I would like to clarify myself, i wasn't accurate when i compared it to :

I have tried to reproduce the bug by restarting the AD.

*I was able to preform winbindd commands:*

[root@ipaserver1 ~]# wbinfo -u
[root@ipaserver1 ~]# wbinfo -g
default smb group
ADEXAMPLE\domain computers
ADEXAMPLE\domain controllers
ADEXAMPLE\schema admins
ADEXAMPLE\enterprise admins
ADEXAMPLE\domain admins
ADEXAMPLE\domain users
ADEXAMPLE\domain guests
ADEXAMPLE\group policy creator owners
ADEXAMPLE\read-only domain controllers
ADEXAMPLE\enterprise read-only domain controllers
[root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\administrator"
S-1-5-21-2887728911-2909484380-3974070232-500 SID_USER (1)
[root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\guest"
S-1-5-21-2887728911-2909484380-3974070232-501 SID_USER (1)
[root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\genadi"
S-1-5-21-2887728911-2909484380-3974070232-1000 SID_USER (1)
[root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\krbtgt"
S-1-5-21-2887728911-2909484380-3974070232-502 SID_USER (1)
[root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\linux$"
S-1-5-21-2887728911-2909484380-3974070232-1104 SID_USER (1)
[root@ipaserver1 ~]# wbinfo -n "ADEXAMPLE\daniel"
S-1-5-21-2887728911-2909484380-3974070232-1105 SID_USER (1)

*But kinit with AD users failed:*

[root@ipaserver1 ~]# kinit gen...@adexample.com
kinit: Cannot resolve servers for KDC in realm "ADEXAMPLE.COM" while
getting initial credentials

*But after few minutes i was able to to kinit with AD users agian:*

[root@ipaserver1 ~]# kinit gen...@adexample.com
Password for gen...@adexample.com:

I think i was too fast on making conclusions.
Not sure if opening a bug is needed.

2014-02-21 17:38 GMT+02:00 Simo Sorce <s...@redhat.com>:

> On Fri, 2014-02-21 at 00:27 +0200, Genadi Postrilko wrote:
> > Update:
> > For some reason the AD server has rebooted himself.
> > After the reboot i couldn't preform kinit with AD users.
> > I found a bugzilla that describes the symptoms that i experienced :
> > https://bugzilla.redhat.com/show_bug.cgi?id=878564
> > Not sure if it is the same bug - the bugzilla reports bug in
> > samba4-4.0.0-48.el6.rc4.x86_64
> > while my version is samba4-4.0.0-58.el6.rc4.x86_64 (after downgrade).
> >
> > I have rebooted the IPA server to see if it changes anything.
> > After the reboot i was able to kinit with AD users, but not only that -
> now
> > i am able to
> > login with AD users to client machines.
> >
> > Any idea on what just happened?
> Sounds like a bug in windbindd which we currently use to talk to the
> Windows DCs for this functionality.
> Apparently winbindd failed to detect the DC came back online.
> A restart of the ipa server caused winbindd to restart and retry to get
> online.
> Can you please open a bug to track this issue ?
> Simo.
> --
> Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list

Reply via email to