Quantcast

winbind confused about the DC's

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

winbind confused about the DC's

Timo Aaltonen

  Hi

   Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't.
The log.winbindd-idmap is filled with this:

[2010/01/28 10:32:56,  4] libsmb/namequery_dc.c:73(ads_dc_name)
   ads_dc_name: domain=*
[2010/01/28 10:32:56,  3] libsmb/namequery.c:1972(get_dc_list)
   get_dc_list: preferred server list: ", *"
[2010/01/28 10:32:56,  3] libads/dns.c:343(dns_send_req)
   ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
[2010/01/28 10:32:56,  3] libads/dns.c:413(ads_dns_lookup_srv)
   ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
[2010/01/28 10:32:56,  4] libsmb/namequery.c:2004(get_dc_list)
   get_dc_list: no servers found
[2010/01/28 10:32:56,  3] libsmb/namequery.c:1972(get_dc_list)
   get_dc_list: preferred server list: ", *"
[2010/01/28 10:32:56,  3] libsmb/namequery.c:1225(resolve_lmhosts)
   resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c>
[2010/01/28 10:32:56,  4] libsmb/namequery.c:839(startlmhosts)
   startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
[2010/01/28 10:32:56,  3] libsmb/namequery.c:1089(resolve_wins)
   resolve_wins: Attempting wins lookup for name *<0x1c>
[2010/01/28 10:32:56,  3] libsmb/namequery.c:1093(resolve_wins)
   resolve_wins: WINS server resolution selected and no WINS servers listed.
[2010/01/28 10:32:56,  3] libsmb/namequery.c:1016(name_resolve_bcast)
   name_resolve_bcast: Attempting broadcast lookup for name *<0x1c>
[2010/01/28 10:32:57,  4] libsmb/namequery.c:2004(get_dc_list)
   get_dc_list: no servers found
[2010/01/28 10:32:58,  3] libsmb/namequery_dc.c:167(rpc_dc_name)
   Could not look up dc's for domain *
[2010/01/28 10:32:58,  1] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal)
   ad_idmap_init: failed to connect to AD
[2010/01/28 10:32:58,  1] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids)
   ADS uninitialized: No logon servers


The first one is alarming. Why does it try a wildcard? Especially since
log.winbindd-dc-connect has this:

[2010/01/28 10:41:10,  4] libsmb/namequery_dc.c:73(ads_dc_name)
   ads_dc_name: domain=AALTO
[2010/01/28 10:41:10,  3] libsmb/namequery.c:1972(get_dc_list)
   get_dc_list: preferred server list: "DC04.org.aalto.fi, *"
[2010/01/28 10:41:10,  4] libsmb/namequery.c:2105(get_dc_list)
   get_dc_list: returning 4 ip addresses in an ordered list
[2010/01/28 10:41:10,  4] libsmb/namequery.c:2106(get_dc_list)
   get_dc_list: 130.233.251.7:389 130.233.251.6:389 130.233.251.5:389 130.233.251.4:389
[2010/01/28 10:41:10,  3] libads/ldap.c:621(ads_connect)
   Successfully contacted LDAP server 130.233.251.7
  .
  .
  .

??

running 3.4.3 on ubuntu devel release.

t
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: winbind confused about the DC's

Timo Aaltonen
On Thu, 28 Jan 2010, Timo Aaltonen wrote:

>
> Hi
>
>  Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The
> log.winbindd-idmap is filled with this:

More verbose part of the log where it goes wrong:

[2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:479(set_domain_online_request)
  set_domain_online_request: called for domain AALTO
[2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:508(set_domain_online_request)
  set_domain_online_request: domain AALTO was globally offline.
[2010/01/28 13:29:52, 10] lib/events.c:287(s3_event_debug)  s3_event:
  Added timed event "check_domain_online_handler": 0x25635b0
[2010/01/28 13:29:52, 10] lib/events.c:148(get_timed_events_timeout)
  timed_events_timeout: 4/999954
[2010/01/28 13:29:52,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
  child daemon request 51
[2010/01/28 13:29:52, 10] winbindd/winbindd_dual.c:452(child_process_request)
  child_process_request: request fn DUAL_SID2UID
[2010/01/28 13:29:52,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)  [26144]:
  sid to uid S-1-5-21-2413826791-1553473826-2432194272-1265
[2010/01/28 13:29:52, 10] winbindd/idmap_util.c:157(idmap_sid_to_uid)
  idmap_sid_to_uid: sid = [S-1-5-21-2413826791-1553473826-2432194272-1265], domain = ''
[2010/01/28 13:29:52, 10] winbindd/idmap.c:765(idmap_backends_sid_to_unixid)
  idmap_backends_sid_to_unixid: domain = '', sid = [S-1-5-21-2413826791-1553473826-2432194272-1265]
[2010/01/28 13:29:52, 10] winbindd/idmap.c:465(idmap_find_domain)
  idmap_find_domain called for domain ''

I've tried to debug it by setting the breakpoint at winbindd_dual_sid2uid,
but couldn't make anything of the backtrace.

Suggestions?

--
Timo Aaltonen
Systems Specialist
IT Services, Aalto University School of Science and Technology
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: winbind confused about the DC's

Timo Aaltonen
In reply to this post by Timo Aaltonen
On Thu, 28 Jan 2010, Timo Aaltonen wrote:

> On Thu, 28 Jan 2010, Timo Aaltonen wrote:
>
>>
>> Hi
>>
>>  Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't.
>> The log.winbindd-idmap is filled with this:
>
> More verbose part of the log where it goes wrong:

Bollocks. I had to change the config, this works:

[global]
   workgroup = AALTO
   realm = ORG.AALTO.FI
   security = ADS
   kerberos method = system keytab
   idmap config AALTO : backend = ad
   idmap config AALTO : readonly = yes
   idmap config AALTO : schema_mode = rfc2307
   idmap config AALTO : range = 1000-4000000000
   idmap uid = 1000-4000000000
   idmap gid = 1000-4000000000
   winbind nss info = rfc2307
   winbind use default domain = yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind offline logon = true
   winbind cache time = 5
   winbind refresh tickets = true

A summary of the changes:

- idmap backend = ad -> idmap config AALTO : backend = ad
- add range & idmap uid/gid
(- added winbind offline/cache/refresh, but they are irrelevant here)

Without setting the range the uid would be mapped to the default value
(which I asked about last fall).


--
Timo Aaltonen
Systems Specialist
IT Services, Aalto University School of Science and Technology
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...