[Samba] username map change = samba failure [Working Again]

Dale Schroeder dale at BriannasSaladDressing.com
Tue Sep 19 21:09:04 GMT 2006


I essentially gave up and tried the old mapping.  I had to rejoin the 
domain and reboot the system and clients, but it works.

However, I have one more question concerning this AD setup.  During the 
course of this exercise, I noticed that "getent passwd" does not show a 
new user, and "getent group" shows old group membership.  "wbinfo -u" 
correctly shows all domain members, including the new user.  I cannot 
chown the new users home directory to user:"Domain Users".  It returns 
as invalid user.  Some things are obviously not being updated or pulled 
from the AD server, but others are.  Where do I look for the error?

Thanks,
Dale

Jeremy Allison wrote:
> On Mon, Sep 18, 2006 at 03:59:28PM -0500, Dale Schroeder wrote:
>   
>> Since I haven't gotten any responses from the segfault log I posted 
>> earlier, I will try another approach.  Below is what happens when a 
>> client tries to connect.  Again, this all started after I changed a 
>> username mapping entry from root = DOMAIN\Administrator to root = 
>> @"DOMAIN\Domain Admins".  This is in a security = ADS setup.  wbinfo -u 
>> and -g return the correct information.
>>
>> Dale
>>
>> [2006/09/18 15:42:38, 10] passdb/secrets.c:secrets_named_mutex(778)
>>  secrets_named_mutex: got mutex for replay cache mutex
>> [2006/09/18 15:42:38, 10] 
>> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
>>  ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad 
>>  encryption type
>> [2006/09/18 15:42:38, 10] 
>> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
>>  ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad 
>>  encryption type
>>     
>
> Did you restrict any enc types in your krb5.conf ?
>
> Jeremy.
>   


More information about the samba mailing list