Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Greetings all - I have a frustrating issue which has stumped me. I'd appreciate a few wise suggestions!
I am running Debian (2.4.18-386) with Samba 3.0.2-1, winbind (3.0.2-1) and using PAM authentication against an ADS Win2003 domain. I'm only really using that authentication with Apache (1.3.29.0.1-5) so the users (we're a Windows shop) can use their normal network login to authenticate against my web-server.
So, all is sweetness and light and it works well. Trouble is, this morning I run my normal update/upgrade command (apt-get update ; apt-get dist-upgrade) and it updates Samba and winbind. And now the authentication is bust. The smb.conf file is unchanged. But something else must have happened.
But not completely broken.
I can still mount Windows shares (and see my machine in the Windows network neighbourhood, although not access any of its shares from a Windows box). I can still authenticate using Kerberos (kinit user succeeds, although winbind -a user fails). I can join the realm ok (net ads join).
But wbinfo -u (or -g) returns Error looking up domain users.
A similar issue happened a few weeks ago, with similar footprints. After three days of tweaking it suddenly worked for no obvious reason. (The tweaks seemed to have no effect - I'd left the tweaking for an hour or so and someone reported a successful login attempt.)
So I'm wondering if it's not my machine, it's perhaps something on the ADS server which doesn't like the fact that my Samba/Winbind has been updated and needs to be told. Perhaps it does update itself every once in a while (which is why, before, it 'suddenly' started working out of the blue) but I'd like to be able to tell it explicitly to do it.
Any ideas or suggestions? I'm happy to post logs and conf files as necessary!
Yes, I did that. Both the sys admin deleting it from the Windows side and I ran net ads leave.
Interestingly net ads user -U user%password succeeds in giving back a list of valid network users, but wbinfo -u, which should do the same, fails with Error looking up domain users
Can I configure Apache to use the ADS rather than winbind? Or I am totally confused?
And, all of its own accord, it suddenly started working again.
I'm not sure if it was connected, but I'd just run wbinfo -D workground_name which seemed to hang, but I went to do something else, forgetting that is was hanging.
Only it wasn't. Eventually it came back with correct answers, at which point, wbinfo -u|g worked and the authentication was back, too.
I don't know if that was all coincidence, that the wbinfo -D was a cause of the fix or just the first thing to happen once it fixed itself.
I am still suspicious that the apt-get upgrade changed something which, eventually, got reset.
So, any easy ways of getting apt-get to update everything apart from a specific list of exceptions?
I'm not sure if it was connected, but I'd just run wbinfo -D workground_name which seemed to hang, but I went to do something else, forgetting that is was hanging. Only it wasn't. Eventually it came back with correct answers, at which point, wbinfo -u|g worked and the authentication was back, too.
Wow. Weird. I was trying to get Samba and winbind working for Squid today. Most wbinfo tests seemed fine, but "wbinfo -u" and "wbinfo -g" kept giving that "Error looking up domain users" (or groups) error. I found your post, and tried running "wbinfo -D domain_name", just to see if it made a difference. While it did not hang on my system (returned info immediately), after that, "wbinfo -u" and "wbinfo -g" started working. So whatever's going on, that "-D" switch seems to help unwedge things somehow.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.