Bug 1253217 - Unable to get users from trusted realm via wbinfo -u
Unable to get users from trusted realm via wbinfo -u
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: samba (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Andreas Schneider
qe-baseos-daemons
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-13 05:04 EDT by Robin Hack
Modified: 2015-08-19 02:47 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-19 02:47:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robin Hack 2015-08-13 05:04:57 EDT
Description of problem:
Hi. I have windows 2003 (ZELGROUP) bidirect trust to windows 2012 (ZELTRUST).

I join samba to ZELGROUP.

then i call wbinfo -u and i see:
# wbinfo -u
ZELGROUP\guest
ZELGROUP\administrator
ZELGROUP\krbtgt
ZELGROUP\example.com$
...
just no ZELTRUST users...

but then I call id:

# id ZELTRUST\\Administrator
uid=10001(ZELTRUST\administrator) gid=10005(ZELTRUST\domain users) groups=10005(ZELTRUST\domain users),10006(ZELTRUST\denied rodc password replication group),10007(ZELTRUST\schema admins),10008(ZELTRUST\enterprise admins),10009(ZELTRUST\group policy creator owners),10010(ZELTRUST\domain admins)


Version-Release number of selected component (if applicable):
samba-4.2.3-4.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. You need bidirectional trust
2. Join samba to one of trust
3. wbinfo -u
(try to get list of users from both domains)

Actual results:
Only users from joined trust are visible.

Expected results:
Users visible from both trusts.

Additional info:
Comment 6 Robin Hack 2015-08-13 05:19:25 EDT
My smb.conf:
[global]
#--authconfig--start-line--

# Generated by authconfig on 2015/08/13 10:55:58
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

   workgroup = ZELGROUP
   password server = *
   realm = ZELGROUP.ZEL
   security = ADS
   idmap config * : range = 10000-20000
   template shell = /bin/bash
   kerberos method = secrets only
   winbind use default domain = false
   winbind offline logon = true

#--authconfig--end-line--
log level = 5
idmap config * : range = 10000-20000
;realm = ZELGROUP.ZEL
netbios name = muflon-4
;workgroup = ZELGROUP
;security = ADS
;password server = *
wins server = 10.34.36.16, 
encrypt passwords = yes
Comment 7 Andreas Schneider 2015-08-18 18:26:47 EDT
wbinfo --domain='*' -u

will enumerate over all domains. This is a change in Samba 4.2 See 

https://bugzilla.samba.org/show_bug.cgi?id=10034
Comment 8 Robin Hack 2015-08-19 02:47:56 EDT
Hi Andreas!

Thanks. I fixed test. Not a bug at all.

Note You need to log in before you can comment on or make changes to this bug.