sorry for the late reply i was a bit busy and re-upgrading the server is a slight problem as it is an activly used producticion server were people need On Thu, Mar 30, 2017 at 10:34:28PM +0200, Mathieu Parent wrote: > )Control: tag -1 + moreinfo > > 2017-03-24 15:20 GMT+01:00 Mathieu Parent <math.par...@gmail.com>: > > 2017-03-24 11:19 GMT+01:00 Albert Dengg <alb...@fsfe.org>: > >> Package: winbind > >> Version: 2:4.2.14+dfsg-0+deb8u2 > >> Severity: important > >> > >> after upgrading windbind and samba to 4.2.14+dfsg-0+deb8u4, authentication > >> of domains users using winbind > >> does not work anymore: > >> winbindd[8142]: [2017/03/24 10:20:10.040610, 0] > >> ../source3/winbindd/winbindd_group.c:45(fill_grent) > >> winbindd[8142]: Failed to find domain ''. Check connection to trusted > >> domains! > >> > >> (getent did list at least users from winbind) > >> > >> the domain ins specified in smbd.conf and it works as expected in > >> 4.2.14+dfsg-0+deb8u2 > > > > Please send us your smb.conf. see attachment (i changed the domain name to something neutral, but > > > > What does "net ads testjoin" tells? Join is OK (and both 'getent passwd' as well as 'getent group' produces the desired output) > > Appart from the above. This looks very strange. Nothing was changed on > the winbind side between those versions. > > Are you able to use gdb and post the backtrae in this function > (fill_grent) and find why dom_name is empty? i tried to install samba-dbg and start winbindd using gdb.
however a breakpoint on fill_grent did not trigger for some reason (i played around with follow-mode and tried both starting without passing arguments as well as passing -i) > > Is your smb.conf a symlink? no side note: i downgraded initially to work around the problem and upgraded today to do the test (with the same result), but a downgrade of the following packages solved it again: libnss-winbind libpam-winbind libsmbclient libwbclient0 python-samba samba samba-common samba-common-bin samba-dbg samba-dsdb-modules samba-libs samba-vfs-modules winbind regards, albert
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
# - When such options are commented with ";", the proposed setting
# differs from the default Samba behaviour
# - When commented with "#", the proposed setting is the default
# behaviour of Samba but the option is considered important
# enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.
#======================= Global Settings =======================
[global]
workgroup = SOMEDOMAIN
server string = Samba Server Version %v
security = ads
realm = SOMEDOMAIN.LOCAL
domain master = no
local master = no
preferred master = no
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
SO_SNDBUF=131072
use sendfile = true
idmap config * : backend = tdb
idmap config * : range = 100000-299999
idmap config SOMEDOMAIN : backend = rid
idmap config SOMEDOMAIN : range = 10000-99999
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/false
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
loglevel = 0
ea support = yes
acl check permissions = yes
inherit acls =yes
csc policy = disable
store dos attributes = yes
dos filemode = no
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
#============================ Share Definitions ==============================
[Individuell]
comment = "Verzeichnis fuer Datenaustausch"
path = /pools/share/Individuell
read only = no
browseable = yes
guest ok = no
delete readonly = yes
vfs objects = acl_xattr shadow_copy2
map acl inherit = Yes
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = %Y-%m-%d-%H%M
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
[INSTALL]
comment = "Div. Installer"
path = /pools/share/INSTALL
read only = no
browseable = yes
guest ok = no
delete readonly = yes
vfs objects = acl_xattr shadow_copy2
map acl inherit = Yes
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = %Y-%m-%d-%H%M
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
[backup]
comment = "backup"
path = /pools/share/backup
read only = no
browseable = yes
guest ok = no
delete readonly = yes
vfs objects = acl_xattr shadow_copy2 streams_xattr
streams_depot:directory = /pools/share/backup/.ads
streams_depot:delete_lost = yes
map acl inherit = Yes
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = %Y-%m-%d-%H%M
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
signature.asc
Description: PGP signature
