Web lists-archives.com

[Samba] Winbind error "Could not fetch our SID - did we join?"




We did, in fact, join mere seconds ago, but for some reason, winbind
still can't find itself. ADUC etc meanwhile have no trouble finding the
newly added computer account.

Wiping /var/{lib,cache}/samba/ (and the computer account) makes no
difference, the error persists.

How do I proceed?

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas@xxxxxx | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[global]"
Processing section "[homes]"
Processing section "[1_TAO_VISION_und_VERWALTUNG]"
Processing section "[2_TAO_GESCHAEFTSFELDINFOS]"
Processing section "[3_TAO_DENK_und_WERKZEUGE_TOOLS]"
Processing section "[4_TAO_PROJEKTE]"
Processing section "[5_TAO_ARCHIV]"
Processing section "[Bilder]"
Processing section "[buchhaltung]"
Processing section "[DBS]"
Processing section "[DSC_Scanner]"
Processing section "[public-villach]"
Processing section "[Videos]"
Processing section "[printers]"
Processing section "[print$]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain ad.tao.at
finddcs: looking for SRV records for _ldap._tcp.ad.tao.at
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.ad.tao.at<0x0>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
ads_dns_lookup_srv: 4 records returned in the answer section.
finddcs: DNS SRV response 0 at '192.168.17.65'
finddcs: DNS SRV response 1 at '192.168.16.213'
finddcs: DNS SRV response 2 at '192.168.17.66'
finddcs: DNS SRV response 3 at '192.168.16.211'
finddcs: performing CLDAP query on 192.168.17.65
finddcs: Found matching DC 192.168.17.65 with server_type=0x000003fd
Mapped to DCERPC endpoint \pipe\lsarpc
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Socket options:
	SO_KEEPALIVE = 0
	SO_REUSEADDR = 0
	SO_BROADCAST = 0
	TCP_NODELAY = 1
	TCP_KEEPCNT = 9
	TCP_KEEPIDLE = 7200
	TCP_KEEPINTVL = 75
	IPTOS_LOWDELAY = 0
	IPTOS_THROUGHPUT = 0
	SO_REUSEPORT = 0
	SO_SNDBUF = 46080
	SO_RCVBUF = 372480
	SO_SNDLOWAT = 1
	SO_RCVLOWAT = 1
	SO_SNDTIMEO = 0
	SO_RCVTIMEO = 0
	TCP_QUICKACK = 1
	TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [AD\sven.schwedas]:
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1400
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will have no cryptographic protection
Mapped to DCERPC endpoint 135
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1400
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name graz-dc-sem.ad.tao.at<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 257
Received smb_krb5 packet of length 1392
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
ldb_wrap open of ldap://graz-dc-sem.ad.tao.at
ldb_wrap open of secrets.ldb
Joined domain AD (S-1-5-21-3879549028-3895635520-2867903743)

[2017/11/13 10:56:40.771086,  3] ../source3/param/loadparm.c:3739(lp_load_ex)
  lp_load_ex: refreshing parameters
[2017/11/13 10:56:40.771168,  5] ../source3/param/loadparm.c:1312(free_param_opts)
  Freeing parametrics:
[2017/11/13 10:56:40.771236,  3] ../source3/param/loadparm.c:542(init_globals)
  Initialising global parameters
[2017/11/13 10:56:40.771276,  2] ../source3/param/loadparm.c:314(max_open_files)
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2017/11/13 10:56:40.771369,  3] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
  doing parameter log level = 5
[2017/11/13 10:56:40.771422,  5] ../lib/util/debug.c:642(debug_dump_status)
  INFO: Current debug levels:
    all: 5
    tdb: 5
    printdrivers: 5
    lanman: 5
    smb: 5
    rpc_parse: 5
    rpc_srv: 5
    rpc_cli: 5
    passdb: 5
    sam: 5
    auth: 5
    winbind: 5
    vfs: 5
    idmap: 5
    quota: 5
    acls: 5
    locking: 5
    msdfs: 5
    dmapi: 5
    registry: 5
    scavenger: 5
    dns: 5
    ldb: 5
    tevent: 5
  doing parameter workgroup = AD
  doing parameter realm = AD.TAO.AT
  doing parameter security = ADS
  doing parameter idmap config * : backend = tdb
  doing parameter idmap config * : range = 60000-61000
  doing parameter idmap config AD : backend = ad
  doing parameter idmap config AD : range = 4500-50000
  doing parameter idmap config AD : schema_mode = rfc2307
  doing parameter winbind nss info = rfc2307
  doing parameter winbind enum users = yes
  doing parameter winbind enum groups = yes
  doing parameter winbind use default domain = yes
  doing parameter winbind offline logon = yes
  doing parameter winbind max domain connections = 32
  doing parameter winbind expand groups = 4
  doing parameter winbind refresh tickets = yes
  doing parameter state directory = /var/cache/samba/
  doing parameter cache directory = /var/cache/samba/
  doing parameter lock directory = /var/cache/samba/
  doing parameter template homedir = /home/%U
  doing parameter template shell = /bin/bash
  doing parameter winbind reconnect delay = 5
  doing parameter winbind cache time = 30
  doing parameter load printers = no
  doing parameter unix extensions = no
  doing parameter include = /etc/samba/site.conf
[2017/11/13 10:56:40.772409,  3] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
  doing parameter netbios name = VILLACH-FILE
  doing parameter server string = Netzlaufwerke Villach
  doing parameter max stat cache size = 4096
  doing parameter client max protocol = SMB2
  doing parameter deadtime = 2
  doing parameter unix extensions = no
  doing parameter local master = no
  doing parameter read only = No
  doing parameter acl group control = Yes
  doing parameter create mask = 0770
  doing parameter force create mode = 0660
  doing parameter directory mask = 0770
  doing parameter force directory mode = 02770
  doing parameter inherit permissions = Yes
  doing parameter inherit acls = Yes
  doing parameter inherit owner = Yes
  doing parameter aio read size = 16384
  doing parameter aio write size = 16384
  doing parameter map acl inherit = Yes
  doing parameter block size = 4096
  doing parameter use sendfile = Yes
  doing parameter map archive = No
  doing parameter map readonly = no
  doing parameter store dos attributes = Yes
  doing parameter ldap timeout = 5
  doing parameter winbind reconnect delay = 2
  doing parameter winbind refresh tickets = yes
  doing parameter winbind request timeout = 5
  doing parameter load printers = yes
[2017/11/13 10:56:40.773111,  4] ../source3/param/loadparm.c:3780(lp_load_ex)
  pm_process() returned Yes
[2017/11/13 10:56:40.773303,  2] ../source3/lib/interface.c:345(add_interface)
  added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 10:56:40.773374,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.773420,  5] ../source3/lib/util_names.c:152(init_names)
  Netbios name list:-
  my_netbios_names[0]="VILLACH-FILE"
[2017/11/13 10:56:40.773550,  2] ../source3/lib/interface.c:345(add_interface)
  added interface host0 ip=192.168.16.214 bcast=192.168.16.255 netmask=255.255.255.0
[2017/11/13 10:56:40.774640,  4] ../source3/lib/time.c:266(TimeInit)
  TimeInit: Serverzone is -3600
[2017/11/13 10:56:40.775680,  5] ../source3/lib/tdb_validate.c:195(tdb_validate_open)
  tdb_validate_open called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.775777,  5] ../source3/lib/tdb_validate.c:112(tdb_validate)
  tdb_validate called for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.779563,  5] ../source3/lib/tdb_validate.c:179(tdb_validate)
  tdb_validate returning code '0' for tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.779663,  1] ../source3/lib/tdb_validate.c:480(tdb_validate_and_backup)
  tdb '/var/cache/samba/winbindd_cache.tdb' is valid
[2017/11/13 10:56:40.779716,  3] ../source3/lib/tdb_validate.c:379(rename_file_with_suffix)
  file '/var/cache/samba/winbindd_cache.tdb.bak' does not exist - so not moved
[2017/11/13 10:56:40.786847,  1] ../source3/lib/tdb_validate.c:490(tdb_validate_and_backup)
  Created backup '/var/cache/samba/winbindd_cache.tdb.bak' of tdb '/var/cache/samba/winbindd_cache.tdb'
[2017/11/13 10:56:40.787137,  5] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
  check lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 10:56:40.787283,  5] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
  release lock order 2 for /var/cache/samba/serverid.tdb
[2017/11/13 10:56:40.787328,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 33 - private_data=(nil)
[2017/11/13 10:56:40.787365,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 13 - private_data=(nil)
[2017/11/13 10:56:40.787400,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1028 - private_data=(nil)
[2017/11/13 10:56:40.787434,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1027 - private_data=(nil)
[2017/11/13 10:56:40.787469,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1029 - private_data=(nil)
[2017/11/13 10:56:40.787503,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1036 - private_data=(nil)
[2017/11/13 10:56:40.787538,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1035 - private_data=(nil)
[2017/11/13 10:56:40.787575,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1280 - private_data=(nil)
[2017/11/13 10:56:40.787609,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1032 - private_data=(nil)
[2017/11/13 10:56:40.787644,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1033 - private_data=(nil)
[2017/11/13 10:56:40.787678,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1034 - private_data=(nil)
[2017/11/13 10:56:40.787712,  5] ../source3/lib/messages.c:356(messaging_register)
  Registering messaging pointer for type 1 - private_data=(nil)
[2017/11/13 10:56:40.787746,  5] ../source3/lib/messages.c:371(messaging_register)
  Overriding messaging pointer for type 1 - private_data=(nil)
[2017/11/13 10:56:40.787983,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.788077,  5] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 10:56:40.788117,  5] ../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
  check lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 10:56:40.788175,  5] ../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
  release lock order 1 for /var/lib/samba/private/secrets.tdb
[2017/11/13 10:56:40.788217,  5] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
  tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
[2017/11/13 10:56:40.846132,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.846218,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.846261,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
  Added domain BUILTIN (null) S-1-5-32
[2017/11/13 10:56:40.846313,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend smbpasswd
[2017/11/13 10:56:40.846360,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'smbpasswd'
[2017/11/13 10:56:40.846397,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend tdbsam
[2017/11/13 10:56:40.846433,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'tdbsam'
[2017/11/13 10:56:40.846469,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend wbc_sam
[2017/11/13 10:56:40.846505,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'wbc_sam'
[2017/11/13 10:56:40.846540,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend samba_dsdb
[2017/11/13 10:56:40.846576,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'samba_dsdb'
[2017/11/13 10:56:40.846611,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend samba4
[2017/11/13 10:56:40.846649,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'samba4'
[2017/11/13 10:56:40.846685,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend ldapsam
[2017/11/13 10:56:40.846721,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'ldapsam'
[2017/11/13 10:56:40.846756,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend NDS_ldapsam
[2017/11/13 10:56:40.846792,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'NDS_ldapsam'
[2017/11/13 10:56:40.846829,  5] ../source3/passdb/pdb_interface.c:79(smb_register_passdb)
  Attempting to register passdb backend IPA_ldapsam
[2017/11/13 10:56:40.846865,  5] ../source3/passdb/pdb_interface.c:92(smb_register_passdb)
  Successfully added passdb backend 'IPA_ldapsam'
[2017/11/13 10:56:40.846902,  5] ../source3/passdb/pdb_interface.c:155(make_pdb_method_name)
  Attempting to find a passdb backend to match tdbsam (tdbsam)
[2017/11/13 10:56:40.846938,  5] ../source3/passdb/pdb_interface.c:176(make_pdb_method_name)
  Found pdb backend tdbsam
[2017/11/13 10:56:40.846980,  5] ../source3/passdb/pdb_interface.c:187(make_pdb_method_name)
  pdb backend tdbsam has a valid init
[2017/11/13 10:56:40.847021,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847092,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847139,  1] ../source3/param/loadparm.c:1039(lp_winbind_max_domain_connections)
  offline logons active, restricting max domain connections to 1
[2017/11/13 10:56:40.847176,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
  Added domain VILLACH-FILE (null) S-1-5-21-2099295303-2754723936-1384751756
[2017/11/13 10:56:40.847223,  0] ../source3/winbindd/winbindd_util.c:902(init_domain_list)
  Could not fetch our SID - did we join?
[2017/11/13 10:56:40.847319,  0] ../source3/winbindd/winbindd.c:1401(winbindd_register_handlers)
  unable to initialize domain list

