I'm having some problems I don't quite understand adding a samba4 member
to a samba4 domain. The member joins without problems, but no one can login.
I'm guessing it might be an idmap problem (well, see below for more
details) - the login server is several times updated, and started using
alpha16 I think, but does not have any idmap backend configuration at all...
Could I add that, or would I be better off to vampire (or what the
current term is) the domain to a new server?
It seems the problem is somewhere around this (I tried to narrow it down...)
wbinfo -u
lists all users, but
wbinfo -i cht
returns failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
log.winbindd contains a lot of lines like this:> [2013/08/25 14:29:58.711728, 3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> getpwnam cht
> [2013/08/25 14:29:58.711953, 5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> Could not convert sid S-1-5-21-466883475-2610210983-3635716683-1109:
NT_STATUS_NONE_MAPPED
Below is the log from smbd when trying to login
> [2013/08/25 14:24:49.477867, 5]
../auth/gensec/gensec_start.c:647(gensec_start_mech)
> Starting GENSEC submechanism gse_krb5
> [2013/08/25 14:24:49.708516, 4] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2013/08/25 14:24:49.709158, 3]
../auth/kerberos/kerberos_pac.c:386(kerberos_decode_pac)
> Found account name from PAC: cht [Christian Huldt]
> [2013/08/25 14:24:49.709254, 3]
../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> Kerberos ticket principal name is [cht at ARKITEKT.MSG83]
> [2013/08/25 14:24:49.709332, 5]
../source3/lib/username.c:181(Get_Pwnam_alloc)
> Finding user ARKITEKT\cht
> [2013/08/25 14:24:49.709380, 5]
../source3/lib/username.c:120(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as lowercase is arkitekt\cht
> [2013/08/25 14:24:49.711047, 5]
../source3/lib/username.c:128(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as given is ARKITEKT\cht
> [2013/08/25 14:24:49.711741, 5]
../source3/lib/username.c:141(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as uppercase is ARKITEKT\CHT
> [2013/08/25 14:24:49.712416, 5]
../source3/lib/username.c:153(Get_Pwnam_internals)
> Checking combinations of 0 uppercase letters in arkitekt\cht
> [2013/08/25 14:24:49.712480, 5]
../source3/lib/username.c:159(Get_Pwnam_internals)
> Get_Pwnam_internals didn't find user [ARKITEKT\cht]!
> [2013/08/25 14:24:49.712528, 5]
../source3/lib/username.c:181(Get_Pwnam_alloc)
> Finding user cht
> [2013/08/25 14:24:49.712571, 5]
../source3/lib/username.c:120(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as lowercase is cht
> [2013/08/25 14:24:49.713126, 5]
../source3/lib/username.c:141(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as uppercase is CHT
> [2013/08/25 14:24:49.713820, 5]
../source3/lib/username.c:153(Get_Pwnam_internals)
> Checking combinations of 0 uppercase letters in cht
> [2013/08/25 14:24:49.713909, 5]
../source3/lib/username.c:159(Get_Pwnam_internals)
> Get_Pwnam_internals didn't find user [cht]!
> [2013/08/25 14:24:49.714155, 1]
../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
> Username ARKITEKT\cht is invalid on this system
> [2013/08/25 14:24:49.714246, 1]
../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
> Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
