[Samba] Repost: Cached credentials not working

John H Terpstra jht at samba.org
Fri Dec 19 09:15:40 GMT 2003 

Roel,

To the best of my knowledge, Samba does not trigger the Win XPP Caching of
domain logon credentials.

- John T.

On Fri, 19 Dec 2003, Roel van Os wrote:

> Hello all,
>
> I'm setting up a domain using Samba 3.0 as PDC, with WinXP clients. One
> of these clients is a laptop, which should be able to use cached
> profiles of the domain users. Online logon is working fine, however when
> the domain server is not available it cannot logon, whereas it should be
> able to use cached credentials to access the cached profile. Windows
> says it cannot log on because the domain is unavailable.
>
> The policy setting controlling the number of cached credentials is set
> to 10 (which is the default), so that shouldn't be the problem.
>
> I'm using Windows XP with the latest updates, and Samba 3.0 on a fresh
> installation of Debian unstable. I've also tested Windows 2000 as a
> client: same problem. I've tested Windows NT Server as a domain
> controller: it works fine, so the problem appears to be something
> samba-related.
>
>
> I don't know if it's related, but the following message keeps appearing
> in the logs when I log off a domain user:
>
> get_domain_user_groups: primary gid of user [roel] is not a Domain group
> get_domain_user_groups: You should fix it, NT doesn't like that
>
> The UNIX user roel is a member of users (gid 100), and I've set up the
> group mapping as follows (using net groupmap):
>
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Users (S-1-5-21-3779735966-2028519041-1045582398-513) -> users
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Admins (S-1-5-21-3779735966-2028519041-1045582398-512) -> ntadmin
> Domain Guests (S-1-5-21-3779735966-2028519041-1045582398-514) -> nogroup
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> users
>
> Can anyone help me with these problems? I've searched the archives and
> the web, and found no indication that anyone is having similar problems.
>
> Thanks in advance,
> Roel van Os.
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list