Okay, I left and rejoined the domain.
Same problem... if this is the problem.... Any help is appreciated! Thanks. Chris On Thursday 09 September 2004 04:13 pm, Chris wrote: > Okay.. > > I think I may have found something, but I don't know what to do about > it.... > > I have found this in my log.winbind file: > > > [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain NAIC NAIC.INT S-0-0 > [2004/09/09 15:50:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) > krb5_cc_get_principal failed (No credentials cache found) > [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain NAICSYS S-1-5-21-1898674339-994652211-837300805 > [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain BUILTIN S-1-5-32 > [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain PERSEUS S-1-5-21-3652935647-1358748155-3390278020 > > It is the "No credentials found" part that looks suspicious. When I > initially rolled the system out a couple months back, it did not give this > error. Now it does, and I can't think of a thing that has changed on the > system. > > Again, the weird thing is it doesn't appear to affect everybody, just > certain users trying to use certain resources. > > I have seen many posts with this error, but no solutions to it. I am going > to try to leave and rejoin the domain... I hope I don't regret that... > > > Chris > > On Thursday 09 September 2004 03:28 pm, Chris wrote: > > This is worse than I thought! > > > > Another user has now complained to me that he does not have rights to > > something he should have rights to! > > > > I have a printer shared out, to use it you must be in the > > DOMAIN+ColorPrint_ group. He is a member, and yet it won't let him even > > access it to install it! An authentication box pops up asking for > > username and passwd. > > > > [phaser8400] > > path = /var/spool/samba > > valid users = @Domain+ColorPrint_ > > printable = Yes > > printer name = phaser8400 > > browseable = No > > root preexec = echo Connect :%T U.G=%U.%G u.g=%u.%g > > > > >> /root/.info/p8400.log > > > > root postexec = echo Disconnect:%T U.G=%U.%G u.g=%u.%g > > > > >> /root/.info/p8400.log > > > > printer admin = @"DOMAIN+Domain Admins" > > > > Nothing has changed... I haven't messed with any of the configuration > > files or added any new software. This just started happening > > spontaneously it seems. > > > > my wbinfo -t/-u/-g all look good. > > > > Is the tdb corrupted or something? What can I do to fix this? > > > > > > Chris > > > > On Thursday 09 September 2004 02:29 pm, Chris wrote: > > > Hello. > > > > > > I am running samba 3.0.5 in an ADS environment. I have a win2k3 server > > > as the DC and my samba machine (running on Gentoo Linux) is a member of > > > that domain. I am using winbind. > > > > > > I have three users, for this example I will call them Larry, Curly and > > > Moe. All three have RW access to a share on the server called > > > "stooges". The linux perms on this directory look like this: > > > > > > drwxrwx--- root DOMAIN+stooges_ stooges > > > > > > There are other users who are members of the DOMAIN+stooges group, but > > > these three are in charge and need access to a more restricted > > > subdirectory of stooges. So I made a stooges_CIA directory under the > > > stooges share. > > > > > > Its linux perms look like this: > > > > > > drwxrwx--- root DOMAIN+stooges_CIA_ stooges_CIA > > > > > > Larry, Curly and Moe are all members of both the DOMAIN+stooges_CIA_ > > > (only those three) and the DOMAIN+stooges_ groups (those 3 plus other > > > users in the dept). > > > > > > Now here is the strange part: > > > > > > Larry and curly can access everything in the share stooges and the > > > subdirectory stooges_CIA. Moe, can access everyting in the stooges > > > share but NOT anything in the stooges_CIA subdir. > > > > > > This makes absolutely no sense to me! Moe is a group member of > > > DOMAIN+stooges_CIA. He shows up thusly when I do a 'getent group' or > > > when I do a 'groups DOMAIN+moe'. Likewise, he shows up on the domain > > > controller as being part of that group. *BOTH* systems have him listed > > > in that group -- but for some reason he has no access! > > > > > > He gets this error: > > > > > > "\\server\stooges\stooges_CIA is not accessible. You might not have > > > permission to use this network resource. Contact the administrator of > > > this server to find out if you have access permissions." > > > > > > What the heck is going on here? > > > > > > Thanks! > > > > > > Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
