[Samba] username map change = samba failure [Working Again]
Dale Schroeder
dale at BriannasSaladDressing.com
Tue Sep 19 21:09:04 GMT 2006
I essentially gave up and tried the old mapping. I had to rejoin the
domain and reboot the system and clients, but it works.
However, I have one more question concerning this AD setup. During the
course of this exercise, I noticed that "getent passwd" does not show a
new user, and "getent group" shows old group membership. "wbinfo -u"
correctly shows all domain members, including the new user. I cannot
chown the new users home directory to user:"Domain Users". It returns
as invalid user. Some things are obviously not being updated or pulled
from the AD server, but others are. Where do I look for the error?
Thanks,
Dale
Jeremy Allison wrote:
> On Mon, Sep 18, 2006 at 03:59:28PM -0500, Dale Schroeder wrote:
>
>> Since I haven't gotten any responses from the segfault log I posted
>> earlier, I will try another approach. Below is what happens when a
>> client tries to connect. Again, this all started after I changed a
>> username mapping entry from root = DOMAIN\Administrator to root =
>> @"DOMAIN\Domain Admins". This is in a security = ADS setup. wbinfo -u
>> and -g return the correct information.
>>
>> Dale
>>
>> [2006/09/18 15:42:38, 10] passdb/secrets.c:secrets_named_mutex(778)
>> secrets_named_mutex: got mutex for replay cache mutex
>> [2006/09/18 15:42:38, 10]
>> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
>> ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad
>> encryption type
>> [2006/09/18 15:42:38, 10]
>> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
>> ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad
>> encryption type
>>
>
> Did you restrict any enc types in your krb5.conf ?
>
> Jeremy.
>
More information about the samba
mailing list