[Bug 220844] [NEW] wbinfo fails to enumerate users and groups

[spencer]

Public bug reported:

Binary package hint: winbind

Running off the Ubuntu 8.04 Beta livecd and when installed to the local
computer, I try to join the computer to an existing Windows Server 2003
Active Directory using Kerberos, Winbind, and Samba. I discovered
errors, so I tested the same steps against a Debian stable server, a
server that had no problems joining the domain. Here are the exact steps
I took:

$ sudo su
# gedit /etc/hosts
[here are the contents of the file:
	127.0.0.1 localhost
	127.0.1.1 ubuntu
	127.0.0.1 ubuntu.domainname localhost ubuntu
	::1     ip6-localhost ip6-loopback
	fe00::0 ip6-localnet
	ff00::0 ip6-mcastprefix
	ff02::1 ip6-allnodes
	ff02::2 ip6-allrouters
	ff02::3 ip6-allhosts
]
# cat /etc/resolv.conf
[here are the contents of the file:
	search domainname
	nameserver 192.168.1.2
]
# apt-get install samba smbclient winbind krb5-doc krb5-user krb5-config
[ installs these versions:
	samba: 3.0.28a-1ubuntu4
	smbclient: 3.0.28a-1ubuntu4
	winbind: 3.0.28a-1ubuntu4
	krb5-doc: 1.6.dfsg.3~beta1-2ubuntu1
	krb5-user: 1.6.dfsg.3~beta1-2ubuntu1
	krb5-config: 1.17
]
# sudo gedit /etc/krb5.conf
[here are the contents of the file:
	[libdefaults]
		default_realm = DOMAINNAME

	[realms]
		DOMAINNAME = {
			kdc = adserver
			admin_server = adserver
		}

	[domain_realm]
		.domainname = DOMAINNAME
		domainname = DOMAINNAME
]
# kinit Administrator
# klist
# kdestroy
# apt-get install ntpdate
[installs these versions:
	ntpdate: 1:4.2.4p4+dfsg-3ubuntu2
]
# gedit /etc/default/ntpdate
[here are the contents of the file:
	NTPDATE_USE_NTP_CONF=yes
	NTPSERVERS="adserver"
	NTPOPTIONS="-u"
]
# gedit /etc/samba/smb.conf
[here are the contents of the file:
	[global]
		security =			ads
		password server =		adserver
		encrypt passwords =		yes
		workgroup =			DOMAINNAME
		realm =				DOMAINNAME
		netbios name =			ubuntu
		idmap uid =			10000 - 20000
		idmap gid =			10000 - 20000
		winbind enum users =		yes
		winbind enum groups =		yes
		winbind use default domain =	yes
]
# /etc/init.d/winbind stop
# /etc/init.d/samba restart
# /etc/init.d/winbind start
# kinit Administrator
# klist
[returns this information:
	Ticket cache: FILE:/tmp/krb5cc_999
	Default principal: Administrator at DOMAINNAME

	Valid starting     Expires            Service principal
	04/23/08 00:47:19  04/23/08 10:47:23  krbtgt/DOMAINNAME at DOMAINNAME
	renew until 04/24/08 00:47:19


	Kerberos 4 ticket cache: /tmp/tkt999
	klist: You have no tickets cached
]
# net ads join -U Administrator
[returns this information:
	Administrator's password: 
	Using short domain name -- DOMAINNAME
	Joined 'UBUNTU' to realm 'DOMAINNAME'
]
# wbinfo -u
[returns this information:
	Error looking up domain users
]
# wbinfo -g
[returns this information:
	Error looking up domain groups
]
# wbinfo -a Administrator
[returns this information: (sic)
	plaintext password authentication failed
	error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
	error messsage was: No such user
	Could not authenticate user Administrator with plaintext password
	challenge/response password authentication failed
	error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
	error messsage was: Invalid handle
	Could not authenticate user Administrator with challenge/response
]

getent passwd contains only local users, not remote users.

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
wbinfo fails to enumerate users and groups
https://bugs.launchpad.net/bugs/220844
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.