sorry for the late reply i was a bit busy and re-upgrading the server is a slight problem as it is an activly used producticion server were people need On Thu, Mar 30, 2017 at 10:34:28PM +0200, Mathieu Parent wrote: > )Control: tag -1 + moreinfo > > 2017-03-24 15:20 GMT+01:00 Mathieu Parent <math.par...@gmail.com>: > > 2017-03-24 11:19 GMT+01:00 Albert Dengg <alb...@fsfe.org>: > >> Package: winbind > >> Version: 2:4.2.14+dfsg-0+deb8u2 > >> Severity: important > >> > >> after upgrading windbind and samba to 4.2.14+dfsg-0+deb8u4, authentication > >> of domains users using winbind > >> does not work anymore: > >> winbindd[8142]: [2017/03/24 10:20:10.040610, 0] > >> ../source3/winbindd/winbindd_group.c:45(fill_grent) > >> winbindd[8142]: Failed to find domain ''. Check connection to trusted > >> domains! > >> > >> (getent did list at least users from winbind) > >> > >> the domain ins specified in smbd.conf and it works as expected in > >> 4.2.14+dfsg-0+deb8u2 > > > > Please send us your smb.conf. see attachment (i changed the domain name to something neutral, but > > > > What does "net ads testjoin" tells? Join is OK (and both 'getent passwd' as well as 'getent group' produces the desired output) > > Appart from the above. This looks very strange. Nothing was changed on > the winbind side between those versions. > > Are you able to use gdb and post the backtrae in this function > (fill_grent) and find why dom_name is empty? i tried to install samba-dbg and start winbindd using gdb.
however a breakpoint on fill_grent did not trigger for some reason (i played around with follow-mode and tried both starting without passing arguments as well as passing -i) > > Is your smb.conf a symlink? no side note: i downgraded initially to work around the problem and upgraded today to do the test (with the same result), but a downgrade of the following packages solved it again: libnss-winbind libpam-winbind libsmbclient libwbclient0 python-samba samba samba-common samba-common-bin samba-dbg samba-dsdb-modules samba-libs samba-vfs-modules winbind regards, albert
# # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Some options that are often worth tuning have been included as # commented-out examples in this file. # - When such options are commented with ";", the proposed setting # differs from the default Samba behaviour # - When commented with "#", the proposed setting is the default # behaviour of Samba but the option is considered important # enough to be mentioned here # # NOTE: Whenever you modify this file you should run the command # "testparm" to check that you have not made any basic syntactic # errors. #======================= Global Settings ======================= [global] workgroup = SOMEDOMAIN server string = Samba Server Version %v security = ads realm = SOMEDOMAIN.LOCAL domain master = no local master = no preferred master = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 use sendfile = true idmap config * : backend = tdb idmap config * : range = 100000-299999 idmap config SOMEDOMAIN : backend = rid idmap config SOMEDOMAIN : range = 10000-99999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind refresh tickets = yes template homedir = /home/%D/%U template shell = /bin/false client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes restrict anonymous = 2 log file = /var/log/samba/log.%m max log size = 50 loglevel = 0 ea support = yes acl check permissions = yes inherit acls =yes csc policy = disable store dos attributes = yes dos filemode = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #============================ Share Definitions ============================== [Individuell] comment = "Verzeichnis fuer Datenaustausch" path = /pools/share/Individuell read only = no browseable = yes guest ok = no delete readonly = yes vfs objects = acl_xattr shadow_copy2 map acl inherit = Yes shadow: snapdir = .zfs/snapshot shadow: sort = desc shadow: format = %Y-%m-%d-%H%M nfs4:mode = special nfs4:acedup = merge nfs4:chown = yes [INSTALL] comment = "Div. Installer" path = /pools/share/INSTALL read only = no browseable = yes guest ok = no delete readonly = yes vfs objects = acl_xattr shadow_copy2 map acl inherit = Yes shadow: snapdir = .zfs/snapshot shadow: sort = desc shadow: format = %Y-%m-%d-%H%M nfs4:mode = special nfs4:acedup = merge nfs4:chown = yes [backup] comment = "backup" path = /pools/share/backup read only = no browseable = yes guest ok = no delete readonly = yes vfs objects = acl_xattr shadow_copy2 streams_xattr streams_depot:directory = /pools/share/backup/.ads streams_depot:delete_lost = yes map acl inherit = Yes shadow: snapdir = .zfs/snapshot shadow: sort = desc shadow: format = %Y-%m-%d-%H%M nfs4:mode = special nfs4:acedup = merge nfs4:chown = yes
signature.asc
Description: PGP signature