only admin idmap cannot resolved any longer
Rowland Penny
repenny241155 at gmail.com
Tue Jan 17 20:10:50 UTC 2017
On Tue, 17 Jan 2017 18:00:39 +0100
c.vielhauer at me.com wrote:
> Hi samba list,
>
> I have no idea what happens, but only the idmapping of my admin user
> cannot be resolved any longer on my file Server (4.3.11-ubuntu).
>
> Maybe this is the wrong list, but I hope I am right here :-)
>
>
> Following commands on file Server:
> wbinfo -n admin
> =>
> S-1-5-21-4276986800-2750720779-1919105469-1107 SID_USER (1)
>
>
> wbinfo -S S-1-5-21-4276986800-2750720779-1919105469-1107
> =>
> 11107
>
>
> 4 drwx------ 33 11107 domain users 4096 Jan 11 19:12
> admin 4 drwx------ 13 administrator domain users 4096 Okt 10
> 2015 administrator
>
>
> #root at fs:/mnt/user-data/home# smbclient -U admin \\\\fs\\file-exchange
> WARNING: The "syslog" option is deprecated
> Enter admin's password:
> session setup failed: NT_STATUS_UNSUCCESSFUL
>
>
> In the log I can see the this:
> [2017/01/17 17:17:57.806761,
> 1] ../source3/auth/token_util.c:430(add_local_groups) SID
> S-1-5-21-4276986800-2750720779-1919105469-1107 -> getpwuid(11107)
> failed [2017/01/17 17:17:57.806946,
> 1] ../source3/auth/auth_generic.c:127(auth3_generate_session_info_pac)
> Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
>
>
>
> The admin user logon from file server on the AD Server sysvol
> Directory works fine:
>
> smbclient -U admin \\\\ad1\\sysvol
> Enter admin's password:
> Domain=[SCHNIPPERING] OS=[Windows 6.1] Server=[Samba 4.5.2]
> smb: \>
>
>
>
>
> On my AD Server (4.5.2 build from source), Proxy (4.3.11-ubuntu) it
> still works correctly.
>
>
> Is there a way to clear idmap cache for the idmap 11107 / admin /
> SID on the file Server, or maybe you have any other Idea?
>
Can you please post your smb.conf from the 'file server'
Rowland
More information about the samba-technical
mailing list