I essentially gave up and tried the old mapping. I had to rejoin the
domain and reboot the system and clients, but it works.
However, I have one more question concerning this AD setup. During the
course of this exercise, I noticed that "getent passwd" does not show a
new user, and "getent group" shows old group membership. "wbinfo -u"
correctly shows all domain members, including the new user. I cannot
chown the new users home directory to user:"Domain Users". It returns
as invalid user. Some things are obviously not being updated or pulled
from the AD server, but others are. Where do I look for the error?
Thanks,
Dale
Jeremy Allison wrote:
On Mon, Sep 18, 2006 at 03:59:28PM -0500, Dale Schroeder wrote:
Since I haven't gotten any responses from the segfault log I posted
earlier, I will try another approach. Below is what happens when a
client tries to connect. Again, this all started after I changed a
username mapping entry from root = DOMAIN\Administrator to root =
@"DOMAIN\Domain Admins". This is in a security = ADS setup. wbinfo -u
and -g return the correct information.
Dale
[2006/09/18 15:42:38, 10] passdb/secrets.c:secrets_named_mutex(778)
secrets_named_mutex: got mutex for replay cache mutex
[2006/09/18 15:42:38, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad
encryption type
[2006/09/18 15:42:38, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad
encryption type
Did you restrict any enc types in your krb5.conf ?
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
