Bug 1253217

Summary: Unable to get users from trusted realm via wbinfo -u
Product: Red Hat Enterprise Linux 7 Reporter: Robin Hack <rhack>
Component: sambaAssignee: Andreas Schneider <asn>
Status: CLOSED NOTABUG QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: asn, gdeschner, jarrpa
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-19 06:47:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robin Hack 2015-08-13 09:04:57 UTC 
Description of problem:
Hi. I have windows 2003 (ZELGROUP) bidirect trust to windows 2012 (ZELTRUST).

I join samba to ZELGROUP.

then i call wbinfo -u and i see:
# wbinfo -u
ZELGROUP\guest
ZELGROUP\administrator
ZELGROUP\krbtgt
ZELGROUP\example.com$
...
just no ZELTRUST users...

but then I call id:

# id ZELTRUST\\Administrator
uid=10001(ZELTRUST\administrator) gid=10005(ZELTRUST\domain users) groups=10005(ZELTRUST\domain users),10006(ZELTRUST\denied rodc password replication group),10007(ZELTRUST\schema admins),10008(ZELTRUST\enterprise admins),10009(ZELTRUST\group policy creator owners),10010(ZELTRUST\domain admins)


Version-Release number of selected component (if applicable):
samba-4.2.3-4.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. You need bidirectional trust
2. Join samba to one of trust
3. wbinfo -u
(try to get list of users from both domains)

Actual results:
Only users from joined trust are visible.

Expected results:
Users visible from both trusts.

Additional info:
Comment 6 Robin Hack 2015-08-13 09:19:25 UTC 
My smb.conf:
[global]
#--authconfig--start-line--

# Generated by authconfig on 2015/08/13 10:55:58
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

   workgroup = ZELGROUP
   password server = *
   realm = ZELGROUP.ZEL
   security = ADS
   idmap config * : range = 10000-20000
   template shell = /bin/bash
   kerberos method = secrets only
   winbind use default domain = false
   winbind offline logon = true

#--authconfig--end-line--
log level = 5
idmap config * : range = 10000-20000
;realm = ZELGROUP.ZEL
netbios name = muflon-4
;workgroup = ZELGROUP
;security = ADS
;password server = *
wins server = 10.34.36.16, 
encrypt passwords = yes
Comment 7 Andreas Schneider 2015-08-18 22:26:47 UTC 
wbinfo --domain='*' -u

will enumerate over all domains. This is a change in Samba 4.2 See 

https://bugzilla.samba.org/show_bug.cgi?id=10034
Comment 8 Robin Hack 2015-08-19 06:47:56 UTC 
Hi Andreas!

Thanks. I fixed test. Not a bug at all.