[Samba] adding samba4 member to samba4 domain

Christian Huldt christian at solvare.se
Sun Aug 25 06:42:36 MDT 2013 

I'm having some problems I don't quite understand adding a samba4 member
to a samba4 domain. The member joins without problems, but no one can login.

I'm guessing it might be an idmap problem (well, see below for more
details) - the login server is  several times updated, and started using
alpha16 I think, but does not have any idmap backend configuration at all...
Could I add that, or would I be better off to vampire (or what the
current term is) the domain to a new server?

It seems the problem is somewhere around this (I tried to narrow it down...)

wbinfo -u
lists all users, but
wbinfo -i cht
returns failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND

log.winbindd contains a lot of lines like this:
> [2013/08/25 14:29:58.711728,  3] ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>   getpwnam cht
> [2013/08/25 14:29:58.711953,  5] ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>   Could not convert sid S-1-5-21-466883475-2610210983-3635716683-1109: NT_STATUS_NONE_MAPPED



Below is the log from smbd when trying to login

> [2013/08/25 14:24:49.477867,  5] ../auth/gensec/gensec_start.c:647(gensec_start_mech)
>   Starting GENSEC submechanism gse_krb5
> [2013/08/25 14:24:49.708516,  4] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2013/08/25 14:24:49.709158,  3] ../auth/kerberos/kerberos_pac.c:386(kerberos_decode_pac)
>   Found account name from PAC: cht [Christian Huldt]
> [2013/08/25 14:24:49.709254,  3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
>   Kerberos ticket principal name is [cht at ARKITEKT.MSG83]
> [2013/08/25 14:24:49.709332,  5] ../source3/lib/username.c:181(Get_Pwnam_alloc)
>   Finding user ARKITEKT\cht
> [2013/08/25 14:24:49.709380,  5] ../source3/lib/username.c:120(Get_Pwnam_internals)
>   Trying _Get_Pwnam(), username as lowercase is arkitekt\cht
> [2013/08/25 14:24:49.711047,  5] ../source3/lib/username.c:128(Get_Pwnam_internals)
>   Trying _Get_Pwnam(), username as given is ARKITEKT\cht
> [2013/08/25 14:24:49.711741,  5] ../source3/lib/username.c:141(Get_Pwnam_internals)
>   Trying _Get_Pwnam(), username as uppercase is ARKITEKT\CHT
> [2013/08/25 14:24:49.712416,  5] ../source3/lib/username.c:153(Get_Pwnam_internals)
>   Checking combinations of 0 uppercase letters in arkitekt\cht
> [2013/08/25 14:24:49.712480,  5] ../source3/lib/username.c:159(Get_Pwnam_internals)
>   Get_Pwnam_internals didn't find user [ARKITEKT\cht]!
> [2013/08/25 14:24:49.712528,  5] ../source3/lib/username.c:181(Get_Pwnam_alloc)
>   Finding user cht
> [2013/08/25 14:24:49.712571,  5] ../source3/lib/username.c:120(Get_Pwnam_internals)
>   Trying _Get_Pwnam(), username as lowercase is cht
> [2013/08/25 14:24:49.713126,  5] ../source3/lib/username.c:141(Get_Pwnam_internals)
>   Trying _Get_Pwnam(), username as uppercase is CHT
> [2013/08/25 14:24:49.713820,  5] ../source3/lib/username.c:153(Get_Pwnam_internals)
>   Checking combinations of 0 uppercase letters in cht
> [2013/08/25 14:24:49.713909,  5] ../source3/lib/username.c:159(Get_Pwnam_internals)
>   Get_Pwnam_internals didn't find user [cht]!
> [2013/08/25 14:24:49.714155,  1] ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
>   Username ARKITEKT\cht is invalid on this system
> [2013/08/25 14:24:49.714246,  1] ../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
>   Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)

More information about the samba mailing list