this upstream can someone sanity check my configs for me? I understand that much has changed between 3.5 and 3.6 regarding the idmaping. [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 199.58.55.87/22, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes passdb backend = tdbsam password server = 199.58.55.25, 199.58.55.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 10 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 199.58.55.25 ldap ssl = no winbind enum users = Yes winbind enum groups = Yes panic action = /usr/share/samba/panic-action %d idmap config CBJ_NT:backend = rid idmap config CBJ_NT:base_rid = 0 idmap config CBJ_NT:range = 1-65533 idmap config LIBRARY:backend = rid idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:range = 65535-7 winbind separator = + winbind use default domain = Yes [ftp] comment = FTP directory path = /var/ftp/pub/ valid users = @CBJ_NT+domain users read only = No create mask = 0775 directory mask = 0775 hide unreadable = Yes Thank you for your consideration. Kevin, With idmap rid, it could also be this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 This bug has been in every version of 3.6. For me, a reboot of the system usually will fix the problem until the next samba/winbind restart is required; others have not been so fortunate. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND
I think you might be missing some stuff in the prior config you had. The following works for me with Samba 3.6.6: idmap config * : backend = tdb idmap config * : range = 100-199 idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 1000-99 idmap config MYDOMAIN : base_rid= 0 You need the * entry in there because you need a range for defaults. I only have a single domain (and yes it's not called MYDOMAIN:-) ). For instance, I have log files named: log.wb-BUILTIN log.wb-MYDOMAIN log.wb-HOSTNAME I do not have the winbind enum groups or users defined in my config file. The default is no for both. Also, winbind refused to function properly when I attempted setting the backend for my domain as tdb. Everywhere I've read, rid is safe for multiple domains and multiple winbind enabled systems, so long as those ranges are consistent throughout your winbind systems' config settings, and they have completely separate ranges. They must not overlap! Sample output: [hchoi@HOSTNAME hchoi](30)# wbinfo -i hchoi hchoi:*:2601:1513::/home/hchoi:/bin/bash [hchoi@HOSTNAME hchoi](31)# id hchoi uid=2601(hchoi) gid=1513(domain users) groups=1513(domain users),...,101(BUILTIN\users) [hchoi@HOSTNAME hchoi](34)# wbinfo -i administrator administrator:*:1500:1513::/home/administrator:/bin/bash [hchoi@HOSTNAME hchoi](32)# id administrator uid=1500(administrator) gid=1513(domain users) groups=1513(domain users),1520(group policy creator owners),1512(domain admins),2106(organization management),1519(enterprise admins),1518(schema admins),101(BUILTIN\users),100(BUILTIN\administrators) My remaining smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.NET server string = Linux Server security = ADS ntlm auth = No kerberos method = secrets and keytab log file = /var/log/samba/log.%m max log size = 1000 max protocol = SMB2 load printers = No printcap name = /dev/null disable spoolss = Yes wins server = 192.168.10.10, 192.168.10.11 template homedir = /home/%U template shell = /bin/bash winbind use default domain = Yes winbind offline logon = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes ... krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.NET dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [domain_realm] .mydomain.net = MYDOMAIN.NET mydomain.net = MYDOMAIN.NET Hope this helps.. On 07/12/2012 01:06 PM, Kevin Elliott wrote: I read the bugreport that Dale linked and ended up using the workaround listed there. Changes made to '/etc/samba/smb.conf' follow: @@ -28,9 +28,12 @@ winbind enum users = Yes winbind enum groups = Yes panic action = /usr/share/samba/panic-action %d -idmap config CBJ_NT:backend = rid -idmap config CBJ_NT:base_rid = 0 -idmap config CBJ_NT:range = 1-65533 +idmap config * : backend = rid +idmap config * : base_rid = 0 +idmap config * : range = 1-65533 idmap config LIBRARY:backend = rid idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:range = 65535-7 Does anyone have any idea why not explictly specifying the domain fixes this issue? -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Tuesday, July 10, 2012 11:18 To: Kevin Elliott Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND On 07/10/2012 12:56 PM, Kevin Elliott wrote: Hello all, I recently upgraded from Samba 3.5.6 (the version contained in Debian Stable) to Samba 3.6.5 (the version from Debian Backports) in an effort to closer track the current development to try and chase some long standing bugs out. I think I've resolved one problem but introduced another. I'm getting the WBC_ERR_DOMAIN_NOT_FOUND when I try to perform a SID to UID lookup much like so: city-liza-lnx:/var/log/samba# wbinfo -t checking the trust secret for domain CBJ_NT via RPC calls succeeded city-liza-lnx:/var/log/samba# wbinfo -n CBJ_NT+kevin_elliott S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1) city-liza-lnx:/var/log/samba# wbinfo -s S-1-5-21-505306839-1977890393-20515302-14949 CBJ_NT+kevin_elliott 1 city-liza-lnx:/var/log/samba# wbinfo -S S-1-5-21-505306839-1977890393-20515302-14949 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-505306839-1977890393-20515302-14949 to uid This looks like it has all the markings of following
[Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND
Hello all, I recently upgraded from Samba 3.5.6 (the version contained in Debian Stable) to Samba 3.6.5 (the version from Debian Backports) in an effort to closer track the current development to try and chase some long standing bugs out. I think I've resolved one problem but introduced another. I'm getting the WBC_ERR_DOMAIN_NOT_FOUND when I try to perform a SID to UID lookup much like so: city-liza-lnx:/var/log/samba# wbinfo -t checking the trust secret for domain CBJ_NT via RPC calls succeeded city-liza-lnx:/var/log/samba# wbinfo -n CBJ_NT+kevin_elliott S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1) city-liza-lnx:/var/log/samba# wbinfo -s S-1-5-21-505306839-1977890393-20515302-14949 CBJ_NT+kevin_elliott 1 city-liza-lnx:/var/log/samba# wbinfo -S S-1-5-21-505306839-1977890393-20515302-14949 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-505306839-1977890393-20515302-14949 to uid This looks like it has all the markings of following bugreport: https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 Before I follow this upstream can someone sanity check my configs for me? I understand that much has changed between 3.5 and 3.6 regarding the idmaping. [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 199.58.55.87/22, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes passdb backend = tdbsam password server = 199.58.55.25, 199.58.55.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 10 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 199.58.55.25 ldap ssl = no winbind enum users = Yes winbind enum groups = Yes panic action = /usr/share/samba/panic-action %d idmap config CBJ_NT:backend = rid idmap config CBJ_NT:base_rid = 0 idmap config CBJ_NT:range = 1-65533 idmap config LIBRARY:backend = rid idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:range = 65535-7 winbind separator = + winbind use default domain = Yes [ftp] comment = FTP directory path = /var/ftp/pub/ valid users = @CBJ_NT+domain users read only = No create mask = 0775 directory mask = 0775 hide unreadable = Yes Thank you for your consideration. -- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND
On 07/10/2012 12:56 PM, Kevin Elliott wrote: Hello all, I recently upgraded from Samba 3.5.6 (the version contained in Debian Stable) to Samba 3.6.5 (the version from Debian Backports) in an effort to closer track the current development to try and chase some long standing bugs out. I think I've resolved one problem but introduced another. I'm getting the WBC_ERR_DOMAIN_NOT_FOUND when I try to perform a SID to UID lookup much like so: city-liza-lnx:/var/log/samba# wbinfo -t checking the trust secret for domain CBJ_NT via RPC calls succeeded city-liza-lnx:/var/log/samba# wbinfo -n CBJ_NT+kevin_elliott S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1) city-liza-lnx:/var/log/samba# wbinfo -s S-1-5-21-505306839-1977890393-20515302-14949 CBJ_NT+kevin_elliott 1 city-liza-lnx:/var/log/samba# wbinfo -S S-1-5-21-505306839-1977890393-20515302-14949 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-505306839-1977890393-20515302-14949 to uid This looks like it has all the markings of following bugreport: https://bugzilla.samba.org/show_bug.cgi?id=8371#c5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 Before I follow this upstream can someone sanity check my configs for me? I understand that much has changed between 3.5 and 3.6 regarding the idmaping. [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 199.58.55.87/22, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes passdb backend = tdbsam password server = 199.58.55.25, 199.58.55.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 10 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 199.58.55.25 ldap ssl = no winbind enum users = Yes winbind enum groups = Yes panic action = /usr/share/samba/panic-action %d idmap config CBJ_NT:backend = rid idmap config CBJ_NT:base_rid = 0 idmap config CBJ_NT:range = 1-65533 idmap config LIBRARY:backend = rid idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:range = 65535-7 winbind separator = + winbind use default domain = Yes [ftp] comment = FTP directory path = /var/ftp/pub/ valid users = @CBJ_NT+domain users read only = No create mask = 0775 directory mask = 0775 hide unreadable = Yes Thank you for your consideration. Kevin, With idmap rid, it could also be this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 This bug has been in every version of 3.6. For me, a reboot of the system usually will fix the problem until the next samba/winbind restart is required; others have not been so fortunate. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba