wbinfo -u error

Hello,


After update to 4.7.4 on my DC's I see some strange, non-critical (I think)
though behaviour.

I've noticed that:

sometimes running command

wbinfo -u

doesn't list any of the users, in log i see this:

*../source3/rpc_client/cli_pipe.c:568(cli_pipe_validate_current_pdu)*
*../source3/rpc_client/cli_pipe.c:568: RPC fault code
DCERPC_NCA_S_PROTO_ERROR received from host dc3!*
*../source3/winbindd/winbindd_rpc.c:403(rpc_rids_to_names)*
*rids_to_names: failed to lookup sids: NT_STATUS_RPC_PROTOCOL_ERROR*

runnign wbinfo -g works fine

samba-tool user list works fine

converting via wbinfo sid to uid,  or uid to sid,  or sid to name works
fine even when error as above occurs.

after restarting samba, wbinfo -u works fine for random period of time.

When error as above occurs AD DC works fine (i think), that is: users are
able to authenticate, and I see in logs, that "sid-to-name" are resolved
correctly.


*[global]*

*        netbios name = DC3*
*        realm = MYDOMAIN.COM <http://MYDOMAIN.COM>*
*        server services = -nbt -dns*
*        workgroup = SAMDOM*
*        server role = active directory domain controller*
*        comment =*
*        allow dns updates = secure*
*        idmap_ldb:use rfc2307 = yes*

*        log level = 1 auth_audit:3 auth_json_audit:3 winbind:4 smb:3*
*        log file = /var/log/samba.log.%m*
*        logging = syslog@3*
*        max log size = 500*
*#below is used because of freeradius which uses ntlm_auth*
*        lanman auth = no*
*        ntlm auth = yes*
*        raw NTLMv2 auth = yes*

*        template homedir = /home/%U@%D*
*        template shell = /bin/bash*

*        load printers = no*
*        printing = bsd*
*        printcap name = /dev/null*
*        disable spoolss = yes*

*        tls enabled = yes*
*        tls keyfile = /usr/local/samba/private/tls/dc3.key.pem*
*        tls certfile = /usr/local/samba/private/tls/dc3.cert.pem*
*        tls cafile = /usr/local/samba/private/tls/ca-chain.cert.pem*

*[netlogon]*
*        path = /usr/local/samba/var/locks/sysvol/mydomain.com/scripts
<http://mydomain.com/scripts>*
*        read only = No*

*[sysvol]*
*        path = /usr/local/samba/var/locks/sysvol*
*        read only = No*

One thing that slightly bothers me is that sometimes users take seemingly
longer to authenticate and there are problems with GPO processing, for
example when I run on windows client "gpudpate" i get random errors that
policy XYZ couldn't be processed. When i run "getfacl" on said policy, and
check ACL form windows perspective I see absolutely nothing out of order
(no difference between other policies that are processed without issue) I
have no idea if this is at all connected, or is it connected with my
different question.
Comments/help appreciated
Regards,
Kacper
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Wed, 10 Jan 2018, Kacper Wirski via samba wrote:

I too am seeing this behavior. The only way to get it working again is to restart
samba. I need to do this about once a day.

Like you, it appears that everything is working normally.

The one difference in my setup is that the DC I am having the problem with is
running 4.7.3.

I just verified that I too am seeing the errors listed above in my logs.

I posted to the list back in December about this problem and never received a
response. At that time I did not see the errors in the log (I suspect had the
log level too low) but they are definitely there now.

The previous post contains my smb.conf and other details. It can be found @
https://lists.samba.org/archive/samba/2017-December/212884.html.

Regards,

--
Tom [hidden email]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba