I would like to clarify myself, i wasn't accurate when i compared it to : https://bugzilla.redhat.com/show_bug.cgi?id=878564.
I have tried to reproduce the bug by restarting the AD. *I was able to preform winbindd commands:* [root@ipaserver1 ~]# wbinfo -u ADEXAMPLE\administrator ADEXAMPLE\guest ADEXAMPLE\genadi ADEXAMPLE\krbtgt ADEXAMPLE\linux$ ADEXAMPLE\daniel [root@ipaserver1 ~]# wbinfo -g admins editors default smb group ad_users ADEXAMPLE\domain computers ADEXAMPLE\domain controllers ADEXAMPLE\schema admins ADEXAMPLE\enterprise admins ADEXAMPLE\domain admins ADEXAMPLE\domain users ADEXAMPLE\domain guests ADEXAMPLE\group policy creator owners ADEXAMPLE\read-only domain controllers ADEXAMPLE\enterprise read-only domain controllers ADEXAMPLE\dnsupdateproxy [root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\administrator" S-1-5-21-2887728911-2909484380-3974070232-500 SID_USER (1) [root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\guest" S-1-5-21-2887728911-2909484380-3974070232-501 SID_USER (1) [root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\genadi" S-1-5-21-2887728911-2909484380-3974070232-1000 SID_USER (1) [root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\krbtgt" S-1-5-21-2887728911-2909484380-3974070232-502 SID_USER (1) [root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\linux$" S-1-5-21-2887728911-2909484380-3974070232-1104 SID_USER (1) [root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\daniel" S-1-5-21-2887728911-2909484380-3974070232-1105 SID_USER (1) *But kinit with AD users failed:* [root@ipaserver1 ~]# kinit gen...@adexample.com kinit: Cannot resolve servers for KDC in realm "ADEXAMPLE.COM" while getting initial credentials *But after few minutes i was able to to kinit with AD users agian:* [root@ipaserver1 ~]# kinit gen...@adexample.com Password for gen...@adexample.com: I think i was too fast on making conclusions. Not sure if opening a bug is needed. 2014-02-21 17:38 GMT+02:00 Simo Sorce <s...@redhat.com>: > On Fri, 2014-02-21 at 00:27 +0200, Genadi Postrilko wrote: > > Update: > > For some reason the AD server has rebooted himself. > > After the reboot i couldn't preform kinit with AD users. > > I found a bugzilla that describes the symptoms that i experienced : > > https://bugzilla.redhat.com/show_bug.cgi?id=878564 > > Not sure if it is the same bug - the bugzilla reports bug in > > samba4-4.0.0-48.el6.rc4.x86_64 > > while my version is samba4-4.0.0-58.el6.rc4.x86_64 (after downgrade). > > > > I have rebooted the IPA server to see if it changes anything. > > After the reboot i was able to kinit with AD users, but not only that - > now > > i am able to > > login with AD users to client machines. > > > > Any idea on what just happened? > > Sounds like a bug in windbindd which we currently use to talk to the > Windows DCs for this functionality. > Apparently winbindd failed to detect the DC came back online. > A restart of the ipa server caused winbindd to restart and retry to get > online. > > Can you please open a bug to track this issue ? > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
