Hi, I can be wrong but for me UID and GID are UNIX concepts. If your workstations are Windows systems, those UID/GID are not necessary. This does not address your issue but it could help to understand things and to avoid searching in the wrong direction... Cheers, mathias 2015-10-12 20:41 GMT+02:00 mourik jan c heupink <heupink at merit.unu.edu>:> Some extra info from the samba side of things: > > During the psexec as machine user, samba logs the following: > > [2015/10/12 20:38:45.552716, 1] >> ../source3/auth/token_util.c:777(create_token_from_sid) >> getpwuid(1276) failed >> [2015/10/12 20:38:45.552786, 1] >> ../source3/auth/auth_generic.c:119(auth3_generate_session_info_pac) >> Failed to map kerberos pac to server info (NT_STATUS_NO_SUCH_USER) >> > > 1276 being the uidNumber I manually added to the machine account, to see > if that solved my issue. (which it didn't) > > And, just for completeness, the machine account does exist, as can be seen > in samba log entries like this: > > [2015/10/12 20:29:45.724724, 2] >> ../source3/auth/auth.c:278(auth_check_ntlm_password) >> check_ntlm_password: authentication for user [INSTR05$] -> [INSTR05$] >> -> [INSTR05$] succeeded >> [2015/10/12 20:29:45.725599, 1] >> ../source3/auth/token_util.c:777(create_token_from_sid) >> getpwuid(1276) failed >> > > Ideas? Am i looking in the right direction? > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi Mathias, Thanks for your reply. Since no one else responded, I'll rephrase my question, hopefully that triggers some more replies: We have some windows 7 machines that log the following during boot: This computer was not able to set up a secure session with a domain controller in domain OURDOMAIN due to the following: There are currently no logon servers available to service the logon request. But for the rest: everything works, also on these same machines: users can logon, drives are mapped: the machines really seem to be joined to the AD, and the AD is active with all three DCs. This problem seems to appear mostly on newer machines, joint to the AD recently. (AD join using the normal, computer, properties, computer name, add to domain) This is sernet-samba 4.2.4, AD-style, running on debian. Any ideas where to start looking? Mourik Jan
Do you use "sites" AD concept? Perhaps these workstations are not in the right network to match any AD site, so no domain controller would be available. That's just a thought, I'm not familiar enough with that concept. 2015-10-14 14:56 GMT+02:00 mourik jan heupink <heupink at merit.unu.edu>:> Hi Mathias, > > Thanks for your reply. > > Since no one else responded, I'll rephrase my question, hopefully that > triggers some more replies: > > We have some windows 7 machines that log the following during boot: > > This computer was not able to set up a secure session with a domain > controller in domain OURDOMAIN due to the following: > There are currently no logon servers available to service the logon > request. > > But for the rest: everything works, also on these same machines: users can > logon, drives are mapped: the machines really seem to be joined to the AD, > and the AD is active with all three DCs. > > This problem seems to appear mostly on newer machines, joint to the AD > recently. (AD join using the normal, computer, properties, computer name, > add to domain) > > This is sernet-samba 4.2.4, AD-style, running on debian. > > Any ideas where to start looking? > > Mourik Jan > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
In responce of Mourik Jan in this thing.. - The pc's boot that fast these days that the network stack is not loaded yet, which explains the "currently no logon servers available to service the logon request" which can be solved by setting the "Always wait for network " Setting in GPO. For Mathias, If your using sites and different dns domains. Like Office1.domain.tld Office2.domain.tld Etc. You set the dns advances setting to force correct Append primary and connection specific DNS suffixes See: https://technet.microsoft.com/nl-nl/library/cc754143.aspx And this can be done also by GPO. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mathias dufresne > Verzonden: woensdag 14 oktober 2015 15:15 > Aan: samba > Onderwerp: Re: [Samba] machine accounts question > > Do you use "sites" AD concept? Perhaps these workstations are not in the > right network to match any AD site, so no domain controller would be > available. > > That's just a thought, I'm not familiar enough with that concept. > > 2015-10-14 14:56 GMT+02:00 mourik jan heupink <heupink at merit.unu.edu>: > > > Hi Mathias, > > > > Thanks for your reply. > > > > Since no one else responded, I'll rephrase my question, hopefully that > > triggers some more replies: > > > > We have some windows 7 machines that log the following during boot: > > > > This computer was not able to set up a secure session with a domain > > controller in domain OURDOMAIN due to the following: > > There are currently no logon servers available to service the logon > > request. > > > > But for the rest: everything works, also on these same machines: users > can > > logon, drives are mapped: the machines really seem to be joined to the > AD, > > and the AD is active with all three DCs. > > > > This problem seems to appear mostly on newer machines, joint to the AD > > recently. (AD join using the normal, computer, properties, computer > name, > > add to domain) > > > > This is sernet-samba 4.2.4, AD-style, running on debian. > > > > Any ideas where to start looking? > > > > Mourik Jan > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Sonstiges (Will Happen with Windows Domain Controllers als well) the Client Network Connection isn't yet ready, maybe a dhcp delay, when the user logs in. Waiting one minute before the first logon should help. -- W.Mautner (Walter.mautner at ages.at) +43050555111 IKT Hotline> Am 14.10.2015 um 14:56 schrieb mourik jan heupink <heupink at merit.unu.edu>: > > Hi Mathias, > > Thanks for your reply. > > Since no one else responded, I'll rephrase my question, hopefully that triggers some more replies: > > We have some windows 7 machines that log the following during boot: > > This computer was not able to set up a secure session with a domain controller in domain OURDOMAIN due to the following: > There are currently no logon servers available to service the logon request. > > But for the rest: everything works, also on these same machines: users can logon, drives are mapped: the machines really seem to be joined to the AD, and the AD is active with all three DCs. > > This problem seems to appear mostly on newer machines, joint to the AD recently. (AD join using the normal, computer, properties, computer name, add to domain) > > This is sernet-samba 4.2.4, AD-style, running on debian. > > Any ideas where to start looking? > > Mourik Jan > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba