[Samba] samba domain member strange behavior lost users and shares

basti mailinglist at unix-solution.de
Fri Jan 10 12:29:00 UTC 2020

On 10.01.20 12:37, Rowland penny via samba wrote:
> On 10/01/2020 11:09, basti via samba wrote:
>> alf is an old domain user, not need it anymore. so i have change the
>> range to
>>   idmap config * : range = 1000-2000
>>   idmap config SAMDOM:range = 2001-999999
> As you are using the winbind 'ad' backend, you have probably just cut
> off any users between 1006-1999 and if the gidNumber for 'Domain Users'
> is inside '1006-1999', you will now ignore all your users.
>> But i do not think that this is the problem, the config before work for
>> a log time.
>> perhaps something is wrong with kerberos / keytab?
> Possibly, but the idea behind 'winbind refresh tickets = yes' is that
> when a user connects and their ticket has expired, it is refreshed.
> I take it this domain was classicupgraded from an NT4-style domain.
> Rowland

I haven't any domain user between 1006-1999 anymore. Yes the Domain was
a classicupgraded from an NT4-style domain.

Is there a way to list user tickets?
klist -k /etc/krb5.keytab only show the domain member tickets.

More information about the samba mailing list