Web lists-archives.com

[Samba] Winbind not working on Ubuntu 18.04 Samba 4.8.0 File Sever




Good Morning, Ive been trying to test Samba AD on Ubuntu 18.04 using samba version 4.8.0  The DC seems to be working fine all tests have passed.  I was able to connect Win7 RSAT, a Ubuntu workstation and a File server.  My problem is the file server will not give response to 'sudo getent passwd' with or with out username or DOMAIN\username. Everything else works as far as I can tell.

Prior to build I installed the following dependencies:

 apt install ntpdate acl attr autoconf bison build-essential debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev krb5-user libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev libbsd-dev libcap-dev libcups2-dev libgnutls28-dev libgpgme11-dev libjson-perl libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl libpopt-dev libreadline-dev nettle-dev perl perl-modules pkg-config python-all-dev python-crypto python-dbg python-dev python-dnspython python3-dnspython python-markdown python3-markdown python3-dev xsltproc zlib1g-dev

Symbolic links are set correctly:

root@files:~# smbd -b | grep LIBDIR
   LIBDIR: /usr/lib

ln -s /usr/lib/libnss_winbind.so.2 /lib/x86_64-linus-gnu/
ln -s /lib/x86_64-linus-gnu/libnss_winbind.so.2 /lib/x86_64-linus-gnu/libnss_winbind.so
ldconfig

nssswitch.conf have tried these three combinations:

passwd:         compat winbind systemd
group:          compat winbind systemd

passwd:        compat systemd winbind
group:          compat systemd winbind

passwd:         compat winbind
group :         compat winbind

Here are my configs:

Samba 4.8.0 AD DC smb.conf using Bind9:

# Global parameters
[global]
        netbios name = DC-TEST
        realm = TEST.COM
        workgroup = TEST
        server role = active directory domain controller
        server services = -dns
        workgroup = TEST
        idmap_ldb:use rfc2307 = yes
        ldap server require strong auth = no
        allow dns updates = nonsecure and secure
        log level = 3

# stops cups errors in log file
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

[netlogon]
        path = /var/lib/samba/sysvol/test.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

########

Samba 4.8.0 Member Server smb.conf:

[global]
        realm = TEST.COM
        workgroup = TEST
        netbios name = files
        security = ADS
        server role = member server
        encrypt passwords = yes

        idmap config *:backend = tdb
        idmap config *:range = 2000-9999
        idmap config TEST:backend = ad
        idmap config TEST:schema_mode = rfc2307
        idmap config TEST:range = 10000-99999
        idmap config TEST:unix_nss_info = yes
        winbind use default domain = yes

        vfs objects = acl_xattr
        map acl inherit = Yes
        store dos attributes = Yes

        username map = /etc/samba/user.map

        log level=3 winbind:10
        log file = /var/log/samba/log.%m
        max log size = 500

 # Stops cups errors in log file
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes


#============================ Share Definitions ==============================

####### Profiles and Documents for Windows users ##########

[profiles]
    comment = Windows user profiles
    path = /var/shares/profiles
    level2 oplocks =no
    oplocks = no
    read only = no

[redirects]
    comment = windows user documents
    path = /var/shares/redirects
    level2 oplocks =no
    oplocks = no
    read only = no

##############

Kinit works from member:

root@files:/etc/samba# kinit bthomas
Password for bthomas@xxxxxxxx:
root@files:/etc/samba# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: bthomas@xxxxxxxx

Valid starting       Expires              Service principal
03/28/2018 09:57:35  03/28/2018 19:57:35 krbtgt/TEST.COM@xxxxxxxx
        renew until 03/29/2018 09:57:25root@files:/home/cyadmin/source/samba-4.8.0# ps axf | egrep "samba|smbd|nmbd|winbindd"

Service are Running:

 1777 pts/1    S+     0:00 \_ grep -E --color=auto samba|smbd|nmbd|winbindd
  643 ?        Ss     0:00 smbd
  645 ?        S      0:00  \_ smbd
  646 ?        S      0:00  \_ smbd
  651 ?        Ss     0:00 nmbd
 1774 ?        Ss     0:00 winbindd
 1775 ?        S      0:00  \_ winbindd: domain child [TEST]

Logs from log.wb-TEST (from starting 'winbindd' and doing one 'getent passwd bthomas'

[2018/03/28 10:20:11.856393,  4, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
  child daemon request 20
[2018/03/28 10:20:11.856478, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:665(child_process_request)
  child_process_request: request fn LIST_TRUSTDOM
[2018/03/28 10:20:11.856515,  3, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:288(winbindd_dual_list_trusted_domains)
  [ 1304]: list trusted domains
[2018/03/28 10:20:11.856550, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2825(wb_cache_trusted_domains)
  trusted_domains: [Cached] - doing backend query for info for domain TEST
[2018/03/28 10:20:11.856584,  3, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1390(trusted_domains)
  ads: trusted_domains
[2018/03/28 10:20:11.860494, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1475(trusted_domains)   trusted_domains(ads):  Searching trusted domain list of TEST and storing trust flags for domain test.com [2018/03/28 10:20:11.860570, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4567(wcache_tdc_add_domain)   wcache_tdc_add_domain: Adding domain TEST (test.com), SID S-1-5-21-2280622806-4116776946-4167826043, flags = 0x1d, attributes = 0x0, type = 0x2 [2018/03/28 10:20:11.860659, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4277(add_wbdomain_to_tdc_array)
  add_wbdomain_to_tdc_array: Found existing record for TEST
[2018/03/28 10:20:11.860701, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4370(pack_tdc_domains)
  pack_tdc_domains: Packing 3 trusted domains
[2018/03/28 10:20:11.860764, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2018/03/28 10:20:11.860797, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain FILES (UNKNOWN)
[2018/03/28 10:20:11.860829, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain TEST (test.com)
[2018/03/28 10:20:11.860891,  4, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
  Finished processing child request 20
[2018/03/28 10:20:11.860923, 10, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
  Writing 4071 bytes to parent
[2018/03/28 10:22:38.330478,  0, pid=1305, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)
  Got sig[15] terminate (is_parent=0)
[2018/03/28 10:23:35.728834, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:569(set_domain_online_request)
  set_domain_online_request: called for domain TEST
[2018/03/28 10:23:35.729529, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:604(set_domain_online_request)
  set_domain_online_request: domain TEST was globally offline.
[2018/03/28 10:23:35.729584, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1166(calculate_next_machine_pwd_change)
  password last changed 2018/03/27 17:19:46
  password valid until 2018/04/03 17:19:46
[2018/03/28 10:23:35.729606, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1174(calculate_next_machine_pwd_change)
  machine password still valid until: Tue, 03 Apr 2018 17:19:46 EDT
[2018/03/28 10:23:35.729643,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
  child daemon request 48
[2018/03/28 10:23:35.729657, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:665(child_process_request)
  child_process_request: request fn INIT_CONNECTION
[2018/03/28 10:23:35.729676,  3, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2126(connection_ok)
  connection_ok: Connection to (null) for domain TEST is not connected
[2018/03/28 10:23:35.729883, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:1888(cm_open_connection)
  cm_open_connection: saf_servername is 'dc-test.test.com' for domain TEST
[2018/03/28 10:23:35.732586,  3] ../source3/libads/ldap.c:634(ads_connect)
  Successfully contacted LDAP server 10.157.0.19
[2018/03/28 10:23:35.743725, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:1426(dcip_check_name)
  dcip_check_name: flags = 0x13fd
[2018/03/28 10:23:35.743803,  3] ../source3/libsmb/namequery.c:3159(get_dc_list)
  get_dc_list: preferred server list: "dc-test.test.com, *"
[2018/03/28 10:23:35.758898,  3] ../source3/libsmb/namequery.c:3159(get_dc_list)
  get_dc_list: preferred server list: "dc-test.test.com, *"
[2018/03/28 10:23:35.764434, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:1926(cm_open_connection)
  cm_open_connection: dcname is 'dc-test.test.com' for domain TEST
[2018/03/28 10:23:35.765062,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 10.157.0.19 at port 445
[2018/03/28 10:23:35.765518, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:1045(cm_prepare_connection)
  cm_prepare_connection: connecting to DC dc-test.test.com for domain TEST
[2018/03/28 10:23:35.788305,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2018/03/28 10:23:35.788448,  5, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:1144(cm_prepare_connection)   connecting to dc-test.test.com (TEST, TEST.COM) with account [TEST\FILES$] principal [FILES$@TEST.COM] and realm [TEST.COM] [2018/03/28 10:23:35.788511,  3] ../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
  got OID=1.2.840.48018.1.2.2
[2018/03/28 10:23:36.090404,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2018/03/28 10:23:36.090425,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2018/03/28 10:23:36.090434,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2018/03/28 10:23:36.090442,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'spnego' registered
[2018/03/28 10:23:36.090449,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'schannel' registered
[2018/03/28 10:23:36.090459,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2018/03/28 10:23:36.090467,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2018/03/28 10:23:36.090475,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2018/03/28 10:23:36.090482,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2018/03/28 10:23:36.090489,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_basic' registered
[2018/03/28 10:23:36.090497,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2018/03/28 10:23:36.090505,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'http_negotiate' registered
[2018/03/28 10:23:36.124186, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:3534(set_global_winbindd_state_online)
  set_global_winbindd_state_online: online requested.
[2018/03/28 10:23:36.124249, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:3537(set_global_winbindd_state_online)
  set_global_winbindd_state_online: rejecting.
[2018/03/28 10:23:36.124282, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:483(set_domain_online)
  set_domain_online: called for domain TEST
[2018/03/28 10:23:36.124445, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2646(set_dc_type_and_flags)
  set_dc_type_and_flags: setting up flags for primary or internal domain
[2018/03/28 10:23:36.124486,  5, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2374(set_dc_type_and_flags_connect)
  set_dc_type_and_flags_connect: domain TEST
[2018/03/28 10:23:36.138678,  5, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2613(set_dc_type_and_flags_connect)
  set_dc_type_and_flags_connect: domain TEST is in native mode.
[2018/03/28 10:23:36.138746,  5, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2616(set_dc_type_and_flags_connect)
  set_dc_type_and_flags_connect: domain TEST is running active directory.
[2018/03/28 10:23:36.139214,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
  Finished processing child request 48
[2018/03/28 10:23:36.139260, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
  Writing 4008 bytes to parent
[2018/03/28 10:23:36.139407,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
  child daemon request 20
[2018/03/28 10:23:36.139443, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:665(child_process_request)
  child_process_request: request fn LIST_TRUSTDOM
[2018/03/28 10:23:36.139488,  3, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:288(winbindd_dual_list_trusted_domains)
  [  699]: list trusted domains
[2018/03/28 10:23:36.139524,  5, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:166(winbindd_domain_init_backend)
  winbindd_domain_init_backend: Setting ADS methods for domain TEST
[2018/03/28 10:23:36.139554, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2825(wb_cache_trusted_domains)
  trusted_domains: [Cached] - doing backend query for info for domain TEST
[2018/03/28 10:23:36.139597,  3, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1390(trusted_domains)
  ads: trusted_domains
[2018/03/28 10:23:36.140264,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2018/03/28 10:23:36.141050,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 10.157.0.19 at port 135
[2018/03/28 10:23:36.143752,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 10.157.0.19 at port 49153
[2018/03/28 10:23:36.152863,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 10.157.0.19 at port 135
[2018/03/28 10:23:36.155888,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 10.157.0.19 at port 49153
[2018/03/28 10:23:36.166627, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1475(trusted_domains)   trusted_domains(ads):  Searching trusted domain list of TEST and storing trust flags for domain test.com [2018/03/28 10:23:36.166697, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4567(wcache_tdc_add_domain)   wcache_tdc_add_domain: Adding domain TEST (test.com), SID S-1-5-21-2280622806-4116776946-4167826043, flags = 0x1d, attributes = 0x0, type = 0x2 [2018/03/28 10:23:36.166791, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4277(add_wbdomain_to_tdc_array)
  add_wbdomain_to_tdc_array: Found existing record for TEST
[2018/03/28 10:23:36.166829, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4370(pack_tdc_domains)
  pack_tdc_domains: Packing 3 trusted domains
[2018/03/28 10:23:36.166870, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2018/03/28 10:23:36.166903, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain FILES (UNKNOWN)
[2018/03/28 10:23:36.166934, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain TEST (test.com)
[2018/03/28 10:23:36.167006,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
  Finished processing child request 20
[2018/03/28 10:23:36.167038, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
  Writing 4071 bytes to parent
[2018/03/28 10:23:36.167255,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
  child daemon request 20
[2018/03/28 10:23:36.167290, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:665(child_process_request)
  child_process_request: request fn LIST_TRUSTDOM
[2018/03/28 10:23:36.167319,  3, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:288(winbindd_dual_list_trusted_domains)
  [  699]: list trusted domains
[2018/03/28 10:23:36.167348, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2825(wb_cache_trusted_domains)
  trusted_domains: [Cached] - doing backend query for info for domain TEST
[2018/03/28 10:23:36.167393,  3, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1390(trusted_domains)
  ads: trusted_domains
[2018/03/28 10:23:36.170050, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_ads.c:1475(trusted_domains)   trusted_domains(ads):  Searching trusted domain list of TEST and storing trust flags for domain test.com [2018/03/28 10:23:36.170119, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4567(wcache_tdc_add_domain)   wcache_tdc_add_domain: Adding domain TEST (test.com), SID S-1-5-21-2280622806-4116776946-4167826043, flags = 0x1d, attributes = 0x0, type = 0x2 [2018/03/28 10:23:36.170194, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4277(add_wbdomain_to_tdc_array)
  add_wbdomain_to_tdc_array: Found existing record for TEST
[2018/03/28 10:23:36.170231, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4370(pack_tdc_domains)
  pack_tdc_domains: Packing 3 trusted domains
[2018/03/28 10:23:36.170272, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2018/03/28 10:23:36.170304, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain FILES (UNKNOWN)
[2018/03/28 10:23:36.170335, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4389(pack_tdc_domains)
  pack_tdc_domains: Packing domain TEST (test.com)
[2018/03/28 10:23:36.170394,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
  Finished processing child request 20
[2018/03/28 10:23:36.170425, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
  Writing 4071 bytes to parent
[2018/03/28 10:24:31.424478, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:69(child_read_request)
  Need to read 44 extra bytes
[2018/03/28 10:24:31.424567,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
  child daemon request 56
[2018/03/28 10:24:31.424606, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:665(child_process_request)
  child_process_request: request fn NDRCMD
[2018/03/28 10:24:31.424639, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:362(winbindd_dual_ndrcmd)
  winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (TEST)
[2018/03/28 10:24:31.424789, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1770(wcache_name_to_sid)
  wcache_name_to_sid: namemap_cache_find_name failed
[2018/03/28 10:24:31.424831, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1817(wb_cache_name_to_sid)
  name_to_sid: [Cached] - doing backend query for name for domain TEST
[2018/03/28 10:24:31.424867,  3, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid)
  msrpc_name_to_sid: name=TEST\BTHOMAS
[2018/03/28 10:24:31.424900,  3, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid)
  name_to_sid [rpc] TEST\BTHOMAS for domain TEST
[2018/03/28 10:24:31.424933, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2973(cm_connect_lsa_tcp)
  cm_connect_lsa_tcp
[2018/03/28 10:24:31.425082,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 10.157.0.19 at port 135
[2018/03/28 10:24:31.428731,  3] ../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to 10.157.0.19 at port 49152
[2018/03/28 10:24:31.435308,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
  Finished processing child request 56
[2018/03/28 10:24:31.435376, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
  Writing 4044 bytes to parent
[2018/03/28 10:24:31.821764, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:69(child_read_request)
  Need to read 48 extra bytes
[2018/03/28 10:24:31.821840,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1545(child_handler)
  child daemon request 56
[2018/03/28 10:24:31.821875, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:665(child_process_request)
  child_process_request: request fn NDRCMD
[2018/03/28 10:24:31.821905, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:362(winbindd_dual_ndrcmd)
  winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSIDS (TEST)
[2018/03/28 10:24:31.821957, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2973(cm_connect_lsa_tcp)
  cm_connect_lsa_tcp
[2018/03/28 10:24:31.825945,  4, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1553(child_handler)
  Finished processing child request 56
[2018/03/28 10:24:31.826013, 10, pid=700, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
  Writing 4152 bytes to parent

######################

And from log.winbindd:

[2018/03/28 10:24:31.423718,  3, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
  getpwnam bthomas
[2018/03/28 10:24:31.435508, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4802(wcache_store_ndr)
  could not fetch seqnum for domain TEST
[2018/03/28 10:24:31.435577, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
  SID 0: S-1-5-21-2280622806-4116776946-4167826043-1108
[2018/03/28 10:24:31.436381, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1578(fork_domain_child)
  fork_domain_child called without domain.
[2018/03/28 10:24:31.437336, 10, pid=707, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1632(fork_domain_child)
  Child process 707
[2018/03/28 10:24:31.821385, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
  SID 0: S-1-5-21-2280622806-4116776946-4167826043-513
[2018/03/28 10:24:31.821530, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:1467(find_lookup_domain_from_sid)   find_lookup_domain_from_sid: SID [S-1-5-21-2280622806-4116776946-4167826043-513] [2018/03/28 10:24:31.821585, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:1512(find_lookup_domain_from_sid)
  calling find_our_domain
[2018/03/28 10:24:31.826194, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4802(wcache_store_ndr)
  could not fetch seqnum for domain TEST
[2018/03/28 10:24:31.828528,  5, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_getpwnam.c:128(winbindd_getpwnam_recv)   Could not convert sid S-1-5-21-2280622806-4116776946-4167826043-1108: NT_STATUS_NO_SUCH_USER [2018/03/28 10:24:31.829171, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:757(wb_request_done)
  wb_request_done[706:GETPWNAM]: NT_STATUS_NO_SUCH_USER
[2018/03/28 10:24:31.829219, 10, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:825(winbind_client_response_written)   winbind_client_response_written[706:GETPWNAM]: delivered response to client [2018/03/28 10:24:31.829328,  6, pid=699, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:930(winbind_client_request_read)
  closing socket 25, client exited

root@files:/var/log/samba# net ads testjoin
Join is OK

root@files:/var/log/samba# net ads info
LDAP server: 10.157.0.19
LDAP server name: dc-test.test.com
Realm: TEST.COM
Bind Path: dc=TEST,dc=COM
LDAP port: 389
Server time: Wed, 28 Mar 2018 10:42:57 EDT
KDC server: 10.157.0.19
Server time offset: 0
Last machine account password change: Tue, 27 Mar 2018 17:19:46 EDT

root@files:/var/log/samba# wbinfo -p
Ping to winbindd succeeded

root@files:/var/log/samba# wbinfo --ping-dc
checking the NETLOGON for domain[TEST] dc connection to "dc-test.test.com" succeeded

root@files:~# wbinfo -u
krbtgt
dns-dc-test
guest
administrator
bthomas

root@files:~# wbinfo -g
denied rodc password replication group
domain admins
domain guests
schema admins
allowed rodc password replication group
domain computers
enterprise read-only domain controllers
read-only domain controllers
ras and ias servers
test domain admin
group policy creator owners
domain controllers
dnsadmins
cert publishers
domain users
enterprise admins
dnsupdateproxy

Any help would be greatly apprceated as always.

Thank You, Bob Thomas






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba