Winbind error "Could not fetch our SID - did we join?"

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
We did, in fact, join mere seconds ago, but for some reason, winbind
still can't find itself. ADUC etc meanwhile have no trouble finding the
newly added computer account.

Wiping /var/{lib,cache}/samba/ (and the computer account) makes no
difference, the error persists.

How do I proceed?

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167

INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[global]"
Processing section "[homes]"
Processing section "[1_TAO_VISION_und_VERWALTUNG]"
Processing section "[2_TAO_GESCHAEFTSFELDINFOS]"
Processing section "[3_TAO_DENK_und_WERKZEUGE_TOOLS]"
Processing section "[4_TAO_PROJEKTE]"
Processing section "[5_TAO_ARCHIV]"
Processing section "[Bilder]"
Processing section "[buchhaltung]"
Processing section "[DBS]"
Processing section "[DSC_Scanner]"
Processing section "[public-villach]"
Processing section "[Videos]"
Processing section "[printers]"
Processing section "[print$]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain ad.tao.at
finddcs: looking for SRV records for _ldap._tcp.ad.tao.at
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.ad.tao.at<0x0>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
ads_dns_lookup_srv: 4 records returned in the answer section.
finddcs: DNS SRV response 0 at '192.168.17.65'
finddcs: DNS SRV response 1 at '192.168.16.213'
finddcs: DNS SRV response 2 at '192.168.17.66'
finddcs: DNS SRV response 3 at '192.168.16.211'
finddcs: performing CLDAP query on 192.168.17.65
finddcs: Found matching DC 192.168.17.65 with server_type=0x000003fd
Mapped to DCERPC endpoint \pipe\lsarpc
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 1
        TCP_KEEPCNT = 9
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 46080
        SO_RCVBUF = 372480
        SO_SNDLOWAT = 1
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
        TCP_QUICKACK = 1
        TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [AD\sven.schwedas]:
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1400
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will have no cryptographic protection
Mapped to DCERPC endpoint 135
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1400
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name graz-dc-sem.ad.tao.at<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1392
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
ldb_wrap open of ldap://graz-dc-sem.ad.tao.at
ldb_wrap open of secrets.ldb
Joined domain AD (S-1-5-21-3879549028-3895635520-2867903743)


[2017/11/13 10:56:40.771086,  3] ../source3/param/loadparm.c:3739(lp_load_ex)
  lp_load_ex: refreshing parameters
[2017/11/13 10:56:40.771168,  5] ../source3/param/loadparm.c:1312(free_param_opts)
  Freeing parametrics:
[2017/11/13 10:56:40.771236,  3] ../source3/param/loadparm.c:542(init_globals)
  Initialising global parameters
[2017/11/13 10:56:40.771276,  2] ../source3/param/loadparm.c:314(max_open_files)
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2017/11/13 10:56:40.771369,  3] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
  doing parameter log level = 5
[2017/11/13 10:56:40.771422,  5] ../lib/util/debug.c:642(debug_dump_status)
  INFO: Current debug levels:
    all: 5
    tdb: 5
    printdrivers: 5
    lanman: 5
    smb: 5
    rpc_parse: 5
    rpc_srv: 5
    rpc_cli: 5
    passdb: 5
    sam: 5
    auth: 5
    winbind: 5
    vfs: 5
    idmap: 5
    quota: 5
    acls: 5
    locking: 5
    msdfs: 5
    dmapi: 5
    registry: 5
    scavenger: 5
    dns: 5
    ldb: 5
    tevent: 5
  doing parameter workgroup = AD
  doing parameter realm = AD.TAO.AT
  doing parameter security = ADS
  doing parameter idmap config * : backend = tdb
  doing parameter idmap config * : range = 60000-61000
  doing parameter idmap config AD : backend = ad
  doing parameter idmap config AD : range = 4500-50000
  doing parameter idmap config AD : schema_mode = rfc2307
  doing parameter winbind nss info = rfc2307
  doing parameter winbind enum users = yes
  doing parameter winbind enum groups = yes
  doing parameter winbind use default domain = yes
  doing parameter winbind offline logon = yes
  doing parameter winbind max domain connections = 32
  doing parameter winbind expand groups = 4
  doing parameter winbind refresh tickets = yes
  doing parameter state directory = /var/cache/samba/
  doing parameter cache directory = /var/cache/samba/
  doing parameter lock directory = /var/cache/samba/
  doing parameter template homedir = /home/%U
  doing parameter template shell = /bin/bash
  doing parameter winbind reconnect delay = 5
  doing parameter winbind cache time = 30
  doing parameter load printers = no
  doing parameter unix extensions = no
  doing parameter include = /etc/samba/site.conf
[2017/11/13 10:56:40.772409,  3] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
  doing parameter netbios name = VILLACH-FILE
  doing parameter server string = Netzlaufwerke Villach
  doing parameter max stat cache size = 4096
  doing parameter client max protocol = SMB2
  doing parameter deadtime = 2
  doing parameter unix extensions = no
  doing parameter local master = no
  doing parameter read only = No
  doing parameter acl group control = Yes
  doing parameter create mask = 0770
  doing parameter force create mode = 0660
  doing parameter directory mask = 0770
  doing parameter force directory mode = 02770
  doing parameter inherit permissions = Yes
  doing parameter inherit acls = Yes
  doing parameter inherit owner = Yes
  doing parameter aio read size = 16384
  doing parameter aio write size = 16384
  doing parameter map acl inherit = Yes
  doing parameter block size = 4096
  doing parameter use sendfile = Yes
  doing parameter map archive = No
  doing parameter map readonly = no
  doing parameter store dos attributes = Yes
  doing parameter ldap timeout = 5
  doing parameter winbind reconnect delay = 2
  doing parameter winbind refresh tickets = yes
  doing parameter winbind request timeout = 5
  doing parameter load printers = yes
[2017/11/13 10:56:40.773111,  4] ../source3/param/loadparm.c:3780(lp_load_ex)
  pm_process() returned Yes
[2017/11/13 10:56:40.773303,  2] ../source3/lib/interface.c:345(add_interface)
  added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 10:56:40.773374,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.773420,  5] ../source3/lib/util_names.c:152(init_names)
  Netbios name list:-
  my_netbios_names[0]="VILLACH-FILE"
[2017/11/13 10:56:40.773550,  2] ../source3/lib/interface.c:345(add_interface)
  added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 10:56:40.774640,  4] ../source3/lib/time.c:266(TimeInit)
  TimeInit: Serverzone is -3600
[2017/11/13 10:56:40.775680,  5] ../source3/lib/tdb_validate.c:195(tdb_validate_open)
  tdb_validate_open called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.775777,  5] ../source3/lib/tdb_validate.c:112(tdb_validate)
  tdb_validate called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.779563,  5] ../source3/lib/tdb_validate.c:179(tdb_validate)
  tdb_validate returning code '0' for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.779663,  1] ../source3/lib/tdb_validate.c:480(tdb_validate_and_backup)
  tdb '/var/cache/samba/winbindd_cache.tdb' is valid
[2017/11/13 10:56:40.779716,  3] ../source3/lib/tdb_validate.c:379(rename_file_with_suffix)
  file '/var/cache/samba/winbindd_cache.tdb.bak' does not exist - so not moved
[2017/11/13 10:56:40.786847,  1] ../source3/lib/tdb_validate.c:490(tdb_validate_and_backup)
  Created backup '/var/cache/samba/winbindd_cache.tdb.bak' of tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.787137,  5] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
  check lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 10:56:40.787283,  5] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
  release lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 10:56:40.787328,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 33 - private_data=(nil)
[2017/11/13 10:56:40.787365,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 13 - private_data=(nil)
[2017/11/13 10:56:40.787400,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1028 - private_data=(nil)
[2017/11/13 10:56:40.787434,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1027 - private_data=(nil)
[2017/11/13 10:56:40.787469,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1029 - private_data=(nil)
[2017/11/13 10:56:40.787503,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1036 - private_data=(nil)
[2017/11/13 10:56:40.787538,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1035 - private_data=(nil)
[2017/11/13 10:56:40.787575,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1280 - private_data=(nil)
[2017/11/13 10:56:40.787609,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1032 - private_data=(nil)
[2017/11/13 10:56:40.787644,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1033 - private_data=(nil)
[2017/11/13 10:56:40.787678,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1034 - private_data=(nil)
[2017/11/13 10:56:40.787712,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1 - private_data=(nil)
[2017/11/13 10:56:40.787746,  5] ../source3/lib/messages.c:371(messaging_register)
  Overriding messaging pointer for type 1 - private_data=(nil)
[2017/11/13 10:56:40.787983,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.788077,  5] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 10:56:40.788117,  5] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
  check lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 10:56:40.788175,  5] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
  release lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 10:56:40.788217,  5] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 10:56:40.846132,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.846218,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.846261,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
  Added domain BUILTIN (null) S-1-5-32
[2017/11/13 10:56:40.846313,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend smbpasswd
[2017/11/13 10:56:40.846360,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'smbpasswd'
[2017/11/13 10:56:40.846397,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend tdbsam
[2017/11/13 10:56:40.846433,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'tdbsam'
[2017/11/13 10:56:40.846469,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend wbc_sam
[2017/11/13 10:56:40.846505,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'wbc_sam'
[2017/11/13 10:56:40.846540,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend samba_dsdb
[2017/11/13 10:56:40.846576,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'samba_dsdb'
[2017/11/13 10:56:40.846611,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend samba4
[2017/11/13 10:56:40.846649,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'samba4'
[2017/11/13 10:56:40.846685,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend ldapsam
[2017/11/13 10:56:40.846721,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'ldapsam'
[2017/11/13 10:56:40.846756,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend NDS_ldapsam
[2017/11/13 10:56:40.846792,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'NDS_ldapsam'
[2017/11/13 10:56:40.846829,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend IPA_ldapsam
[2017/11/13 10:56:40.846865,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'IPA_ldapsam'
[2017/11/13 10:56:40.846902,  5] ../source3/passdb/pdb_interface.c:155(make_pdb_method_name)
  Attempting to find a passdb backend to match tdbsam (tdbsam)
[2017/11/13 10:56:40.846938,  5] ../source3/passdb/pdb_interface.c:176(make_pdb_method_name)
  Found pdb backend tdbsam
[2017/11/13 10:56:40.846980,  5] ../source3/passdb/pdb_interface.c:187(make_pdb_method_name)
  pdb backend tdbsam has a valid init
[2017/11/13 10:56:40.847021,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847092,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847139,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847176,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
  Added domain VILLACH-FILE (null) S-1-5-21-2099295303-2754723936-1384751756
[2017/11/13 10:56:40.847223,  0] ../source3/winbindd/winbindd_util.c:902(init_domain_list)
  Could not fetch our SID - did we join?
[2017/11/13 10:56:40.847319,  0] ../source3/winbindd/winbindd.c:1401(winbindd_register_handlers)
  unable to initialize domain list


Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
        realm = AD.TAO.AT
        server string = Netzlaufwerke Villach
        workgroup = AD
        local master = No
        max stat cache size = 4096
        ldap timeout = 5
        cache directory = /var/cache/samba/
        lock directory = /var/cache/samba/
        state directory = /var/cache/samba/
        client max protocol = SMB2
        unix extensions = No
        security = ADS
        deadtime = 2
        template homedir = /home/%U
        template shell = /bin/bash
        winbind cache time = 30
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind expand groups = 4
        winbind max domain connections = 32
        winbind nss info = rfc2307
        winbind offline logon = Yes
        winbind reconnect delay = 2
        winbind refresh tickets = Yes
        winbind request timeout = 5
        winbind use default domain = Yes
        idmap config ad : schema_mode = rfc2307
        idmap config ad : range = 4500-50000
        idmap config ad : backend = ad
        idmap config * : range = 60000-61000
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        include = /etc/samba/site.conf
        map acl inherit = Yes
        acl group control = Yes
        create mask = 0770
        directory mask = 0770
        force create mode = 0660
        force directory mode = 02770
        inherit acls = Yes
        inherit owner = Yes
        inherit permissions = Yes
        read only = No
        aio read size = 16384
        aio write size = 16384
        block size = 4096
        use sendfile = Yes


[homes]
        comment = ~
        volume = nethome


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On Mon, 13 Nov 2017 11:02:48 +0100
Sven Schwedas via samba <[hidden email]> wrote:

> We did, in fact, join mere seconds ago, but for some reason, winbind
> still can't find itself. ADUC etc meanwhile have no trouble finding
> the newly added computer account.
>
> Wiping /var/{lib,cache}/samba/ (and the computer account) makes no
> difference, the error persists.
>
> How do I proceed?
>

Can you post /etc/hostname /etc/hosts /etc/krb5.conf /etc/resolv.conf

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
/etc/hostname:villach-file
/etc/hosts:# The following lines are desirable for IPv6 capable hosts
/etc/hosts:::1     localhost ip6-localhost ip6-loopback
/etc/hosts:ff02::1 ip6-allnodes
/etc/hosts:ff02::2 ip6-allrouters
/etc/hosts:127.0.0.1  localhost
/etc/hosts:192.168.16.214 villach-file
/etc/krb5.conf:[libdefaults]
/etc/krb5.conf: default_realm = AD.TAO.AT
/etc/krb5.conf: dns_lookup_realm = true
/etc/krb5.conf: dns_lookup_kdc = true
/etc/krb5.conf: default_keytab_name = FILE:/etc/krb5.keytab
/etc/krb5.conf:[domain_realm]
/etc/krb5.conf: .ad.tao.at = AD.TAO.AT
/etc/krb5.conf: ad.tao.at = AD.TAO.AT
/etc/krb5.conf: .tao.at = AD.TAO.AT
/etc/krb5.conf: tao.at = AD.TAO.AT
/etc/resolv.conf:nameserver 192.168.16.1
/etc/resolv.conf:domain ad.tao.at


On 2017-11-13 12:01, Rowland Penny wrote:

> On Mon, 13 Nov 2017 11:02:48 +0100
> Sven Schwedas via samba <[hidden email]> wrote:
>
>> We did, in fact, join mere seconds ago, but for some reason, winbind
>> still can't find itself. ADUC etc meanwhile have no trouble finding
>> the newly added computer account.
>>
>> Wiping /var/{lib,cache}/samba/ (and the computer account) makes no
>> difference, the error persists.
>>
>> How do I proceed?
>>
>
> Can you post /etc/hostname /etc/hosts /etc/krb5.conf /etc/resolv.conf
>
> Rowland
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On Mon, 13 Nov 2017 12:05:33 +0100
Sven Schwedas <[hidden email]> wrote:

> /etc/hostname:villach-file
> /etc/hosts:# The following lines are desirable for IPv6 capable hosts
> /etc/hosts:::1     localhost ip6-localhost ip6-loopback
> /etc/hosts:ff02::1 ip6-allnodes
> /etc/hosts:ff02::2 ip6-allrouters
> /etc/hosts:127.0.0.1  localhost
> /etc/hosts:192.168.16.214 villach-file

I would change the above line to:

192.168.16.214 villach-file.ad.tao.at villach-file

> /etc/krb5.conf:[libdefaults]
> /etc/krb5.conf: default_realm = AD.TAO.AT
> /etc/krb5.conf: dns_lookup_realm = true
> /etc/krb5.conf: dns_lookup_kdc = true
> /etc/krb5.conf: default_keytab_name = FILE:/etc/krb5.keytab
> /etc/krb5.conf:[domain_realm]
> /etc/krb5.conf: .ad.tao.at = AD.TAO.AT
> /etc/krb5.conf: ad.tao.at = AD.TAO.AT
> /etc/krb5.conf: .tao.at = AD.TAO.AT
> /etc/krb5.conf: tao.at = AD.TAO.AT

/etc/krb5.conf only needs to contain this:

[libdefaults]
    default_realm = AD.TAO.AT
    dns_lookup_realm = false
    dns_lookup_kdc = true

> /etc/resolv.conf:nameserver 192.168.16.1
> /etc/resolv.conf:domain ad.tao.at
>

I would change 'domain ad.tao.at' to 'search ad.tao.at'

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On 2017-11-13 12:33, Rowland Penny via samba wrote:

> On Mon, 13 Nov 2017 12:05:33 +0100
> Sven Schwedas <[hidden email]> wrote:
>
>> /etc/hostname:villach-file
>> /etc/hosts:# The following lines are desirable for IPv6 capable hosts
>> /etc/hosts:::1     localhost ip6-localhost ip6-loopback
>> /etc/hosts:ff02::1 ip6-allnodes
>> /etc/hosts:ff02::2 ip6-allrouters
>> /etc/hosts:127.0.0.1  localhost
>> /etc/hosts:192.168.16.214 villach-file
>
> I would change the above line to:
>
> 192.168.16.214 villach-file.ad.tao.at villach-file
Changed (bringing the config file in line with others), makes no
difference, even after wiping samba config/cache and re-joining.

>> /etc/krb5.conf:[libdefaults]
>> /etc/krb5.conf: default_realm = AD.TAO.AT
>> /etc/krb5.conf: dns_lookup_realm = true
>> /etc/krb5.conf: dns_lookup_kdc = true
>> /etc/krb5.conf: default_keytab_name = FILE:/etc/krb5.keytab
>> /etc/krb5.conf:[domain_realm]
>> /etc/krb5.conf: .ad.tao.at = AD.TAO.AT
>> /etc/krb5.conf: ad.tao.at = AD.TAO.AT
>> /etc/krb5.conf: .tao.at = AD.TAO.AT
>> /etc/krb5.conf: tao.at = AD.TAO.AT
>
> /etc/krb5.conf only needs to contain this:
>
> [libdefaults]
>     default_realm = AD.TAO.AT
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
Same krb5.conf works on a dozen other servers. How would changing it
make a difference?

>> /etc/resolv.conf:nameserver 192.168.16.1
>> /etc/resolv.conf:domain ad.tao.at
>>
>
> I would change 'domain ad.tao.at' to 'search ad.tao.at'

Same resolv.conf works on a dozen other servers. How would changing it
make a difference?



Could we please not waste a week poking at random unrelated stuff this
time? These "I try the same stuff no matter what the problem is"
boilerplate emails become really grating after the first few times. :/

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On Mon, 13 Nov 2017 13:18:20 +0100
Sven Schwedas via samba <[hidden email]> wrote:

>
>
> Could we please not waste a week poking at random unrelated stuff this
> time? These "I try the same stuff no matter what the problem is"
> boilerplate emails become really grating after the first few times. :/
>

No problem Sven, I will not waste one more moment on your problem.
I was just trying to give you advice based on what I know works and
from what you posted.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On 2017-11-13 13:31, Rowland Penny wrote:

> On Mon, 13 Nov 2017 13:18:20 +0100
> Sven Schwedas via samba <[hidden email]> wrote:
>
>> Could we please not waste a week poking at random unrelated stuff this
>> time? These "I try the same stuff no matter what the problem is"
>> boilerplate emails become really grating after the first few times. :/
>
> No problem Sven, I will not waste one more moment on your problem.
> I was just trying to give you advice based on what I know works and
> from what you posted.
It's hard to convey tone on the internet, I know. But blindly fiddling
with config settings that don't seem to be related to the problem at all
– after all, both kerberos and DNS worked fine during the join, as the
debug info clearly states –, and don't seem to make problems on other
servers, just looks pointless. *Why* would these configuration changes
help here?


Looking at the winbindd log at maximum debug level, there doesn't seem
to be even an *attempt* to find the domain, much less errors from
failing to do so.

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167

[2017/11/13 13:19:34.303725,  3, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3739(lp_load_ex)
  lp_load_ex: refreshing parameters
[2017/11/13 13:19:34.303806,  5, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1312(free_param_opts)
  Freeing parametrics:
[2017/11/13 13:19:34.303872,  3, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:542(init_globals)
  Initialising global parameters
[2017/11/13 13:19:34.303912,  2, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:314(max_open_files)
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2017/11/13 13:19:34.304003,  3, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
  doing parameter log level = 10
[2017/11/13 13:19:34.304056,  5, pid=8133, effective(0, 0), real(0, 0)] ../lib/util/debug.c:642(debug_dump_status)
  INFO: Current debug levels:
    all: 10
    tdb: 10
    printdrivers: 10
    lanman: 10
    smb: 10
    rpc_parse: 10
    rpc_srv: 10
    rpc_cli: 10
    passdb: 10
    sam: 10
    auth: 10
    winbind: 10
    vfs: 10
    idmap: 10
    quota: 10
    acls: 10
    locking: 10
    msdfs: 10
    dmapi: 10
    registry: 10
    scavenger: 10
    dns: 10
    ldb: 10
    tevent: 10
  doing parameter workgroup = AD
  doing parameter realm = AD.TAO.AT
  doing parameter security = ADS
  doing parameter idmap config * : backend = tdb
  doing parameter idmap config * : range = 60000-61000
  doing parameter idmap config AD : backend = ad
  doing parameter idmap config AD : range = 4500-50000
  doing parameter idmap config AD : schema_mode = rfc2307
  doing parameter winbind nss info = rfc2307
  doing parameter winbind enum users = yes
  doing parameter winbind enum groups = yes
  doing parameter winbind use default domain = yes
  doing parameter winbind offline logon = yes
  doing parameter winbind max domain connections = 32
  doing parameter winbind expand groups = 4
  doing parameter winbind refresh tickets = yes
  doing parameter state directory = /var/cache/samba/
  doing parameter cache directory = /var/cache/samba/
  doing parameter lock directory = /var/cache/samba/
  doing parameter template homedir = /home/%U
  doing parameter template shell = /bin/bash
  doing parameter winbind reconnect delay = 5
  doing parameter winbind cache time = 30
  doing parameter load printers = no
  doing parameter unix extensions = no
  doing parameter include = /etc/samba/site.conf
[2017/11/13 13:19:34.305007,  3, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
  doing parameter netbios name = villach-file
  doing parameter server string = Netzlaufwerke Villach
  doing parameter max stat cache size = 4096
  doing parameter client max protocol = SMB2
  doing parameter deadtime = 2
  doing parameter unix extensions = no
  doing parameter local master = no
  doing parameter read only = No
  doing parameter acl group control = Yes
  doing parameter create mask = 0770
  doing parameter force create mode = 0660
  doing parameter directory mask = 0770
  doing parameter force directory mode = 02770
  doing parameter inherit permissions = Yes
  doing parameter inherit acls = Yes
  doing parameter inherit owner = Yes
  doing parameter aio read size = 16384
  doing parameter aio write size = 16384
  doing parameter map acl inherit = Yes
  doing parameter block size = 4096
  doing parameter use sendfile = Yes
  doing parameter map archive = No
  doing parameter map readonly = no
  doing parameter store dos attributes = Yes
  doing parameter ldap timeout = 5
  doing parameter winbind reconnect delay = 2
  doing parameter winbind refresh tickets = yes
  doing parameter winbind request timeout = 5
  doing parameter load printers = yes
[2017/11/13 13:19:34.305745,  4, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:3780(lp_load_ex)
  pm_process() returned Yes
[2017/11/13 13:19:34.305788,  7, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4096(lp_servicenumber)
  lp_servicenumber: couldn't find homes
[2017/11/13 13:19:34.305972,  2, pid=8133, effective(0, 0), real(0, 0)] ../source3/lib/interface.c:345(add_interface)
  added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 13:19:34.306020,  1, pid=8133, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 13:19:34.306067,  5, pid=8133, effective(0, 0), real(0, 0)] ../source3/lib/util_names.c:152(init_names)
  Netbios name list:-
  my_netbios_names[0]="VILLACH-FILE"
[2017/11/13 13:19:34.306181,  2, pid=8133, effective(0, 0), real(0, 0)] ../source3/lib/interface.c:345(add_interface)
  added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 13:19:34.307203,  8, pid=8134, effective(0, 0), real(0, 0)] ../lib/util/util.c:390(fcntl_lock)
  fcntl_lock 13 6 0 1 1
[2017/11/13 13:19:34.307328,  8, pid=8134, effective(0, 0), real(0, 0)] ../lib/util/util.c:425(fcntl_lock)
  fcntl_lock: Lock call successful
[2017/11/13 13:19:34.307418,  4, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/time.c:266(TimeInit)
  TimeInit: Serverzone is -3600
[2017/11/13 13:19:34.307706, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm_ref.c:142(msg_dgm_ref_destructor)
  msg_dgm_ref_destructor: refs=(nil)
[2017/11/13 13:19:34.308006, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm_ref.c:76(messaging_dgm_ref)
  messaging_dgm_ref: messaging_dgm_init returned Success
[2017/11/13 13:19:34.308055, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm_ref.c:105(messaging_dgm_ref)
  messaging_dgm_ref: unique = 14504610787473704759
[2017/11/13 13:19:34.308155, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4305(winbindd_validate_cache)
  winbindd_validate_cache: replacing panic function
[2017/11/13 13:19:34.308327, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4329(winbindd_validate_cache)
  Fresh database
[2017/11/13 13:19:34.308472,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:195(tdb_validate_open)
  tdb_validate_open called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 13:19:34.308540,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:112(tdb_validate)
  tdb_validate called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 13:19:34.308575, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:118(tdb_validate)
  tdb_validate: forking to let child do validation.
[2017/11/13 13:19:34.309049, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:135(tdb_validate)
  tdb_validate: fork succeeded, child PID = 8135
[2017/11/13 13:19:34.309103, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:137(tdb_validate)
  tdb_validate: waiting for child to finish...
[2017/11/13 13:19:34.309122, 10, pid=8135, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:122(tdb_validate)
  tdb_validate (validation child): created
[2017/11/13 13:19:34.309249, 10, pid=8135, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:124(tdb_validate)
  tdb_validate (validation child): calling tdb_validate_child
[2017/11/13 13:19:34.309957, 10, pid=8135, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:68(tdb_validate_child)
  tdb_validate_child: tdb /var/cache/samba/winbindd_cache.tdb freelist has 1 entries
[2017/11/13 13:19:34.310059, 10, pid=8135, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4122(validate_cache_version)
  validate_cache_version: WINBINDD_CACHE_VERSION ok
[2017/11/13 13:19:34.310142, 10, pid=8135, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:81(tdb_validate_child)
  tdb_validate_child: tdb /var/cache/samba/winbindd_cache.tdb is good with 1 entries
[2017/11/13 13:19:34.310191, 10, pid=8135, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:85(tdb_validate_child)
  tdb_validate_child: summary of validation status:
   * tdb error: no
   * bad freelist: no
   * bad entry: no
   * unknown key: no
   => overall success: yes
[2017/11/13 13:19:34.312503, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:155(tdb_validate)
  tdb_validate: validating child returned.
[2017/11/13 13:19:34.312566, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:158(tdb_validate)
  tdb_validate: child exited, code 0.
[2017/11/13 13:19:34.312598,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:179(tdb_validate)
  tdb_validate returning code '0' for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 13:19:34.312643,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:480(tdb_validate_and_backup)
  tdb '/var/cache/samba/winbindd_cache.tdb' is valid
[2017/11/13 13:19:34.312685,  3, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:379(rename_file_with_suffix)
  file '/var/cache/samba/winbindd_cache.tdb.bak' does not exist - so not moved
[2017/11/13 13:19:34.313087, 10, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:332(tdb_backup)
  tdb_backup: successfully copied 1 entries
[2017/11/13 13:19:34.337404,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/tdb_validate.c:490(tdb_validate_and_backup)
  Created backup '/var/cache/samba/winbindd_cache.tdb.bak' of tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 13:19:34.337475, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4362(winbindd_validate_cache)
  winbindd_validate_cache: restoring panic function
[2017/11/13 13:19:34.337782,  5, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
  check lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 13:19:34.337839, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:114(debug_lock_order)
  lock order:  1:<none> 2:/var/cache/samba/serverid.tdb 3:<none>
[2017/11/13 13:19:34.337889, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
  Locking key C61F000000000000FFFF
[2017/11/13 13:19:34.337937, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal)
  Allocated locked data 0x0x55d6657460d0
[2017/11/13 13:19:34.338092, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
  Unlocking key C61F000000000000FFFF
[2017/11/13 13:19:34.338148,  5, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
  release lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 13:19:34.338194, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:114(debug_lock_order)
  lock order:  1:<none> 2:<none> 3:<none>
[2017/11/13 13:19:34.338237,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 33 - private_data=(nil)
[2017/11/13 13:19:34.338283,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 13 - private_data=(nil)
[2017/11/13 13:19:34.338325,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1028 - private_data=(nil)
[2017/11/13 13:19:34.338367,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1027 - private_data=(nil)
[2017/11/13 13:19:34.338408,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1029 - private_data=(nil)
[2017/11/13 13:19:34.338450,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1036 - private_data=(nil)
[2017/11/13 13:19:34.338492,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1035 - private_data=(nil)
[2017/11/13 13:19:34.338533,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1280 - private_data=(nil)
[2017/11/13 13:19:34.338575,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1032 - private_data=(nil)
[2017/11/13 13:19:34.338616,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1033 - private_data=(nil)
[2017/11/13 13:19:34.338658,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1034 - private_data=(nil)
[2017/11/13 13:19:34.338700,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1 - private_data=(nil)
[2017/11/13 13:19:34.338742,  5, pid=8134, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:371(messaging_register)
  Overriding messaging pointer for type 1 - private_data=(nil)
[2017/11/13 13:19:34.339017,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 13:19:34.339124,  5, pid=8134, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 13:19:34.339171,  5, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
  check lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 13:19:34.339214, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:114(debug_lock_order)
  lock order:  1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none>
[2017/11/13 13:19:34.339260, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
  Locking key 534543524554532F5349
[2017/11/13 13:19:34.339305, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal)
  Allocated locked data 0x0x55d6657473a0
[2017/11/13 13:19:34.339374, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
  Unlocking key 534543524554532F5349
[2017/11/13 13:19:34.339421,  5, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
  release lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 13:19:34.339464, 10, pid=8134, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:114(debug_lock_order)
  lock order:  1:<none> 2:<none> 3:<none>
[2017/11/13 13:19:34.339508,  5, pid=8134, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 13:19:34.391460, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4727(wcache_tdc_add_domain)
  wcache_tdc_add_domain: Adding domain BUILTIN ((null)), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x0
[2017/11/13 13:19:34.391548, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4530(pack_tdc_domains)
  pack_tdc_domains: Packing 1 trusted domains
[2017/11/13 13:19:34.391597, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4549(pack_tdc_domains)
  pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2017/11/13 13:19:34.391671,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 13:19:34.391748,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 13:19:34.391793,  2, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
  Added domain BUILTIN (null) S-1-5-32
[2017/11/13 13:19:34.391844,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend smbpasswd
[2017/11/13 13:19:34.391893,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'smbpasswd'
[2017/11/13 13:19:34.391933,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend tdbsam
[2017/11/13 13:19:34.391972,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'tdbsam'
[2017/11/13 13:19:34.392011,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend wbc_sam
[2017/11/13 13:19:34.392049,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'wbc_sam'
[2017/11/13 13:19:34.392087,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend samba_dsdb
[2017/11/13 13:19:34.392132,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'samba_dsdb'
[2017/11/13 13:19:34.392171,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend samba4
[2017/11/13 13:19:34.392209,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'samba4'
[2017/11/13 13:19:34.392250,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend ldapsam
[2017/11/13 13:19:34.392290,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'ldapsam'
[2017/11/13 13:19:34.392328,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend NDS_ldapsam
[2017/11/13 13:19:34.392367,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'NDS_ldapsam'
[2017/11/13 13:19:34.392406,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend IPA_ldapsam
[2017/11/13 13:19:34.392444,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'IPA_ldapsam'
[2017/11/13 13:19:34.392483,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:155(make_pdb_method_name)
  Attempting to find a passdb backend to match tdbsam (tdbsam)
[2017/11/13 13:19:34.392522,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:176(make_pdb_method_name)
  Found pdb backend tdbsam
[2017/11/13 13:19:34.392566,  5, pid=8134, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:187(make_pdb_method_name)
  pdb backend tdbsam has a valid init
[2017/11/13 13:19:34.392610,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 13:19:34.392652, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4727(wcache_tdc_add_domain)
  wcache_tdc_add_domain: Adding domain VILLACH-FILE ((null)), SID S-1-5-21-482308548-2934895050-1723094000, flags = 0x0, attributes = 0x0, type = 0x0
[2017/11/13 13:19:34.392713, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4530(pack_tdc_domains)
  pack_tdc_domains: Packing 2 trusted domains
[2017/11/13 13:19:34.392761, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4549(pack_tdc_domains)
  pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2017/11/13 13:19:34.392802, 10, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4549(pack_tdc_domains)
  pack_tdc_domains: Packing domain VILLACH-FILE (UNKNOWN)
[2017/11/13 13:19:34.392859,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 13:19:34.392907,  1, pid=8134, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 13:19:34.392948,  2, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
  Added domain VILLACH-FILE (null) S-1-5-21-482308548-2934895050-1723094000
[2017/11/13 13:19:34.392998,  0, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:902(init_domain_list)
  Could not fetch our SID - did we join?
[2017/11/13 13:19:34.393101,  0, pid=8134, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:1401(winbindd_register_handlers)
  unable to initialize domain list


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
Making no additional changes to the configuration, using "net ads join"
instead of "samba-tool domain join" immediately worked. I'd be really
curious where's the difference between the two and why samba-tool
pretends to not have run into any errors…

On 2017-11-13 13:40, Sven Schwedas via samba wrote:

> On 2017-11-13 13:31, Rowland Penny wrote:
>> On Mon, 13 Nov 2017 13:18:20 +0100
>> Sven Schwedas via samba <[hidden email]> wrote:
>>
>>> Could we please not waste a week poking at random unrelated stuff this
>>> time? These "I try the same stuff no matter what the problem is"
>>> boilerplate emails become really grating after the first few times. :/
>>
>> No problem Sven, I will not waste one more moment on your problem.
>> I was just trying to give you advice based on what I know works and
>> from what you posted.
>
> It's hard to convey tone on the internet, I know. But blindly fiddling
> with config settings that don't seem to be related to the problem at all
> – after all, both kerberos and DNS worked fine during the join, as the
> debug info clearly states –, and don't seem to make problems on other
> servers, just looks pointless. *Why* would these configuration changes
> help here?
>
>
> Looking at the winbindd log at maximum debug level, there doesn't seem
> to be even an *attempt* to find the domain, much less errors from
> failing to do so.
>
>
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On Mon, 13 Nov 2017 14:32:11 +0100
Sven Schwedas via samba <[hidden email]> wrote:

> Making no additional changes to the configuration, using "net ads
> join" instead of "samba-tool domain join" immediately worked. I'd be
> really curious where's the difference between the two and why
> samba-tool pretends to not have run into any errors…
>

This is the first time you mentioned that you used samba-tool to join
the Unix domain member to the domain.

Did you read this Samba wikipage:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Joining_the_Domain

If you did, did you entirely miss the big fat warning in the middle of
the page ???

The one that says:

Do not provision or join a domain member using the samba-tool utility.
These options are unsupported and can cause problems with your AD
replication.

Rowland

PS, your configs are still wrong.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On 2017-11-13 14:55, Rowland Penny wrote:

> On Mon, 13 Nov 2017 14:32:11 +0100
> Sven Schwedas via samba <[hidden email]> wrote:
>
>> Making no additional changes to the configuration, using "net ads
>> join" instead of "samba-tool domain join" immediately worked. I'd be
>> really curious where's the difference between the two and why
>> samba-tool pretends to not have run into any errors…
>>
>
> This is the first time you mentioned that you used samba-tool to join
> the Unix domain member to the domain.
Yeah, brain fart on my part, I figured I had it in the attachment file
name in my first email, but I just realized I named it too ambiguously.

> Did you read this Samba wikipage:

No, I foolishly assumed that manpages would suffice.

> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Joining_the_Domain
>
> If you did, did you entirely miss the big fat warning in the middle of
> the page ???
>
> The one that says:
>
> Do not provision or join a domain member using the samba-tool utility.
> These options are unsupported and can cause problems with your AD
> replication.
Sounds like something that should be added to the samba-tool manpage /
--help output. I'll try to make a pull request later this week…

> PS, your configs are still wrong.

It would be *really* helpful if you explained *why*. Sprinkling magic
pixie dust over random config files isn't exactly purposeful debugging.

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On Mon, 13 Nov 2017 15:20:05 +0100
Sven Schwedas <[hidden email]> wrote:
>
> > PS, your configs are still wrong.
>
> It would be *really* helpful if you explained *why*. Sprinkling magic
> pixie dust over random config files isn't exactly purposeful
> debugging.
>

Lets start with /etc/krb5.conf

Samba doesn't need most of what you will find in it, this is mostly
because most of what you will find there, is a default setting.
Believe it, or believe it not, you only really need:

[libdefaults]
    default_realm = AD.TAO.AT

using 'search' in /etc/resolv.conf means you use host-name lookups

/etc/hosts should contain information in the following format:

ipaddress 'canonical-name' 'alias'

'canonical-name' is anotherway of saying FQDN
'alias' is another way of saying short hostname

When trying to identify a problem, you start with the obvious from the
info supplied and fix anything that might be causing the problem.
If this doesn't work, then look further, ask other questions etc

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On 2017-11-13 16:00, Rowland Penny via samba wrote:

> On Mon, 13 Nov 2017 15:20:05 +0100
> Sven Schwedas <[hidden email]> wrote:
>>
>>> PS, your configs are still wrong.
>>
>> It would be *really* helpful if you explained *why*. Sprinkling magic
>> pixie dust over random config files isn't exactly purposeful
>> debugging.
>>
>
> Lets start with /etc/krb5.conf
>
> Samba doesn't need most of what you will find in it, this is mostly
> because most of what you will find there, is a default setting.
> Believe it, or believe it not, you only really need:
>
> [libdefaults]
>     default_realm = AD.TAO.AT
'unnecessary' and 'wrong' are two different things. No doubt that the
config files are overly verbose, but that doesn't make them wrong, does it?

> using 'search' in /etc/resolv.conf means you use host-name lookups

'search' and 'domain' are supposed to be idempotent if there's only one
domain, aren't they?

> /etc/hosts should contain information in the following format:
>
> ipaddress 'canonical-name' 'alias'
>
> 'canonical-name' is anotherway of saying FQDN
> 'alias' is another way of saying short hostname

But how does it affect samba?

> When trying to identify a problem, you start with the obvious from the
> info supplied and fix anything that might be causing the problem.
> If this doesn't work, then look further, ask other questions etc

Yes, but I'd like to get away from asking the *same* five questions
every time by understanding *how* Samba reacts to changes /
misconfigurations here.

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP [hidden email] | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
On Mon, 13 Nov 2017 16:22:35 +0100
Sven Schwedas via samba <[hidden email]> wrote:

> On 2017-11-13 16:00, Rowland Penny via samba wrote:
> > On Mon, 13 Nov 2017 15:20:05 +0100
> > Sven Schwedas <[hidden email]> wrote:
> >>
> >>> PS, your configs are still wrong.
> >>
> >> It would be *really* helpful if you explained *why*. Sprinkling
> >> magic pixie dust over random config files isn't exactly purposeful
> >> debugging.
> >>
> >
> > Lets start with /etc/krb5.conf
> >
> > Samba doesn't need most of what you will find in it, this is mostly
> > because most of what you will find there, is a default setting.
> > Believe it, or believe it not, you only really need:
> >
> > [libdefaults]
> >     default_realm = AD.TAO.AT
>
> 'unnecessary' and 'wrong' are two different things. No doubt that the
> config files are overly verbose, but that doesn't make them wrong,
> does it?

No, but if you re-read my original post, you will see that I said what
I would do, which is to change the configs to known working examples.

>
> > using 'search' in /etc/resolv.conf means you use host-name lookups
>
> 'search' and 'domain' are supposed to be idempotent if there's only
> one domain, aren't they?

I think you might be misunderstanding the use of 'domain' and 'search'
in /etc/resolv.conf. They are mutually-exclusive, that is, you can use
one or the other, but not both. If you do use both, the last one found
is used.
 
>
> > /etc/hosts should contain information in the following format:
> >
> > ipaddress 'canonical-name' 'alias'
> >
> > 'canonical-name' is anotherway of saying FQDN
> > 'alias' is another way of saying short hostname
>
> But how does it affect samba?

Where do think Samba gets the domain name from ?

>
> > When trying to identify a problem, you start with the obvious from
> > the info supplied and fix anything that might be causing the
> > problem. If this doesn't work, then look further, ask other
> > questions etc
>
> Yes, but I'd like to get away from asking the *same* five questions
> every time by understanding *how* Samba reacts to changes /
> misconfigurations here.
>

I can understand this, but it didn't come across in that way ;-)

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Winbind error "Could not fetch our SID - did we join?"

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 2017-11-13 at 14:32 +0100, Sven Schwedas via samba wrote:
> Making no additional changes to the configuration, using "net ads join"
> instead of "samba-tool domain join" immediately worked. I'd be really
> curious where's the difference between the two and why samba-tool
> pretends to not have run into any errors…

Sorry about that.  This is a leakage from the time when the project was
split into two halves and the AD DC effort had duplicate tools.

The problem is made more difficult by the fact that we do sync the
other database records involved, so are missing only the domain SID.

Sorry,

Andrew Bartlett

--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT  
https://catalyst.net.nz/services/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba