[Samba] username map change = samba failure

[Dale Schroeder]

Matthew Preskett wrote:
>>> Again, this all started after I changed a 
>>> username mapping entry from root = DOMAIN\Administrator to root = 
>>> @"DOMAIN\Domain Admins".  This is in a security = ADS setup.  wbinfo -u 
>>> and -g return the correct information.
>>>       
>
> 1. Try # getent group
> See what that returns....
>   
It returns the correct information
> 2. Are you using winbind to map users and groups? If so, have you changed the idmap in your smb.conf? 
>   
Yes.       No - idmap backend = idmap_ad
> You might need to clear your 
> /var/cache/samba/winbindd_cache.tdb
>   
No effect
> /var/cache/samba/winbindd_idmap.tdb
> restart winbind and smb 
>   
Broke getent - retrieved local info only.  wbinfo still worked properly.
> 3. What version of Samba are you using, have you updated it?
>   
3.0.23c debs from samba.org.  Upgraded from 3.0.22 a few hours before 
the username mapping change broke it all.
> 4. Try specifying the Domain Admins group in a different way e.g
> "+DOMAIN\Domain Admins"
>   
No effect
> I maybe barking up the wrong tree, i'm quite new to this....
>   
Hey, at least you tried.  I'm getting precious few responses to this 
self-induced disaster.
> Cheers Matt
>   
Thanks for replying.

Dale
> I knew that I did not make any restrictions, so I checked the conf file 
> and all references to enctype are commented out and left as default.
> I must point out that I made the same mapping change on a test machine, 
> and all went well.  Unfortunately, this is the real thing, and users are 
> clamoring for files and printers.
>  From the client's perspective, sometimes a login box appears, other 
> times it says the network no longer exists.  Also rejoining the domain 
> with "net ads join" acts as if the system is totally new to the domain.  
> I no longer get wording that indicates the system was already a domain 
> member.  Perhaps this is an intentional change?
>
> Thanks for replying.
>
> Dale
>