Web lists-archives.com

Re: [Samba] Domain member server: user access




Am 2017-09-26 um 16:19 schrieb L.P.H. van Belle:
> Well, what i can say is.
> 
> The Resolving inconsistant on DC with AD backend. GID 100 and 10000 is only on the DC's. 
> My member servers are all checked now, ( 4.5.8 4.5.14 4.6.5 4.6.7 4.6.8 ) these are consistant. 
> 
> The sort solution is, run on the DC: 
> net cache flush
> 
> And check again for example with getent passwd username or id username 
> And dont touch the DC, after an upgrade, again run : net cache flush

this leads to:

DC # getent group "Domain Users" | awk -F ':' '{print $3}'
10513

which is correct/better, I assume?

> And besides that, keep an eye on the list. 
> The members are safe, ive checked 4.5.8 4.5.12 4.5.14 4.6.5 4.6.7 4.6.8 
> ( original debian and my packages ) 
> 
> So back to your problem, user access. 
> 
> Are you still getting/seeing these :  
>   Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL) 
> Or   Failed to generate session_info (user and group token) for session
> setup: NT_STATUS_ACCESS_DENIED 

For now with the newly created user we have no more problem accessing
the shares. In the logfile for the new Windows PC I don't find these
messages today.

// Please note that (a) the admin there is away for today and (b) I'm
sick with a hefty cold so I am not really in the shape to do any
meaningful work. Maybe tomorrow more of that.

Thanks so far, Stefan

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba