[Samba] Samba ADS-member-server: FQDNs in /etc/hosts

Stefan G. Weichinger lists at xunil.at
Tue Jul 11 15:33:51 UTC 2017

Am 2017-07-11 um 14:57 schrieb Rowland Penny:

>> # smbclient \\\\server\\daten -Usgw%PW
>> session setup failed: NT_STATUS_UNSUCCESSFUL
> Restart all the Samba binaries on the DM
> Then check that the OS knows your user with:
> getent passwd sgw

libnss_winbind was missing!

Now both results are the same

user-names in /etc/passwd ... rmed now

I was 100% sure to have had that fixed. My fault. I AM SORRY.


After several restarts of winbind/smbd/nmbd I now have a better overall
picture, but not fully happy.

One user gets displayed as "administrator" in smbstatus although he is
named differently. Other users on other PCs are mapped correctly and
files are created correctly (= get correct owner and group in linux fs).

For the PC with the problematic issue I see on the DC:

Jul 11 17:16:25 pre01svdeb02 samba[4657]: [2017/07/11 17:16:25.913628,
Jul 11 17:16:25 pre01svdeb02 samba[4657]:   Failed to modify SPNs on
CN=PC-2016-03,OU=secret-Computer,DC=secret,DC=at: acl: spn validation
failed for spn[TERMSRV/PC-2016-03.secret.at] uac[0x1000]
account[PC-2016-03$] hostname[PC-2016-03.BUERO] nbname[BUERO]
ntds[(null)] forest[secret.at] domain[secret.at]

Could that be related?

On another PC that user works correctly.

We try a rejoin now ...

Everything else *seems* to look good now ...

More information about the samba mailing list