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
	realm = AD.TAO.AT
	server string = Netzlaufwerke Villach
	workgroup = AD
	local master = No
	max stat cache size = 4096
	ldap timeout = 5
	cache directory = /var/cache/samba/
	lock directory = /var/cache/samba/
	state directory = /var/cache/samba/
	client max protocol = SMB2
	unix extensions = No
	security = ADS
	deadtime = 2
	template homedir = /home/%U
	template shell = /bin/bash
	winbind cache time = 30
	winbind enum groups = Yes
	winbind enum users = Yes
	winbind expand groups = 4
	winbind max domain connections = 32
	winbind nss info = rfc2307
	winbind offline logon = Yes
	winbind reconnect delay = 2
	winbind refresh tickets = Yes
	winbind request timeout = 5
	winbind use default domain = Yes
	idmap config ad : schema_mode = rfc2307
	idmap config ad : range = 4500-50000
	idmap config ad : backend = ad
	idmap config * : range = 60000-61000
	idmap config * : backend = tdb
	map archive = No
	map readonly = no
	store dos attributes = Yes
	include = /etc/samba/site.conf
	map acl inherit = Yes
	acl group control = Yes
	create mask = 0770
	directory mask = 0770
	force create mode = 0660
	force directory mode = 02770
	inherit acls = Yes
	inherit owner = Yes
	inherit permissions = Yes
	read only = No
	aio read size = 16384
	aio write size = 16384
	block size = 4096
	use sendfile = Yes


[homes]
	comment = ~
	volume = nethome

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba