[sisyphus] [samba] wbinfo -u не показывает пользователей с консоли PDC
Slava Dubrovskiy
=?iso-8859-1?q?slava_=CE=C1_elan=2Ecom=2Eua?=
Вт Июл 13 12:50:11 MSD 2004
Здравствуйте!
Писал со своей проблемой в samba на altlinux.ru, но там никто ничем не
помог. Эта проблема была на сизифе. Сейчас поставил бету мастера 2.4. и
все осталось. Проблема в том, что с сервера (COMP) нельзя посмотреть
список пользователей (wbinfo -u), а wbinfo -m выводит только BUILTIN.
С другой машины (admin), которая введена в домен, эти команды работают.
Знающие люди, объясните, пожалуйста. Почему не показывает список
пользователей wbinfo -u?
И как с этим бороться?
PDC на samba-3.0.3-alt1.1 с вот таким конфигом:
[global]
dos charset = CP866
unix charset = CP1251
display charset = CP1251
workgroup = ELAN
server string = %h (v. %v)
interfaces = 127.0.0.1, eth0
bind interfaces only = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log level = 4
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins lmhosts bcast
time server = Yes
add user script = /usr/sbin/useradd -s /bin/false %u
add machine script = /usr/sbin/useradd -d /dev/null -g machines
-c 'Machine Account' -s /bin/false -M %u
logon script = %U.bat
logon path =
logon home =
domain logons = Yes
os level = 60
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = root, @wheel
printer admin = @adm, @wheel
hosts allow = 192.168.1., 127.
[homes]
comment = Home Directory for '%u'
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
root preexec = /usr/bin/ntlogon.py -u %U -g %G -o %a -d
/var/lib/samba/netlogon
root postexec = rm -f /var/lib/samba/netlogon/%U.bat
[Profiles]
path = /var/lib/samba/profiles
guest ok = Yes
browseable = No
[C$]
comment = Administrative share for homes
path = /home
valid users = '@DOMAIN\\Domain Admins'
admin users = '@DOMAIN\\Domain Admins'
read only = No
[comp]# net groupmap list
System Operators (S-1-5-32-549) -> daemon
Replicators (S-1-5-32-552) -> kmem
Guests (S-1-5-32-546) -> nobody
Buhgalters (S-1-5-21-1880606302-4127658398-287049863-2005) -> buhgalters
Sklad (S-1-5-21-1880606302-4127658398-287049863-2111) -> sklad
Logistiks (S-1-5-21-1880606302-4127658398-287049863-2113) -> logistiks
Power Users (S-1-5-32-547) -> ntadmin
Menegers (S-1-5-21-1880606302-4127658398-287049863-2107) -> menegers
Print Operators (S-1-5-32-550) -> lp
Administrators (S-1-5-32-544) -> sys
Finance (S-1-5-21-1880606302-4127658398-287049863-2109) -> finance
Account Operators (S-1-5-32-548) -> wheel
Domain Admins (S-1-5-21-1880606302-4127658398-287049863-512) -> root
Domain Guests (S-1-5-21-1880606302-4127658398-287049863-514) -> nobody
Backup Operators (S-1-5-32-551) -> bin
Users (S-1-5-32-545) -> public
Domain Users (S-1-5-21-1880606302-4127658398-287049863-513) -> users
/etc/nsswitch.conf
passwd: files winbind nisplus nis
shadow: tcb files nisplus nis
group: files winbind nisplus nis
hosts: files nisplus nis dns wins
Дальше добавил пользователей через pdbedit -a
Добавил машину на которой стоит PDC в домен.
И при попытке получить список пользователей (с машины которая PDC)
wbinfo -u пишет
[comp]$ wbinfo -u
Error looking up domain users
При попытке получить список доменов:
[comp]$ wbinfo -m
BUILTIN
[comp]$ wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users
Дальше, если я добавил в домен например машину admin на которой стоит та
же версия самбы с таким конфигом:
[global]
dos charset = CP866
unix charset = KOI8-R
display charset = KOI8-R
workgroup = ELAN
netbios name = ADMIN
server string = %h (Samba server v. %v)
interfaces = eth1, lo
bind interfaces only = Yes
security = DOMAIN
log level = 4
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = No
wins server = 192.168.1.1
idmap uid = 10000-20000
idmap gid = 10000-20000
то wbinfo -u нормально показывает пользователей.
[admin]$ wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users
ELAN\Domain Users
ELAN\Sklad
ELAN\Menegers
ELAN\Buhgalters
ELAN\Domain Admins
ELAN\Domain Guests
ELAN\Logistiks
ELAN\Finance
[admin]$ wbinfo -m
ADMINPC
BUILTIN
Вот лог запуска winbind на сервере comp:
[2004/07/13 08:29:01, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.3-ALT/alt1.1 started.
Copyright The Samba Team 2000-2004
doing parameter hosts allow = 192.168.1. 127.
doing parameter security = user
doing parameter encrypt passwords = yes
doing parameter smb passwd file = /etc/samba/smbpasswd
doing parameter unix password sync = Yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n *passwd:*all*authenti
cation*tokens*updated*successfully*
doing parameter winbind uid = 10000-20000
doing parameter winbind gid = 10000-20000
doing parameter socket options = TCP_NODELAY
doing parameter interfaces = 127.0.0.1 eth0
doing parameter bind interfaces only = Yes
doing parameter os level = 120
doing parameter domain master = yes
doing parameter preferred master = yes
doing parameter domain logons = yes
doing parameter logon script = %m.bat
doing parameter logon script = %U.bat
doing parameter logon path =
doing parameter logon home =
doing parameter add machine script = /usr/sbin/useradd -d /dev/null
-g machines -c 'Machine Account' -s /bin
/false -M %u
doing parameter add user script = /usr/sbin/useradd -s /bin/false %u
doing parameter name resolve order = wins lmhosts bcast
doing parameter wins support = yes
doing parameter dns proxy = no
doing parameter dos charset = CP866
doing parameter unix charset = CP1251
doing parameter display charset = CP1251
doing parameter admin users = root @wheel
doing parameter time server = yes
doing parameter allow trusted domains = yes
doing parameter nt acl support = yes
[2004/07/13 08:29:01, 2] param/loadparm.c:do_section(3392)
Processing section "[homes]"
doing parameter comment = Home Directory for '%u'
doing parameter browseable = no
doing parameter writable = yes
[2004/07/13 08:29:01, 2] param/loadparm.c:do_section(3392)
Processing section "[netlogon]"
doing parameter comment = Network Logon Service
doing parameter path = /var/lib/samba/netlogon
doing parameter guest ok = yes
doing parameter writable = no
doing parameter root preexec = /usr/bin/ntlogon.py -u %U -g %G -o %a
-d /var/lib/samba/netlogon
doing parameter root postexec = rm -f /var/lib/samba/netlogon/%U.bat
[2004/07/13 08:29:01, 2] param/loadparm.c:do_section(3392)
Processing section "[Profiles]"
doing parameter path = /var/lib/samba/profiles
doing parameter browseable = no
doing parameter guest ok = yes
[2004/07/13 08:29:01, 2] param/loadparm.c:do_section(3392)
Processing section "[C$]"
doing parameter comment = Administrative share for homes
doing parameter path = /home
doing parameter admin users = @"DOMAIN\\Domain Admins"
doing parameter valid users = @"DOMAIN\\Domain Admins"
doing parameter writable = yes
[2004/07/13 08:29:01, 4] param/loadparm.c:lp_load(3909)
pm_process() returned Yes
[2004/07/13 08:29:01, 3] param/loadparm.c:lp_add_ipc(2359)
adding IPC service
[2004/07/13 08:29:01, 3] param/loadparm.c:lp_add_ipc(2359)
adding IPC service
[2004/07/13 08:29:01, 2] lib/interface.c:add_interface(79)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2004/07/13 08:29:01, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.100 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 08:29:01, 2] lib/interface.c:add_interface(79)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2004/07/13 08:29:01, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.100 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 08:29:01, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
Registered MSG_REQ_POOL_USAGE
[2004/07/13 08:29:01, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2004/07/13 08:29:01, 3] nsswitch/winbindd_util.c:add_trusted_domain(173)
add_trusted_domain: ELAN is an NT4 domain
[2004/07/13 08:29:01, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain ELAN S-1-5-21-2398043960-2793333441-4170999000
[2004/07/13 08:29:01, 3] nsswitch/winbindd_util.c:add_trusted_domain(173)
add_trusted_domain: BUILTIN is an NT4 domain
[2004/07/13 08:29:01, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain BUILTIN S-1-5-32
Вот лог запуска winbind на клиенте admin:
[2004/07/13 11:32:29, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.3-ALT/alt1.1 started.
Copyright The Samba Team 2000-2004
doing parameter security = domain
doing parameter password server = *
doing parameter encrypt passwords = yes
doing parameter smb passwd file = /etc/samba/smbpasswd
doing parameter winbind uid = 10000-20000
doing parameter winbind gid = 10000-20000
doing parameter socket options = TCP_NODELAY
doing parameter interfaces = eth1,lo
doing parameter bind interfaces only = Yes
doing parameter wins server = 192.168.1.1
doing parameter dns proxy = no
doing parameter dos charset = CP866
doing parameter unix charset = KOI8-R
doing parameter display charset = KOI8-R
doing parameter allow trusted domains = yes
doing parameter nt acl support = yes
[2004/07/13 11:32:30, 2] param/loadparm.c:do_section(3392)
Processing section "[homes]"
doing parameter comment = Home Directory for '%u'
doing parameter browseable = no
doing parameter writable = yes
[2004/07/13 11:32:30, 2] param/loadparm.c:do_section(3392)
Processing section "[cdrom]"
doing parameter comment = CD-ROM
doing parameter path = /mnt/cdrom
doing parameter browseable = yes
doing parameter writable = no
[2004/07/13 11:32:30, 2] param/loadparm.c:do_section(3392)
Processing section "[iso1]"
doing parameter comment = iso1
doing parameter path = /mnt/iso1
doing parameter browseable = yes
doing parameter writable = no
[2004/07/13 11:32:30, 2] param/loadparm.c:do_section(3392)
Processing section "[iso2]"
doing parameter comment = iso2
doing parameter path = /mnt/iso2
doing parameter browseable = yes
doing parameter writable = no
[2004/07/13 11:32:30, 2] param/loadparm.c:do_section(3392)
Processing section "[printers]"
doing parameter comment = All Printers
doing parameter path = /var/spool/samba
doing parameter browseable = no
doing parameter guest ok = yes
doing parameter writable = no
doing parameter printable = yes
doing parameter create mode = 0700
[2004/07/13 11:32:30, 2] param/loadparm.c:do_section(3392)
Processing section "[print$]"
doing parameter path = /var/lib/samba/printers
doing parameter browseable = yes
doing parameter read only = yes
doing parameter write list = @adm root
[2004/07/13 11:32:30, 2] param/loadparm.c:do_section(3392)
Processing section "[C$]"
doing parameter comment = Administrative share for homes
doing parameter path = /home
doing parameter admin users = @"DOMAIN\\Domain Admins"
doing parameter valid users = @"DOMAIN\\Domain Admins"
doing parameter writable = yes
[2004/07/13 11:32:30, 4] param/loadparm.c:lp_load(3909)
pm_process() returned Yes
[2004/07/13 11:32:30, 3] param/loadparm.c:lp_add_ipc(2359)
adding IPC service
[2004/07/13 11:32:30, 3] param/loadparm.c:lp_add_ipc(2359)
adding IPC service
[2004/07/13 11:32:30, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.5 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 11:32:30, 2] lib/interface.c:add_interface(79)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2004/07/13 11:32:30, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.5 bcast=192.168.1.255 nmask=255.255.255.0
[2004/07/13 11:32:30, 2] lib/interface.c:add_interface(79)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2004/07/13 11:32:30, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
Registered MSG_REQ_POOL_USAGE
[2004/07/13 11:32:30, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2004/07/13 11:32:30, 3] nsswitch/winbindd_util.c:add_trusted_domain(173)
add_trusted_domain: ELAN is an NT4 domain
[2004/07/13 11:32:30, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain ELAN S-0-0
[2004/07/13 11:32:30, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(261)
Using cleartext machine password
[2004/07/13 11:32:30, 4] libsmb/namequery.c:get_dc_list(1376)
get_dc_list: returning 1 ip addresses in an unordered list
[2004/07/13 11:32:30, 4] libsmb/namequery.c:get_dc_list(1377)
get_dc_list: 192.168.1.100:0
[2004/07/13 11:32:30, 4] libsmb/nmblib.c:debug_nmb_packet(109)
nmb packet from 192.168.1.100(137) header: id=27182 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=ELAN<1c> rr_type=33 rr_class=1 ttl=0
answers 0 char .COMP hex
09434F4D502020202020202020202020
answers 10 char .d.COMP hex
006400434F4D50202020202020202020
answers 20 char .d.COMP hex
2020036400434F4D5020202020202020
answers 30 char d...__MSBRO hex
2020202020640001025F5F4D5342524F
answers 40 char WSE__....ELAN hex
5753455F5F0201E400454C414E202020
answers 50 char ...ELAN hex
202020202020202000E400454C414E20
answers 60 char .d.ELA hex
202020202020202020201B6400454C41
answers 70 char N ...E hex
4E20202020202020202020201CE40045
answers 80 char LAN .d hex
4C414E20202020202020202020201D64
answers 90 char .ELAN hex
00454C414E2020202020202020202020
answers a0 char ................ hex
1EE40000000000000000000000000000
answers b0 char ................ hex
00000000000000000000000000000000
answers c0 char ................ hex
00000000000000000000000000000000
answers d0 char . hex 00
[2004/07/13 11:32:30, 3] libsmb/namequery_dc.c:rpc_dc_name(143)
rpc_dc_name: Returning DC COMP (192.168.1.100) for domain ELAN
[2004/07/13 11:32:30, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(110)
IPC$ connections done anonymously
[2004/07/13 11:32:30, 3] libsmb/cliconnect.c:cli_start_connection(1369)
Connecting to host=COMP
[2004/07/13 11:32:30, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 192.168.1.100 at port 445
[2004/07/13 11:32:30, 4] lib/time.c:get_serverzone(122)
Serverzone is -10800
[2004/07/13 11:32:30, 3] nsswitch/winbindd_rpc.c:trusted_domains(925)
rpc: trusted_domains
[2004/07/13 11:32:30, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(261)
Using cleartext machine password
[2004/07/13 11:32:30, 4] libsmb/namequery.c:get_dc_list(1376)
get_dc_list: returning 1 ip addresses in an unordered list
[2004/07/13 11:32:30, 4] libsmb/namequery.c:get_dc_list(1377)
get_dc_list: 192.168.1.100:0
[2004/07/13 11:32:30, 4] libsmb/nmblib.c:debug_nmb_packet(109)
nmb packet from 192.168.1.100(137) header: id=24760 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=ELAN<1c> rr_type=33 rr_class=1 ttl=0
answers 0 char .COMP hex
09434F4D502020202020202020202020
answers 10 char .d.COMP hex
006400434F4D50202020202020202020
answers 20 char .d.COMP hex
2020036400434F4D5020202020202020
answers 30 char d...__MSBRO hex
2020202020640001025F5F4D5342524F
answers 40 char WSE__....ELAN hex
5753455F5F0201E400454C414E202020
answers 50 char ...ELAN hex
202020202020202000E400454C414E20
answers 60 char .d.ELA hex
202020202020202020201B6400454C41
answers 70 char N ...E hex
4E20202020202020202020201CE40045
answers 80 char LAN .d hex
4C414E20202020202020202020201D64
answers 90 char .ELAN hex
00454C414E2020202020202020202020
answers a0 char ................ hex
1EE40000000000000000000000000000
answers b0 char ................ hex
00000000000000000000000000000000
answers c0 char ................ hex
00000000000000000000000000000000
answers d0 char . hex 00
[2004/07/13 11:32:30, 3] libsmb/namequery_dc.c:rpc_dc_name(143)
rpc_dc_name: Returning DC COMP (192.168.1.100) for domain ELAN
[2004/07/13 11:32:30, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(110)
IPC$ connections done anonymously
[2004/07/13 11:32:30, 3] libsmb/cliconnect.c:cli_start_connection(1369)
Connecting to host=COMP
[2004/07/13 11:32:30, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 192.168.1.100 at port 445
[2004/07/13 11:32:30, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(261)
Using cleartext machine password
[2004/07/13 11:32:30, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
cli_net_req_chal: LSA Request Challenge from ADMINPC to COMP:
89448EB6A52A1C74
[2004/07/13 11:32:30, 4] libsmb/credentials.c:cred_session_key(59)
cred_session_key
[2004/07/13 11:32:30, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/13 11:32:30, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
cli_net_auth2: srv:\\COMP acct:ADMINPC$ sc:2 mc: ADMINPC chal
D4FBD58A082626E8 neg: 400701ff
[2004/07/13 11:32:30, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/13 11:32:30, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
[2004/07/13 11:32:30, 3] nsswitch/winbindd_util.c:add_trusted_domain(173)
add_trusted_domain: BUILTIN is an NT4 domain
[2004/07/13 11:32:30, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain BUILTIN S-1-5-32
[2004/07/13 11:32:30, 3] nsswitch/winbindd_util.c:add_trusted_domain(173)
add_trusted_domain: ADMINPC is an NT4 domain
[2004/07/13 11:32:30, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain ADMINPC S-1-5-21-952300043-3150022396-3110371314
[2004/07/13 11:32:30, 3] nsswitch/winbindd_rpc.c:trusted_domains(925)
rpc: trusted_domains
С уважением,
Дубровский Вячеслав
Подробная информация о списке рассылки Sisyphus