The Samba-Bugzilla – Attachment 15268 Details for
Bug 13598
LDAP simple bind error for users with @ in the samAccountName
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
samba-debug-info.txt
samba-debug-info.txt (text/plain), 11.97 KB, created by
Dinu-Razvan Chis-Serban
on 2019-06-27 12:14:57 UTC
(
hide
)
Description:
samba-debug-info.txt
Filename:
MIME Type:
Creator:
Dinu-Razvan Chis-Serban
Created:
2019-06-27 12:14:57 UTC
Size:
11.97 KB
patch
obsolete
>Collected config --- 2019-06-27-14:59 ----------- > >Hostname: DC3 >DNS Domain: lthddom.lthd.com >FQDN: DC3.lthddom.lthd.com >ipaddress: 172.16.0.101 > >----------- > >Samba is running as an AD DC > >----------- > Checking file: /etc/os-release > >NAME=Fedora >VERSION="30 (Container Image)" >ID=fedora >VERSION_ID=30 >VERSION_CODENAME="" >PLATFORM_ID="platform:f30" >PRETTY_NAME="Fedora 30 (Container Image)" >ANSI_COLOR="0;34" >LOGO=fedora-logo-icon >CPE_NAME="cpe:/o:fedoraproject:fedora:30" >HOME_URL="https://fedoraproject.org/" >DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/" >SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help" >BUG_REPORT_URL="https://bugzilla.redhat.com/" >REDHAT_BUGZILLA_PRODUCT="Fedora" >REDHAT_BUGZILLA_PRODUCT_VERSION=30 >REDHAT_SUPPORT_PRODUCT="Fedora" >REDHAT_SUPPORT_PRODUCT_VERSION=30 >PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy" >VARIANT="Container Image" >VARIANT_ID=container > >----------- > > >This computer is running an unknown distribution x86_64 > >----------- >running command : ip a >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo >44: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default > link/ether 02:42:ac:10:00:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0 > inet 172.16.0.101/16 brd 172.16.255.255 scope global eth0 > >----------- > Checking file: /etc/hosts > ># Do not remove the following line, or various programs ># that require network functionality will fail. >127.0.0.1 localhost > ># The following lines are desirable for IPv6 capable hosts >::1 localhost ip6-localhost ip6-loopback >ff02::1 ip6-allnodes >ff02::2 ip6-allrouters > >172.16.0.71 DC1.lthddom.lthd.com DC1 >172.16.0.72 DC2.lthddom.lthd.com DC2 >172.16.0.101 DC3.lthddom.lthd.com DC3 > >----------- > > Checking file: /etc/resolv.conf > ># Generated by NetworkManager >search lthddom.lthd.com domain.lthd.com dev.lthddom.lthd.com dev.domain.lthd.com lthd.com > >nameserver 172.16.0.101 >nameserver 172.16.0.71 > >----------- > > Checking file: /etc/krb5.conf > >[libdefaults] > default_realm = LTHDDOM.LTHD.COM > dns_lookup_realm = false > dns_lookup_kdc = true > >----------- > > Checking file: /etc/nsswitch.conf > ># ># /etc/nsswitch.conf ># ># An example Name Service Switch config file. This file should be ># sorted with the most-used services at the beginning. ># ># The entry '[NOTFOUND=return]' means that the search for an ># entry should stop if the search in the previous entry turned ># up nothing. Note that if the search failed due to some other reason ># (like no NIS server responding) then the search continues with the ># next entry. ># ># Valid entries include: ># ># nisplus Use NIS+ (NIS version 3) ># nis Use NIS (NIS version 2), also called YP ># dns Use DNS (Domain Name Service) ># files Use the local files ># db Use the local database (.db) files ># compat Use NIS on compat mode ># hesiod Use Hesiod for user lookups ># [NOTFOUND=return] Stop searching if not found so far ># > ># To use db, put the "db" in front of "files" for entries you want to be ># looked up first in the databases ># ># Example: >#passwd: db files nisplus nis >#shadow: db files nisplus nis >#group: db files nisplus nis > >passwd: files winbind systemd >shadow: files >group: files winbind systemd > >#hosts: db files nisplus nis dns >hosts: files dns myhostname > ># Example - obey only what nisplus tells us... >#services: nisplus [NOTFOUND=return] files >#networks: nisplus [NOTFOUND=return] files >#protocols: nisplus [NOTFOUND=return] files >#rpc: nisplus [NOTFOUND=return] files >#ethers: nisplus [NOTFOUND=return] files >#netmasks: nisplus [NOTFOUND=return] files > >bootparams: nisplus [NOTFOUND=return] files > >ethers: files >netmasks: files >networks: files >protocols: files >rpc: files >services: files > >netgroup: nisplus > >publickey: nisplus > >automount: files nisplus >aliases: files nisplus > >----------- > > Checking file: /etc/samba/smb.conf > ># Global parameters >[global] > workgroup = LTHDDOM > realm = LTHDDOM.LTHD.COM > netbios name = DC3 > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = Yes > > tls enabled = Yes > tls keyfile = tls/key.pem > tls certfile = tls/cert.pem > tls cafile = tls/ca.pem > >dsdb:schema update allowed = Yes > > winbind enum users = Yes > winbind enum groups = Yes > > wins support = Yes > > preferred master = Yes > > invalid users = +"smb denyed users" > > vfs objects = acl_xattr dfs_samba4 > map acl inherit = Yes > store dos attributes = Yes > > hide dot files = No > > host msdfs = Yes > > csc policy = disable > > ntlm auth = mschapv2-and-ntlmv2-only > > >[netlogon] > path = /var/lib/samba/sysvol/lthddom.lthd.com/scripts > read only = No > >[sysvol] > path = /var/lib/samba/sysvol > read only = No > >[shares] > path = /var/lib/samba/shares > read only = No > msdfs root = Yes > browsable = No > >----------- > >Detected bind DLZ enabled.. > Checking file: /etc/named.conf > >// >// named.conf >// >// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS >// server as a caching only nameserver (as a localhost DNS resolver only). >// >// See /usr/share/doc/bind*/sample/ for example named configuration files. >// > >options { > listen-on port 53 { any; }; > listen-on-v6 port 53 { any; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > secroots-file "/var/named/data/named.secroots"; > recursing-file "/var/named/data/named.recursing"; > allow-query { any; }; > > forwarders { > 172.16.0.51; > 172.16.0.50; > }; > > /* > - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. > - If you are building a RECURSIVE (caching) DNS server, you need to enable > recursion. > - If your recursive DNS server has a public IP address, you MUST enable access > control to limit queries to your legitimate users. Failing to do so will > cause your server to become part of large scale DNS amplification > attacks. Implementing BCP38 within your network would greatly > reduce such attack surface > */ > recursion yes; > > dnssec-enable yes; > dnssec-validation yes; > dnssec-lookaside auto; > > managed-keys-directory "/var/named/dynamic"; > > pid-file "/run/named/named.pid"; > session-keyfile "/run/named/session.key"; > > /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ > include "/etc/crypto-policies/back-ends/bind.config"; > > auth-nxdomain no; # conform to RFC1035 > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > check-names master ignore; > check-names slave ignore; > check-names response ignore; > > notify yes; > also-notify { 172.16.0.50; 172.16.0.51; 172.16.0.15; }; > allow-transfer { 172.16.0.50; 172.16.0.51; 172.16.0.15; }; > > masterfile-format text; > > notify-source 172.16.0.101; > transfer-source 172.16.0.101; >}; > >logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; >}; > >zone "." IN { > type hint; > file "named.ca"; >}; > >include "/etc/named.rfc1912.zones"; >include "/etc/named.root.key"; > >include "/var/lib/samba/bind-dns/named.conf"; > >include "/etc/rndc.key"; >controls { > inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; >}; > >----------- > >Samba DNS zone list: 4 zone(s) found > > pszZoneName : lthddom.lthd.com > Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.lthddom.lthd.com > > pszZoneName : dev.lthddom.lthd.com > Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.lthddom.lthd.com > > pszZoneName : vpn.lthddom.lthd.com > Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.lthddom.lthd.com > > pszZoneName : _msdcs.lthddom.lthd.com > Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : ForestDnsZones.lthddom.lthd.com > >Samba DNS zone list Automated check : >zone : lthddom.lthd.com ok, no Bind flat-files found >----------- >zone : dev.lthddom.lthd.com ok, no Bind flat-files found >----------- >zone : vpn.lthddom.lthd.com ok, no Bind flat-files found >----------- >zone : _msdcs.lthddom.lthd.com ok, no Bind flat-files found >----------- > >Installed packages: >acl.x86_64 2.2.53-3.fc30 @anaconda >attr.x86_64 2.4.48-5.fc30 @fedora >bind.x86_64 32:9.11.6-5.P1.fc30 @updates >bind-dnssec-utils.x86_64 32:9.11.6-5.P1.fc30 @updates >bind-export-libs.x86_64 32:9.11.6-5.P1.fc30 @updates >bind-libs.x86_64 32:9.11.6-5.P1.fc30 @updates >bind-libs-lite.x86_64 32:9.11.6-5.P1.fc30 @updates >bind-license.noarch 32:9.11.6-5.P1.fc30 @updates >bind-utils.x86_64 32:9.11.6-5.P1.fc30 @updates >bindfs.x86_64 1.14.0-1.fc30 @updates >krb5-libs.x86_64 1.17-14.fc30 @koji-override-0 >krb5-server.x86_64 1.17-14.fc30 @updates >krb5-workstation.x86_64 1.17-14.fc30 @updates >libacl.x86_64 2.2.53-3.fc30 @anaconda >libattr.x86_64 2.4.48-5.fc30 @anaconda >libsmbclient.x86_64 2:4.10.4-1.fc30 @updates >python3-bind.noarch 32:9.11.6-5.P1.fc30 @updates >python3-samba.x86_64 2:4.10.4-1.fc30 @updates >python3-samba-dc.x86_64 2:4.10.4-1.fc30 @updates >samba.x86_64 2:4.10.4-1.fc30 @updates >samba-client.x86_64 2:4.10.4-1.fc30 @updates >samba-client-libs.x86_64 2:4.10.4-1.fc30 @updates >samba-common.noarch 2:4.10.4-1.fc30 @updates >samba-common-libs.x86_64 2:4.10.4-1.fc30 @updates >samba-common-tools.x86_64 2:4.10.4-1.fc30 @updates >samba-dc.x86_64 2:4.10.4-1.fc30 @updates >samba-dc-bind-dlz.x86_64 2:4.10.4-1.fc30 @updates >samba-dc-libs.x86_64 2:4.10.4-1.fc30 @updates >samba-libs.x86_64 2:4.10.4-1.fc30 @updates >samba-winbind.x86_64 2:4.10.4-1.fc30 @updates >samba-winbind-clients.x86_64 2:4.10.4-1.fc30 @updates >samba-winbind-krb5-locator.x86_64 2:4.10.4-1.fc30 @updates >samba-winbind-modules.x86_64 2:4.10.4-1.fc30 @updates > >-----------
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15268">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13598
:
15268
|
15284