Bug 8282 - AD add user to group: Unable to find users upon LDAP query
AD add user to group: Unable to find users upon LDAP query
Status: RESOLVED INVALID
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
unspecified
x64 Windows 2008 R2
: P5 normal
: ---
Assigned To: Andrew Bartlett
samba4-qa@samba.org
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-07-01 20:59 UTC by Jan Staal
Modified: 2012-03-27 14:46 UTC (History)
2 users (show)

See Also:


Attachments
Exact point where the message is produced (388.57 KB, image/png)
2011-07-01 20:59 UTC, Jan Staal
no flags Details
Sharing permission peculiarity, (maybe a clue?) (397.28 KB, image/png)
2011-07-01 21:23 UTC, Jan Staal
no flags Details
PCAP network dump of the error query (21.19 KB, application/octet-stream)
2011-07-02 09:30 UTC, Jan Staal
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Staal 2011-07-01 20:59:30 UTC
Created attachment 6661 [details]
Exact point where the message is produced

System 1: Debian - Samba 4 - domain controller
System 2: WIndows- 2008 R2 - domain controller

Two-way trust relationship established. 

Using Windows Remote Server admnistration tools and windows Active Directory.

The authentication is working in the windows direction. 
I'm able to add the administrator user from the samba domain into the Admnistrator group of the windows domain, after which I have full persions on the windows domain. 

When I try to add the administrator user of the samba domain to the Administrators group of the windows domain, I can select the user, but upon confirmation the follwoig message is displayed:

The specified user was not found. If the user exists on another Acie Directory Doain Controller in the enterprise, it make take 15 minutes or more for the user to be replicated to the global catalog.

I have inspected the log which is attached.

In the screenshot the message is displayed with the exact situation where I try to confirm a user add. Clicking ok causes a specific block of debug code in the log, from which I have attached a singe block.

I have also analysed the traffic with wireshark, which indicates:

Everythime I click apply for the user add, it generates a LDAP request to the samaba domain controller port 389 which is then responded, by the domain controller. so this communucation is observed. 

installation of samba 4 is clean install of Alpha 16 (06-30-2011)



.....
.....  LOG 
.....
  ldb: ldb_trace_next_request: (extended_dn_out_ldb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (show_deleted)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> (metadata partition)
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (operational)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (rdn_name)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (extended_dn_out_ldb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (show_deleted)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (password_hash)->modify
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (operational)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (rdn_name)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (extended_dn_out_ldb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (show_deleted)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> (metadata partition)
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: password_hash_modify

[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (instancetype)->modify
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: instancetype_mod

[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (objectclass_attrs)->modify
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: objectclass_attrs_modify

[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (rdn_name)->modify
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->modify
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: replmd_modify

[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (extended_dn_out_ldb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (show_deleted)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> (metadata partition)
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_request: EXTENDED
   oid: 1.3.6.1.4.1.7165.4.4.3
   data: yes
   control: <NONE>

[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_request: (rootdse)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (lazy_commit)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (acl)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (samldb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (schema_load)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> CN=Schema,CN=Configuration,DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> CN=Configuration,DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> CN=Schema,CN=Configuration,DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> CN=Configuration,DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  6] ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:636(replmd_replPropertyMetaDataCtr1_sort)
  Sorting rpmd with attid exception 3 rDN=CN DN=CN=Administrators,CN=Builtin,DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (extended_dn_out_ldb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (show_deleted)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_request() -> (metadata partition)
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (extended_dn_out_ldb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (show_deleted)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->extended
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->search
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: cancel ldb transaction (nesting: 0)
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_request: (schema_load)->del_transaction
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (repl_meta_data)->del_transaction
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (linked_attributes)->del_transaction
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (partition)->del_transaction
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_del_trans() -> CN=Schema,CN=Configuration,DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->del_transaction
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_del_trans() -> CN=Configuration,DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->del_transaction
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_del_trans() -> DC=linux,DC=janstaal,DC=com
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->del_transaction
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: partition_del_trans() -> (metadata partition)
[2011/07/01 22:31:58,  5] ../source4/lib/ldb-samba/ldb_wrap.c:68(ldb_wrap_debug)
  ldb: ldb_trace_next_request: (tdb)->del_transaction
Comment 1 Jan Staal 2011-07-01 21:23:08 UTC
Created attachment 6662 [details]
Sharing permission peculiarity, (maybe a clue?)

Also when trying to share folders and give permissions fom within windows it seems that the Windows Active Directory service is not availible to the linux domain for granting rights. (this may however be a pollicy issue)
Comment 2 Jan Staal 2011-07-02 08:20:56 UTC
I see I made a mistake in my description, 

this paragraph:
When I try to add the administrator user of the samba domain to the
Administrators group of the windows domain, I can select the user, but upon
confirmation the follwoig message is displayed:

should be:
When I try to add the administrator user of the windows domain to the
Administrators group of the samba domain, I can select the user, but upon
confirmation the follwoig message is displayed:

See sreenshot. This procedure thus works the other way around...

Possible suggestions I have been thinking of:

Inmap ? (samba 4 doesnt seem to accept idmap accoc and backend parameters)

Windbind or WINS??? I'm not sure how to debug this further. Any hints would be appreciated.
Comment 3 Jan Staal 2011-07-02 09:30:52 UTC
Created attachment 6663 [details]
PCAP network dump of the error query
Comment 4 Jan Staal 2011-07-02 09:40:12 UTC
In the network dump the IP addres map is:

-----------------------------------------------------------------------------
DC01.linux.janstaal.com = 192.168.137.65  Samba 4 PDC
VM01.linux.janstaal.com = 192.168.137.120 Windows 7 Client (Remote Admin tools)

                     === TWO WAY TRUST ===

ThinkPad.notebook.janstaal.com = 192.168.1.77 or 192.168.137.1
                                 Windows server 2008 R2 PDC 
------------------------------------------------------------------------------
Comment 5 Jan Staal 2011-07-02 10:57:38 UTC
Checked net rpc trusdom list:


Trusted domains list:

NOTEBOOK            S-1-5-21-1384411707-2710940644-2322260587

Trusting domains list:

NOTEBOOK            S-1-5-21-1384411707-2710940644-2322260587
root@DC01:/usr/local/samba/bin#
Comment 6 Andrew Bartlett 2011-07-02 11:13:41 UTC
Any support for trusted domains in Samba 4.0 AD server is preliminary and incomplete.  As such, this is simply not expected to work.

Samba 4.0 can join an existing single AD domain, or Windows servers can join us, but trusted domains are not supported.  (some of the establishment RPCs work, as does some of the KDC, but it is not a complete environment).  

Trusted domain support will not be in the Samba 4.0 release.

I'll have to mark this as resolved/later unless you reproduce it without the trusted domains.  

Sorry,
Comment 7 Jan Staal 2011-07-02 12:24:51 UTC
Thank you Andrew for the quick response.

I understand that this functionallity is not fully implemented yet.

Do you have any insight wheter this configuration might work in samba 3.6 if I would implement a LDAP backend and do the appropriate idmap winbind settings?

Or maybe as third options. Could I create a secondary (replicating) samba DC of the windows domain and create a bridge somehow between the samba (windows domain) DC and the samba (linux domain) DC?
Comment 8 Jan Staal 2011-07-02 12:41:42 UTC
One last thougth:

Is it possible to manually add the user (mapping) or user to the group by using the net command?

I tried using this command and received the following back:

root@DC01:/usr/local/samba/bin# ./net rpc group addmem Administrators administrator@NOTEBOOK.JANSTAAL.COM
Ignoring unknown parameter "server role"
Enter root's password:
Could not lookup up group member administrator@NOTEBOOK.JANSTAAL.COM
Could not add administrator@NOTEBOOK.JANSTAAL.COM to Administrators: NT_STATUS_NONE_MAPPED
root@DC01:/usr/local/samba/bin#

It seems like if I could only resolve this user mapping, that the problem could be solved...
Comment 9 Matthias Dieter Wallnöfer 2011-09-14 10:44:52 UTC
Jan, did you already get an answer on this questions? In future it would be better to ask on samba-technical@samba.org (or also samba@samba.org) where far more people have an opportunity to read and think about them.
Comment 10 Jan Staal 2011-09-15 10:44:46 UTC
Hi Matthias,

Sorry, but I didn't manage to resolve the issue.
I've tried asking the question the IRC channel samba-technical, without success.

For now I switched back to a Win NT-DC, but I'm interrested to hear about new opportunities / developments.

Thanks for the advice.

Best regards,

Jan
Comment 11 Matthias Dieter Wallnöfer 2011-09-16 10:45:39 UTC
Hi Jan,

much better for such difficult questions are the mailing lists, not IRC (the readers are able to reflect better). Please retry to post them there.

Thanks,
Matthias Wallnöfer
Comment 12 Matthias Dieter Wallnöfer 2011-10-11 07:12:47 UTC
We managed to do some improvements in the area of Global Catalog and multi-domain support. So please retest!
Comment 13 Jan Staal 2011-10-11 18:41:25 UTC
Hi,

Sounds promissing. As I recall it was exactly the linux implementation of the global catalog which was missing. Will give it a try when my freshly ordered hardware arrives. 

Regards,

Jan
Comment 14 Matthias Dieter Wallnöfer 2012-03-15 09:05:18 UTC
Please retry, otherwise I have to mark this as INVALID.
Comment 15 Matthias Dieter Wallnöfer 2012-03-27 14:46:17 UTC
Marking it as "INVALID" at least for now. If problem persists, please reopen.