[Samba] Repost: Cached credentials not working
Roel van Os
roel.van.os at sandbox.nl
Fri Dec 19 08:59:39 GMT 2003
Hello all,
I'm setting up a domain using Samba 3.0 as PDC, with WinXP clients. One
of these clients is a laptop, which should be able to use cached
profiles of the domain users. Online logon is working fine, however when
the domain server is not available it cannot logon, whereas it should be
able to use cached credentials to access the cached profile. Windows
says it cannot log on because the domain is unavailable.
The policy setting controlling the number of cached credentials is set
to 10 (which is the default), so that shouldn't be the problem.
I'm using Windows XP with the latest updates, and Samba 3.0 on a fresh
installation of Debian unstable. I've also tested Windows 2000 as a
client: same problem. I've tested Windows NT Server as a domain
controller: it works fine, so the problem appears to be something
samba-related.
I don't know if it's related, but the following message keeps appearing
in the logs when I log off a domain user:
get_domain_user_groups: primary gid of user [roel] is not a Domain group
get_domain_user_groups: You should fix it, NT doesn't like that
The UNIX user roel is a member of users (gid 100), and I've set up the
group mapping as follows (using net groupmap):
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-3779735966-2028519041-1045582398-513) -> users
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-3779735966-2028519041-1045582398-512) -> ntadmin
Domain Guests (S-1-5-21-3779735966-2028519041-1045582398-514) -> nogroup
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> users
Can anyone help me with these problems? I've searched the archives and
the web, and found no indication that anyone is having similar problems.
Thanks in advance,
Roel van Os.
More information about the samba
mailing list