Synopsis: ====== A GroupMemberList request to an Win2003 SP1 server running Active Directory completes prematurely, resulting in an incomplete list of members. For a particular group with 3,659 users, the samba net(8) command returns only 3,119 users. Background. ======== A Win2k3 SP1 proxy server was replaced with a SLES9 SP3 proxy server server. A perl script was ported that made the following call Win32::NetAdmin::GroupGetMembers($dc, $grp, \@users) or print Win32::FormatMessage( Win32::NetAdmin::GetError() ); to retrieve all users of a given group ($grp) This call was replaced with the following:- open FH, "/usr/bin/net rap -S $server groupmember list \"$grp\" -U$account%$password|"; @users=<FH>; close(FH); Using the samba net(8) subcommand that makes a NetGroupGetUsers() call to achieve the desired functionality. For most groups, this works fine. Specific Problem: =========== For a group with 3,659 users (as retrieved by the Win32::NetAdmin::groupGetMembers call above) the net(8) command (verified from a bash shell) returns only 3,119 users with a return code 234 ( interpreted as "ERRmoredata" by samba). Software details: =========== davida@avonbeg:~> rpm -q samba samba-3.0.20b-3.4 davida@avonbeg:~> uname -r 2.6.5-7.252-smp Possible code problem: ====================== In source/libsamba/clirap2.c (has not changed in recent samba versions including current 3.0 subversion tree) The ERRmoredata result is expected as seen below, but I could not see any logic to retrieve the extra data. ... } if (rdata) { if (res == 0 || res == ERRmoredata) { int i, count; fstring username; p = rparam + WORDSIZE + WORDSIZE; GETWORD(p, count); for (i=0,p=rdata; i<count; i++) { GETSTRINGF(p, username, RAP_USERNAME_LEN); fn(username, state); } ... Debug Log details: ============ I don't want to supply a complete unedited log as there is information about our internal network that I am sure the security section would need to clear before I provide it. The following gives some information, including the error code. Please let me know if there needs to be more info. Using the -d 10 debugging level on the command, the following (edited) log was produced [2006/04/24 14:49:55, 5] lib/debug.c:debug_dump_status(368) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 [2006/04/24 14:49:55, 3] param/loadparm.c:lp_load(4202) lp_load: refreshing parameters [2006/04/24 14:49:55, 3] param/loadparm.c:init_globals(1388) Initialising global parameters [2006/04/24 14:49:55, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2006/04/24 14:49:55, 3] param/loadparm.c:do_section(3664) Processing section "[global]" doing parameter interfaces = eth0 doing parameter server string = AVONBEG doing parameter winbind separator = + doing parameter winbind cache time = 10 doing parameter workgroup = CORP doing parameter password server = 192.168.1.5 doing parameter security = domain doing parameter winbind uid = 10000-20000 doing parameter winbind gid = 10000-20000 doing parameter winbind use default domain = yes doing parameter log level = 3 [2006/04/24 14:49:55, 4] param/loadparm.c:lp_load(4233) pm_process() returned Yes [2006/04/24 14:49:55, 7] param/loadparm.c:lp_servicenumber(4346) lp_servicenumber: couldn't find homes [2006/04/24 14:49:55, 10] param/loadparm.c:set_server_role(4151) set_server_role: role = ROLE_DOMAIN_MEMBER [2006/04/24 14:49:55, 5] lib/iconv.c:smb_register_charset(103) ... (Deleted libiconv stuff) Netbios name list:- my_netbios_names[0]="AVONBEG" [2006/04/24 14:49:55, 2] lib/interface.c:add_interface(81) added interface ip=192.168.1.15 192.168.1.255 nmask=255.255.255.0 [2006/04/24 14:49:55, 10] libsmb/namequery.c:internal_resolve_name(1028) internal_resolve_name: looking up jackaroo#20 [2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lib/samba/gencache.tdb [2006/04/24 14:49:55, 5] tdb/tdbutil.c:tdb_log(767) tdb(unnamed): tdb_open_ex: could not open file /var/lib/samba/gencache.tdb: Perm ission denied [2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(70) Attempt to open gencache.tdb has failed. [2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name jackaroo<0x20> [2006/04/24 14:49:55, 4] libsmb/namequery.c:getlmhostsent(606) getlmhostsent: lmhost entry: 127.0.0.1 localhost [2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name jackaroo<0x20> [2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name jackaroo<0x20> [2006/04/24 14:49:55, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lib/samba/gencache.tdb [2006/04/24 14:49:55, 5] tdb/tdbutil.c:tdb_log(767) tdb(unnamed): tdb_open_ex: could not open file /var/lib/samba/gencache.tdb: Perm ission denied [2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(70) Attempt to open gencache.tdb has failed. [2006/04/24 14:49:55, 10] libsmb/namequery.c:internal_resolve_name(1145) internal_resolve_name: returning 1 addresses: 192.168.1.5:0 [2006/04/24 14:49:58, 3] libsmb/cliconnect.c:cli_start_connection(1407) Connecting to host=jackaroo [2006/04/24 14:49:58, 3] lib/util_sock.c:open_socket_out(867) Connecting to 192.168.1.5 at port 445 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_KEEPALIVE = 0 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_REUSEADDR = 0 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_BROADCAST = 0 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_NODELAY = 1 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPCNT = 9 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPIDLE = 7200 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPINTVL = 75 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_LOWDELAY = 0 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_THROUGHPUT = 0 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDBUF = 16384 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVBUF = 87380 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDLOWAT = 1 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVLOWAT = 1 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDTIMEO = 0 [2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVTIMEO = 0 [2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(132) write_socket(3,183) [2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(135) write_socket(3,183) wrote 183 [2006/04/24 14:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 182 [2006/04/24 14:49:58, 5] lib/util.c:show_msg(454) [2006/04/24 14:49:58, 5] lib/util.c:show_msg(464) size=182 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55297 smb_tid=0 smb_pid=27047 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 499 (0x1F3) smb_vwv[11]=56192 (0xDB80) smb_vwv[12]=41059 (0xA063) smb_vwv[13]=23177 (0x5A89) smb_vwv[14]=50791 (0xC667) smb_vwv[15]=43009 (0xA801) smb_vwv[16]= 253 (0xFD) smb_bcc=113 ...[Deleted listing showing retrieval of thousands of accounts - more details available if required] [1F0] 00 00 00 00 00 00 00 00 63 61 72 64 64 65 00 00 ........ cardde.. [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 5 [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 5: got good SMB signature of [2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053) [000] E3 D3 C1 14 07 92 81 68 .......h [2006/04/24 14:49:58, 5] lib/util.c:show_msg(454) [2006/04/24 14:49:58, 5] lib/util.c:show_msg(464) size=15427 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=4102 smb_pid=27047 smb_uid=8194 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65499 (0xFFDB) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 8 (0x8) smb_vwv[ 6]=15371 (0x3C0B) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]=50128 (0xC3D0) smb_vwv[ 9]= 0 (0x0) smb_bcc=15372 [2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053) [000] 00 65 69 68 75 69 00 00 00 00 00 00 00 00 00 00 .eihui.. ........ ... [1F0] 00 00 00 00 00 00 00 00 63 61 72 64 64 65 00 00 ........ cardde.. [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556) cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 5, send_seq_num = 4 data->send_se q_num = 6 [2006/04/24 14:49:58, 1] libsmb/clirap2.c:cli_NetGroupGetUsers(538) NetGroupGetUsers gave error 234 [2006/04/24 14:49:58, 10] intl/lang_tdb.c:lang_tdb_init(135) lang_tdb_init: /usr/lib64/samba/en_US.UTF-8.msg: No such file or directory [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 6 [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340) client_sign_outgoing_message: sent SMB signature of [2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053) [000] 4C AC DD FA D4 C5 A1 8E L....... [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:store_sequence_for_reply(74) store_sequence_for_reply: stored seq = 7 mid = 6 [2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(132) write_socket(3,39) [2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(135) write_socket(3,39) wrote 39 [2006/04/24 14:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 35 [2006/04/24 14:49:58, 5] lib/util.c:show_msg(454) [2006/04/24 14:49:58, 5] lib/util.c:show_msg(464) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=4102 smb_pid=27047 smb_uid=8194 smb_mid=6 smt_wct=0 smb_bcc=0 [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:get_sequence_for_reply(87) get_sequence_for_reply: found seq = 7 mid = 6 [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:simple_packet_signature(270) simple_packet_signature: sequence number 7 [2006/04/24 14:49:58, 10] libsmb/smb_signing.c:client_check_incoming_message(416) client_check_incoming_message: seq 7: got good SMB signature of [2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053) [000] 8A E4 A0 17 24 25 55 6D ....$%Um [2006/04/24 14:49:58, 2] utils/net.c:main(873) return code = 234
The rap commands are largely unmaintained, as against Windows you can always use the 'net rpc group members' command that should achieve the same. Can you try that please? I'm closing this with "later", if 'net rpc group members' does not work for you, please re-open, appending logs and a sniff of the traffic to AD. Volker