only admin idmap cannot resolved any longer
c.vielhauer at me.com
c.vielhauer at me.com
Tue Jan 17 17:00:39 UTC 2017
Hi samba list,
I have no idea what happens, but only the idmapping of my admin user cannot be resolved any longer on my file Server (4.3.11-ubuntu).
Maybe this is the wrong list, but I hope I am right here :-)
Following commands on file Server:
wbinfo -n admin
=>
S-1-5-21-4276986800-2750720779-1919105469-1107 SID_USER (1)
wbinfo -S S-1-5-21-4276986800-2750720779-1919105469-1107
=>
11107
4 drwx------ 33 11107 domain users 4096 Jan 11 19:12 admin
4 drwx------ 13 administrator domain users 4096 Okt 10 2015 administrator
#root at fs:/mnt/user-data/home# smbclient -U admin \\\\fs\\file-exchange
WARNING: The "syslog" option is deprecated
Enter admin's password:
session setup failed: NT_STATUS_UNSUCCESSFUL
In the log I can see the this:
[2017/01/17 17:17:57.806761, 1] ../source3/auth/token_util.c:430(add_local_groups)
SID S-1-5-21-4276986800-2750720779-1919105469-1107 -> getpwuid(11107) failed
[2017/01/17 17:17:57.806946, 1] ../source3/auth/auth_generic.c:127(auth3_generate_session_info_pac)
Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
The admin user logon from file server on the AD Server sysvol Directory works fine:
smbclient -U admin \\\\ad1\\sysvol
Enter admin's password:
Domain=[SCHNIPPERING] OS=[Windows 6.1] Server=[Samba 4.5.2]
smb: \>
On my AD Server (4.5.2 build from source), Proxy (4.3.11-ubuntu) it still works correctly.
Is there a way to clear idmap cache for the idmap 11107 / admin / SID on the file Server, or maybe you have any other Idea?
More information about the samba-technical
mailing list