Unable to get winbind's "wbinfo -u" to return anything


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Unable to get winbind's "wbinfo -u" to return anything
# 1  
Old 03-14-2012
Unable to get winbind's "wbinfo -u" to return anything

I'm fairly new to winbind but the issue doesn't seem trivial so it may require more knowledge.

Basically, I was able to get a new install of winbind (samba3x) to join the domain without issue and the domain I'm worried about authenticating against is showing as "online" but it's not authenticating against AD:

Code:
# wbinfo --online-status
BUILTIN: online
PROFESSORCHAOS: online
EMPLOYEE: online

Code:
# wbinfo -u
# echo $?
0

Relevant portion of smb.conf:

Code:
workgroup = EMPLOYEE
realm = EMPLOYEE.NCAT.EDU
winbind enum users = yes
winbind enum groups = yes
security = ADS
encrypt passwords = yes
log level = 10
log file = /var/log/samba/%m
winbind separator = %
idmap uid = 98000-99000
idmap gid = 98000-99000
password server = ebryant.employee.ncat.edu

with the exception of some messages about descriptor limits and "idmap gid" being deprecated, testparm returns successful. /var/log/samba/log.wb-EMPLOYEE mentions that a CLDAP query is timing out which causes the operation to fail (but farther up in the same log file it shows successful LDAP connections to that box). It may be interesting to know that when trying to execute "net ads info jadavis6" it attempts to authenticate as "root@EMPLOYEE.NCAT.EDU" and errors with "client not found in database while getting initial credentials."

I'm able to netcat the server (by fqdn) on that port and it makes a successfully connects at the tcp level. I'm also able to get regular kerberos credentials by configuring /etc/krb5.conf for the domain. Commands "wbinfo -p" and "wbinfo -P" both return successfully most of the time but "wbinfo -P" failed a net logon after I rebooted the box (wbinfo -p hasn't failed me yet).

Any help would be appreciated.

- Joel

---------- Post updated 03-14-12 at 02:25 PM ---------- Previous update was 03-13-12 at 08:07 PM ----------

I re-joined the domain and it kept giving me the same issues, but while I was running strace on the "wbinfo -u" and "wbinfo -P" commands (to see what the lower level differences were) it started inexplicably working. I'd like input on what might have been happening if anybody has any but I now have getent entries from active directory showing up.

---------- Post updated at 03:01 PM ---------- Previous update was at 02:25 PM ----------

Ok problem re-presented after restarting the winbind service, it looks like "wbinfo -u" is timing out when trying to read from a named pipe:

Code:
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
connect(3, {sa_family=AF_FILE, path="/var/run/winbindd/pipe"}, 110) = 0
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 0) = 0 (Timeout)
write(3, "0\10\0\0\0\0\0\0\0\0\0\0S\v\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
close(3)                                = 0
stat64("/usr/lib/samba/en_US.UTF-8.msg", 0xbf898740) = -1 ENOENT (No such file or directory)
write(2, "Error looking up domain users\n", 30) = 30
close(-1)                               = -1 EBADF (Bad file descriptor)
close(-1)                               = -1 EBADF (Bad file descriptor)
exit_group(1)                           = ?

But I can see in the strace of a "wbinfo -P" that it's able to use the same pipe without issue, so I'm willing to bet the pipe and how wbinfo is using it is fine, but there's something wrong on the winbindd end of things (i.e: my smb.conf configuration or DC availability). I've been able to netcat all the DC's that have SRV records underneath _kerberos._tcp.employee.ncat.edu and all appear to be listening on port 389.

I'm basically confused about how it seems to work but only some of the time. Either I've misconfigured something that's only occasionally correct or there's something going on the DC end. Is there a reliable way to determine at least where the issue is?

Last edited by thmnetwork; 03-13-2012 at 05:22 PM..
# 2  
Old 03-14-2012
Attaching a full copy of my smb.conf
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ... (3 Replies)
Discussion started by: penchev
3 Replies

2. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

3. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies

4. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

5. Shell Programming and Scripting

Perl - How to print a "carriage return" to an output file?

Let's say I want to write a program that run these 4 UNIX commands and redirect output to a file. #!/usr/local/bin/perl use strict; `cd \$HOME > output.txt`; `cut -f1 inputfile.txt >> output.txt`; `hostname >> output.txt`; `ifconfig >> output.txt`; I want to print a "carriage return"... (5 Replies)
Discussion started by: teiji
5 Replies

6. SuSE

VMDB Failure" followed by "Unable to open snapshot file"

keep getting an error when I try to revert to a snapshot: "VMDB Failure" followed by "Unable to open snapshot file" Im using vmware server 1.0.4, host OS is windows xp and guest OS is SLES. Is there anything I can do to recover the snapshot or am I in trouble!?!?! (0 Replies)
Discussion started by: s_linux
0 Replies

7. Shell Programming and Scripting

ksh script as a login shell return "no controlling terminal"

I have created a ksh shell script and used it as a login shell for a user. </etc/passwd> lramirev:x:111:200:Luis:/export/home/menush:/usr/local/menush/menush My shell script is like this: </usr/local/menush/menush> #!/bin/ksh # if ] then . $HOME/.profile fi ... (8 Replies)
Discussion started by: lramirev
8 Replies

8. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies
Login or Register to Ask a Question