[Samba] Samba ADS-member-server: FQDNs in /etc/hosts

Stefan G. Weichinger lists at xunil.at
Tue Jul 11 16:34:35 UTC 2017


Am 2017-07-11 um 17:59 schrieb Rowland Penny:

>> One user gets displayed as "administrator" in smbstatus although he is
>> named differently. Other users on other PCs are mapped correctly and
>> files are created correctly (= get correct owner and group in linux
>> fs).
>>
>> For the PC with the problematic issue I see on the DC:
>>
>> Jul 11 17:16:25 pre01svdeb02 samba[4657]: [2017/07/11 17:16:25.913628,
>> 0]
>> ../source4/rpc_server/drsuapi/writespn.c:235(dcesrv_drsuapi_DsWriteAccountSpn)
>> Jul 11 17:16:25 pre01svdeb02 samba[4657]:   Failed to modify SPNs on
>> CN=PC-2016-03,OU=secret-Computer,DC=secret,DC=at: acl: spn validation
>> failed for spn[TERMSRV/PC-2016-03.secret.at] uac[0x1000]
>> account[PC-2016-03$] hostname[PC-2016-03.BUERO] nbname[BUERO]
>> ntds[(null)] forest[secret.at] domain[secret.at]
>>
>> Could that be related?
>>
>> On another PC that user works correctly.
>>
>> We try a rejoin now ...
>>
>> Everything else *seems* to look good now ...
> 
> Try running 'net cache flush'

did that on both DC and DM, no change so far.

I assume this is rather cosmetic for now and a small issue compared to
the other things before. Right now people can access stuff and smbstatus
looks good to me. We will see tmrw morning how things proceed.

@Rowland: thanks a lot once again.

I am sorry for my stupid mistakes ...

tmrw issues on my list:

* some GPO-issues:

# samba-tool dbcheck
Checking 445 objects
NOTE: old (due to rename or delete) DN string component for
lastKnownParent in object
CN=User\0ADEL:c5644e95-616a-4897-bea7-45c909d93dc2,CN=Deleted
Objects,DC=secret,DC=at -
<GUID=f1278d7d-87c4-47b7-adf5-663d457026db>;CN={B21C7A4C-E611-460F-BC81-1BBDEC8C9053},CN=Policies,CN=System,DC=secret,DC=at
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for
lastKnownParent in object
CN=Machine\0ADEL:3eccdc20-3d40-4c3d-a0fe-b5fa4dcc2c3c,CN=Deleted
Objects,DC=secret,DC=at -
<GUID=63de1753-994f-466a-9dd1-9dcf90910ffd>;CN={479204EF-EF2E-4C1B-9E3E-1B50149D578B},CN=Policies,CN=System,DC=secret,DC=at
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for
lastKnownParent in object
CN=User\0ADEL:ef18debc-895a-4599-952d-a0bf302d2914,CN=Deleted
Objects,DC=secret,DC=at -
<GUID=63de1753-994f-466a-9dd1-9dcf90910ffd>;CN={479204EF-EF2E-4C1B-9E3E-1B50149D578B},CN=Policies,CN=System,DC=secret,DC=at
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for
lastKnownParent in object
CN=Machine\0ADEL:f4336c47-c82e-477e-a5b6-fe7bf24ac07e,CN=Deleted
Objects,DC=secret,DC=at -
<GUID=f1278d7d-87c4-47b7-adf5-663d457026db>;CN={B21C7A4C-E611-460F-BC81-1BBDEC8C9053},CN=Policies,CN=System,DC=secret,DC=at
Not fixing old string component
Checked 445 objects (0 errors)

* valid users parameter didn't match so far: got to tighten that




But we're tired and happy now after all that struggle, and get some
drinks ...

have a great and quiet evening all

Stefan




More information about the samba mailing list