I'm having some problems I don't quite understand adding a samba4 member to a samba4 domain. The member joins without problems, but no one can login.
I'm guessing it might be an idmap problem (well, see below for more details) - the login server is several times updated, and started using alpha16 I think, but does not have any idmap backend configuration at all... Could I add that, or would I be better off to vampire (or what the current term is) the domain to a new server? It seems the problem is somewhere around this (I tried to narrow it down...) wbinfo -u lists all users, but wbinfo -i cht returns failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND log.winbindd contains a lot of lines like this: > [2013/08/25 14:29:58.711728, 3] > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send) > getpwnam cht > [2013/08/25 14:29:58.711953, 5] > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv) > Could not convert sid S-1-5-21-466883475-2610210983-3635716683-1109: > NT_STATUS_NONE_MAPPED Below is the log from smbd when trying to login > [2013/08/25 14:24:49.477867, 5] > ../auth/gensec/gensec_start.c:647(gensec_start_mech) > Starting GENSEC submechanism gse_krb5 > [2013/08/25 14:24:49.708516, 4] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2013/08/25 14:24:49.709158, 3] > ../auth/kerberos/kerberos_pac.c:386(kerberos_decode_pac) > Found account name from PAC: cht [Christian Huldt] > [2013/08/25 14:24:49.709254, 3] > ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) > Kerberos ticket principal name is [cht@ARKITEKT.MSG83] > [2013/08/25 14:24:49.709332, 5] > ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user ARKITEKT\cht > [2013/08/25 14:24:49.709380, 5] > ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is arkitekt\cht > [2013/08/25 14:24:49.711047, 5] > ../source3/lib/username.c:128(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is ARKITEKT\cht > [2013/08/25 14:24:49.711741, 5] > ../source3/lib/username.c:141(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is ARKITEKT\CHT > [2013/08/25 14:24:49.712416, 5] > ../source3/lib/username.c:153(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in arkitekt\cht > [2013/08/25 14:24:49.712480, 5] > ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [ARKITEKT\cht]! > [2013/08/25 14:24:49.712528, 5] > ../source3/lib/username.c:181(Get_Pwnam_alloc) > Finding user cht > [2013/08/25 14:24:49.712571, 5] > ../source3/lib/username.c:120(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is cht > [2013/08/25 14:24:49.713126, 5] > ../source3/lib/username.c:141(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is CHT > [2013/08/25 14:24:49.713820, 5] > ../source3/lib/username.c:153(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in cht > [2013/08/25 14:24:49.713909, 5] > ../source3/lib/username.c:159(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [cht]! > [2013/08/25 14:24:49.714155, 1] > ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info) > Username ARKITEKT\cht is invalid on this system > [2013/08/25 14:24:49.714246, 1] > ../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac) > Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba