sysvolsync: "Invalid user" on ADC?

[Franz Sirl]

Hi,

the things you suggested didn't help, but while experimenting I found
this strange solution:

dsfw3:~ # net cache list|grep S-1-5-21-2258703166-369106319-299761499-2500
Key: IDMAP/SID2UID/S-1-5-21-2258703166-369106319-299761499-2500
Timeout: 13:26:36 Value: -1 (expired)
dsfw3:~ # wbinfo --gid-to-sid 1049092
S-1-5-21-2258703166-369106319-299761499-516
dsfw3:~ # wbinfo --sid-to-gid
S-1-5-21-2258703166-369106319-299761499-516
1049092
dsfw3:~ # wbinfo -i "DSFW3$"
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user DSFW3$
dsfw3:~ # wbinfo -i "DSFW2$"
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user DSFW2$
dsfw3:~ # wbinfo -i "DSFW1$"
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user DSFW1$
dsfw3:~ # wbinfo --uid-to-sid 1051679
S-1-5-21-2258703166-369106319-299761499-3003
dsfw3:~ # wbinfo --uid-to-sid 1051176
S-1-5-21-2258703166-369106319-299761499-2500
dsfw3:~ # wbinfo --uid-to-sid 1050186
S-1-5-21-2258703166-369106319-299761499-1510
dsfw3:~ # wbinfo -i "DSFW1$"
dsfw1$:*:1051679:1049092:DSFW1:/home/ADLB/dsfw1_:/bin/bash
dsfw3:~ # wbinfo -i "DSFW2$"
dsfw2$:*:1051176:1049092:DSFW2:/home/ADLB/dsfw2_:/bin/bash
dsfw3:~ # wbinfo -i "DSFW3$"
dsfw3$:*:1050186:1049092:DSFW3:/home/ADLB/dsfw3_:/bin/bash
dsfw3:~ # net cache list|grep 2500
Key: IDMAP/UID2SID/1051176 Timeout: Mon Sep 24 14:53:42 2012
Value: S-1-5-21-2258703166-369106319-299761499-2500
Key: IDMAP/SID2UID/S-1-5-21-2258703166-369106319-299761499-2500
Timeout: Mon Sep 24 14:53:42 2012 Value: 1051176
dsfw3:~ # wbinfo --sid-to-name S-1-5-21-2258703166-369106319-299761499-2500
ADLB\DSFW2$ 1
dsfw3:~ #

So it seems my problem was fixed simply by doing an UID/GID lookup of
the involved DCs. Seemingly that also populated the SID2UID and SID2GID
reverse caches. I repeated this procedure on all 3 involved DCs and now
sysvolsync works fine again.

Now lets see if this is a permanent fix or if the cache times out after
a while again.

BTW, I noticed that the command "wbinfo --dsgetdcname
intern.lauterbach.com" sometimes works and sometimes times out (on any
one of the DCs). Is this normal?

Franz.


Am 2012-09-14 14:56, schrieb hargagan:
>
> I will suggest you to try this on ADC first, which you can do on others
> too :
>
> 1. Take a the backup of the /var/lib/samba/gencache.tdb and
> /var/lib/samba/winbindd_cache.tdb.
> 2. Remove the above to files from /var/lib/samba.
> 3. restart winbind on ADC
>
> Now try the command on ADC
> 4. wbinfo -i 'DSFW2$'
>
> Other thing you can try is :
> 1. dig -t SRV _ldap._tcp.dc._msdcs.intern.lauterbach.com +short
>
> Is it giving all the dcs ? If yes, then try doing forward and reverse
> lookup of the servers and that should work fine.
> If not , then try removing the /etc/opt/novell/named/*.db files and
> restart named. This should fix the problem for the dns lookup.
>
> If nothing works, get in touch with NTS for more help.
>
>