Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit : > Hi > > On 12 August 2011 10:23, David Touzeau <[email protected]> wrote: > > Dear all > > > > I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. > > My Samba is connected to an Active Directory 2008 R2 > > > > > > the "getent passwd" did not display any ActiveDirectoy Domains users. > > the "net ads group" display correctly the ActiveDirectory groups : > > > > net ads group > > Administrateurs > > Utilisateurs > > Invités > > Opérateurs d’impression > > Opérateurs de sauvegarde > > Duplicateurs > > Utilisateurs du Bureau à distance > > Opérateurs de configuration réseau > > Utilisateurs de l’Analyseur de performances > > Utilisateurs du journal de performances > > Utilisateurs du modèle COM distribué > > IIS_IUSRS > > Opérateurs de chiffrement > > Lecteurs des journaux d’événements > > Accès DCOM service de certificats > > Ordinateurs du domaine > > > > > > > > I think there is a misconfiguration in my setup but did not find any > > solution: > > Where i'm wrong ? > > > > > > [global] > > workgroup = TOUZEAU > > netbios name = bdc2 > > server string = %h server > > disable netbios =no > > max protocol = SMB2 > > name resolve order =host lmhosts wins bcast > > dns proxy = No > > wins support = No > > min protocol = NT1 > > syslog = 3 > > log level = 10 > > log file = /var/log/samba/log.%m > > debug timestamp = yes > > > > # Enable symbolics links ----------------------------------- > > follow symlinks = yes > > wide links = yes > > unix extensions = no > > > > usershare allow guests = no > > usershare max shares = 100 > > usershare owner only = true > > usershare path=/var/lib/samba/usershares/data > > > > #Guest access > > guest account = nobody > > map to guest = Bad Password > > template homedir = /home/%U > > template shell = /bin/false > > enable privileges = yes > > os level = 40 > > ldap passwd sync = no > > > > #WINBINDD ******************************************************* > > security = ADS > > realm = TOUZEAU.HOME > > > > idmap config TOUZEAU:backend = ad > > idmap config TOUZEAU:readonly = yes > > idmap config TOUZEAU:schema_mode = rfc2307 > > idmap config * : range = 16777216-33554431 > > The way idmap works was changed with 3.6.0. I don't know if the above > is wrong, but perhaps it is something to consider. > > e.g. I don't know if "readonly" is supported. I've seen mention of > "read only", but not in the idmap_ad code. But maybe I missed it. > > Also, the idmap_ad documentation implies that you need something like this: > > idmap config * : backend = tdb > idmap config * : range = 1000000-1999999 > > idmap config TOUZEAU : backend = ad > idmap config TOUZEAU : range = 1000-999999 > idmap config TOUZEAU : schema_mode = rfc2307 > > I am not sure if the above is relevant to you :) but I hope it helps. >
Many thanks Michael i have changed values but it has no effect and the issue still alive... For anybody here it is some relevant winbindd debug informations Adding 0 DC's from auto lookup [2011/08/12 10:39:31.945022, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: "Default-First-Site-Name" [2011/08/12 10:39:31.945047, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945076, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.945124, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.945151, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.945172, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.945193, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.945216, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 192.168.1.150 [2011/08/12 10:39:31.945304, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME KDC list = kdc = 192.168.1.150 [2011/08/12 10:39:31.945347, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME' IP=192.168.1.150 [2011/08/12 10:39:31.945376, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for touzeau.home: "Default-First-Site-Name" [2011/08/12 10:39:31.945398, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name touzeau.home (sitename Default-First-Site-Name) using [ads] [2011/08/12 10:39:31.945432, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home" domain [2011/08/12 10:39:31.945458, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *" [2011/08/12 10:39:31.945481, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up touzeau.home#1c (sitename Default-First-Site-Name) [2011/08/12 10:39:31.945507, 5] libsmb/namecache.c:160(namecache_fetch) no entry for touzeau.home#1C found. [2011/08/12 10:39:31.945531, 5] libsmb/namequery.c:1869(resolve_ads) resolve_ads: Attempting to resolve DCs for touzeau.home using DNS [2011/08/12 10:39:31.945890, 3] libads/dns.c:345(dns_send_req) ads_dns_lookup_srv: Failed to resolve _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.touzeau.home (Succès) [2011/08/12 10:39:31.945925, 3] libads/dns.c:415(ads_dns_lookup_srv) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) [2011/08/12 10:39:31.946132, 3] libads/dns.c:345(dns_send_req) ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.touzeau.home (Succès) [2011/08/12 10:39:31.946166, 3] libads/dns.c:415(ads_dns_lookup_srv) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) [2011/08/12 10:39:31.946189, 8] libsmb/namequery.c:2482(get_dc_list) Adding 0 DC's from auto lookup [2011/08/12 10:39:31.946220, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: "Default-First-Site-Name" [2011/08/12 10:39:31.946245, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.946274, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.946323, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.946351, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.946373, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.946394, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.946423, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain TOUZEAU server 192.168.1.150 [2011/08/12 10:39:31.946447, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name touzeau.home (sitename NULL) using [ads] [2011/08/12 10:39:31.946480, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home" domain [2011/08/12 10:39:31.946506, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *" [2011/08/12 10:39:31.946528, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up touzeau.home#1c (sitename (null)) [2011/08/12 10:39:31.946555, 5] libsmb/namecache.c:160(namecache_fetch) no entry for touzeau.home#1C found. [2011/08/12 10:39:31.946579, 5] libsmb/namequery.c:1869(resolve_ads) resolve_ads: Attempting to resolve DCs for touzeau.home using DNS [2011/08/12 10:39:31.946781, 3] libads/dns.c:345(dns_send_req) ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.touzeau.home (Succès) [2011/08/12 10:39:31.946815, 3] libads/dns.c:415(ads_dns_lookup_srv) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) [2011/08/12 10:39:31.946916, 8] libsmb/namequery.c:2482(get_dc_list) Adding 0 DC's from auto lookup [2011/08/12 10:39:31.946948, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for TOUZEAU.HOME: "Default-First-Site-Name" [2011/08/12 10:39:31.946973, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20 (sitename Default-First-Site-Name) [2011/08/12 10:39:31.947002, 5] libsmb/namecache.c:165(namecache_fetch) name WIN-RSF60G6AS1L.touzeau.home#20 found. [2011/08/12 10:39:31.947051, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain touzeau.home server 192.168.1.150 [2011/08/12 10:39:31.947078, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2011/08/12 10:39:31.947100, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2011/08/12 10:39:31.947128, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 192.168.1.150:389 [2011/08/12 10:39:31.947159, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain TOUZEAU server 192.168.1.150 [2011/08/12 10:39:31.947201, 10] lib/messages_local.c:255(messaging_tdb_store) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
