Web lists-archives.com

Re: [Samba] Domain member server: user access

Am 2017-09-26 um 16:19 schrieb L.P.H. van Belle:
> Well, what i can say is.
> The Resolving inconsistant on DC with AD backend. GID 100 and 10000 is only on the DC's. 
> My member servers are all checked now, ( 4.5.8 4.5.14 4.6.5 4.6.7 4.6.8 ) these are consistant. 
> The sort solution is, run on the DC: 
> net cache flush
> And check again for example with getent passwd username or id username 
> And dont touch the DC, after an upgrade, again run : net cache flush

this leads to:

DC # getent group "Domain Users" | awk -F ':' '{print $3}'

which is correct/better, I assume?

> And besides that, keep an eye on the list. 
> The members are safe, ive checked 4.5.8 4.5.12 4.5.14 4.6.5 4.6.7 4.6.8 
> ( original debian and my packages ) 
> So back to your problem, user access. 
> Are you still getting/seeing these :  
>   Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL) 
> Or   Failed to generate session_info (user and group token) for session

For now with the newly created user we have no more problem accessing
the shares. In the logfile for the new Windows PC I don't find these
messages today.

// Please note that (a) the admin there is away for today and (b) I'm
sick with a hefty cold so I am not really in the shape to do any
meaningful work. Maybe tomorrow more of that.

Thanks so far, Stefan

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba