[Samba] username map change = samba failure

[Dale Schroeder]

Jeremy Allison wrote:
> On Mon, Sep 18, 2006 at 03:59:28PM -0500, Dale Schroeder wrote:
>   
>> Since I haven't gotten any responses from the segfault log I posted 
>> earlier, I will try another approach.  Below is what happens when a 
>> client tries to connect.  Again, this all started after I changed a 
>> username mapping entry from root = DOMAIN\Administrator to root = 
>> @"DOMAIN\Domain Admins".  This is in a security = ADS setup.  wbinfo -u 
>> and -g return the correct information.
>>
>> Dale
>>
>> [2006/09/18 15:42:38, 10] passdb/secrets.c:secrets_named_mutex(778)
>>  secrets_named_mutex: got mutex for replay cache mutex
>> [2006/09/18 15:42:38, 10] 
>> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
>>  ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad 
>>  encryption type
>> [2006/09/18 15:42:38, 10] 
>> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
>>  ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad 
>>  encryption type
>>     
>
> Did you restrict any enc types in your krb5.conf ?
>
> Jeremy.
>   

I knew that I did not make any restrictions, so I checked the conf file 
and all references to enctype are commented out and left as default.
I must point out that I made the same mapping change on a test machine, 
and all went well.  Unfortunately, this is the real thing, and users are 
clamoring for files and printers.
 From the client's perspective, sometimes a login box appears, other 
times it says the network no longer exists.  Also rejoining the domain 
with "net ads join" acts as if the system is totally new to the domain.  
I no longer get wording that indicates the system was already a domain 
member.  Perhaps this is an intentional change?

Thanks for replying.

Dale