Sumit, Thank you so much for helping me in fixing the problem.
About the issue: NetBIOS was disabled in Windows AD, I think this is the default behavior for Windows 2008 R2 instances. After setting 'client max protocol' and 'client min protocol' winbind was able to resolve the AD users. net conf setparm global 'client min protocol' CORE net conf setparm global 'client max protocol' SMB2_02 You may close this case since now. On Tue, May 20, 2014 at 2:27 PM, Supratik Goswami <supratiksek...@gmail.com>wrote: > Yes, you are correct log level was set to 1. > > I have changed the log level value to 10 and collected the log files > again, PFA. > > [root@ipaserver samba]# net conf setparm global 'log level' 10 > [root@ipaserver samba]# net conf list > [global] > workgroup = IPADOMAIN > realm = IPADOMAIN.EXAMPLE.COM > kerberos method = dedicated keytab > dedicated keytab file = FILE:/etc/samba/samba.keytab > create krb5 conf = no > security = user > domain master = yes > domain logons = yes > max log size = 100000 > log file = /var/log/samba/log.%m > passdb backend = > ipasam:ldapi://%2fvar%2frun%2fslapd-IPADOMAIN-EXAMPLE-COM.socket > disable spoolss = yes > ldapsam:trusted = yes > ldap ssl = off > ldap suffix = dc=ipadomain,dc=example,dc=com > ldap user suffix = cn=users,cn=accounts > ldap group suffix = cn=groups,cn=accounts > ldap machine suffix = cn=computers,cn=accounts > rpc_server:epmapper = external > rpc_server:lsarpc = external > rpc_server:lsass = external > rpc_server:lsasd = external > rpc_server:samr = external > rpc_server:netlogon = external > rpc_server:tcpip = yes > rpc_daemon:epmd = fork > rpc_daemon:lsasd = fork > client min protocol = smb2_02 > client max protocol = smb2_02 > log level = 10 > > [share] > comment = Trust test share > read only = no > valid users = S-1-5-21-2212595442-2951398754-4232868618 > path = /share > > > > > > > On Tue, May 20, 2014 at 1:38 PM, Sumit Bose <sb...@redhat.com> wrote: > >> On Tue, May 20, 2014 at 01:17:42PM +0530, Supratik Goswami wrote: >> > PFA >> >> somewhat switched the log level back to 1 >> >> doing parameter log level = 1 >> >> >> can you check that 'net conf list' shows 'log level 10', if not please >> set it with >> >> net conf setparm 'log level' 10 >> >> bye, >> Sumit >> >> > >> > >> > >> > >> > On Tue, May 20, 2014 at 12:38 PM, Sumit Bose <sb...@redhat.com> wrote: >> > >> > > On Mon, May 19, 2014 at 05:40:49PM +0530, Supratik Goswami wrote: >> > > > Initially after configuring the setup I rebooted once and I was >> thinking >> > > > that it worked before the reboot but unfortunately it didn't work >> the >> > > first >> > > > time itself. >> > > > >> > > > Still failing after running the commands. >> > > > >> > > > [root@ipaserver ~]# net conf setparm global "client min protocol" >> > > smb2_02 >> > > > [root@ipaserver ~]# net conf setparm global "client max protocol" >> > > smb2_02 >> > > > [root@ipaserver ~]# service winbind restart >> > > > >> > > > Shutting down Winbind services: [ OK ] >> > > > Starting Winbind services: [ OK ] >> > > > >> > > > [root@ipaserver ~]# wbinfo -n 'ADDOMAIN\Domain Admins' >> > > > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND >> > > > Could not lookup name ADDOMAIN\Domain Admins >> > > > >> > > > [root@ipaserver ~]# wbinfo -u >> > > > [root@ipaserver ~]# >> > > > >> > > > The issue is reproducible every time if anyone follows the steps as >> I >> > > have >> > > > done. >> > > > >> > > >> > > It would be nice if you can send a second round of log files. Please >> > > stop winbind, remove all *winbind* and *wb* log files in >> /var/log/samba, >> > > make sure 'log level' is 10 or higher, >> > > start winbind, call 'wbinfo -n 'ADDOMAIN\Domain Admins', stop winbind, >> > > put all *winbind* and *wb* log files in a tar/zip archive and send the >> > > archive. If you think the archive is too large for a mailing-list fell >> > > free to send them to me directly. >> > > >> > > bye, >> > > Sumit >> > > > >> > > > On Mon, May 19, 2014 at 4:45 PM, Sumit Bose <sb...@redhat.com> >> wrote: >> > > > >> > > > > On Mon, May 19, 2014 at 04:29:24PM +0530, Supratik Goswami wrote: >> > > > > > Hi >> > > > > > >> > > > > > Let me start from the beginning once again. Let me explain you >> what >> > > > > steps I >> > > > > > followed during the setup. >> > > > > > >> > > > > > I am setting up the environment in Amazon AWS, both Windows AD >> > > server and >> > > > > > Linux IPA configured in EC2. >> > > > > > For configuring Windows 2008 I selected >> > > > > > Windows_Server-2008-R2_SP1-English-64Bit-Base-2014.04.09 >> > > (ami-df8e93b6) >> > > > > > and for configuring IPA server I selected CentOS 6.5 (x86_64) - >> > > Release >> > > > > > Media (ami-8997afe0). >> > > > > > >> > > > > > I followed the steps from >> > > > > > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup and also >> > > kept the >> > > > > > domain names >> > > > > > similar as in the example. >> > > > > > >> > > > > > IPA server hostname: ipaserver >> > > > > > IPA domain: ipadomain.example.com >> > > > > > IPA NetBIOS: IPADOMAIN >> > > > > > >> > > > > > AD DC hostname: adserver >> > > > > > AD domain: addomain.example.com >> > > > > > AD NetBIOS: ADDOMAIN >> > > > > > >> > > > > > >> > > > > > 1. Updated the system and install the packages. >> > > > > > >> > > > > > # yum update -y >> > > > > > # yum install -y "*ipa-server" "*ipa-server-trust-ad" >> > > > > > samba4-winbind-clients samba4-winbind samba4-client bind >> > > bind-dyndb-ldap >> > > > > > >> > > > > > List of important packages installed during the update are as >> > > follows. >> > > > > > >> > > > > > bind x86_64 32:9.8.2-0.23.rc1.el6_5.1 >> > > > > > bind-dyndb-ldap x86_64 2.3-5.el6 >> > > > > > >> > > > > > ipa-server x86_64 3.0.0-37.el6 >> > > > > > ipa-server-trust-ad x86_64 3.0.0-37.el6 >> > > > > > ipa-admintools x86_64 3.0.0-37.el6 >> > > > > > ipa-client x86_64 3.0.0-37.el6 >> > > > > > ipa-pki-ca-theme noarch 9.0.3-7.el6 >> > > > > > ipa-pki-common-theme noarch 9.0.3-7.el6 >> > > > > > ipa-python x86_64 3.0.0-37.el6 >> > > > > > ipa-server-selinux x86_64 3.0.0-37.el6 >> > > > > > >> > > > > > samba4-client x86_64 4.0.0-61.el6_5.rc4 >> > > > > > samba4-winbind x86_64 4.0.0-61.el6_5.rc4 >> > > > > > samba4-winbind-clients x86_64 4.0.0-61.el6_5.rc4 >> > > > > > samba4 x86_64 4.0.0-61.el6_5.rc4 >> > > > > > samba4-common x86_64 4.0.0-61.el6_5.rc4 >> > > > > > samba4-libs x86_64 4.0.0-61.el6_5.rc4 >> > > > > > samba4-python x86_64 4.0.0-61.el6_5.rc4 >> > > > > >> > > > > ah, sorry, I this might be a known issue, but I got on a wrong >> track >> > > > > because I thought it was working initially and only failed after >> > > reboot. >> > > > > >> > > > > Please try to set "client min protocol" and "client max protocol" >> in >> > > the >> > > > > samba configuration: >> > > > > >> > > > > net conf setparm global "client min protocol" smb2_02 >> > > > > net conf setparm global "client max protocol" smb2_02 >> > > > > >> > > > > restart winbind and try again. >> > > > > >> > > > > HTH >> > > > > >> > > > > bye, >> > > > > Sumit >> > > > > >> > > > > > >> > > > > > 389-ds-base x86_64 1.2.11.15-32.el6_5 >> > > > > > 389-ds-base-libs x86_64 1.2.11.15-32.el6_5 >> > > > > > >> > > > > > certmonger x86_64 0.61-3.el6 >> > > > > > >> > > > > > krb5-server x86_64 1.10.3-15.el6_5.1 >> > > > > > krb5-workstation x86_64 1.10.3-15.el6_5.1 >> > > > > > >> > > > > > sssd x86_64 1.9.2-129.el6_5.4 >> > > > > > sssd-client x86_64 1.9.2-129.el6_5.4 >> > > > > > >> > > > > > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> > > > -- >> > > > Warm Regards >> > > > >> > > > Supratik >> > > >> > >> > >> > >> > -- >> > Warm Regards >> > >> > Supratik >> >> >> > > > -- > Warm Regards > > Supratik > -- Warm Regards Supratik
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
