Am 2018-01-16 um 15:47 schrieb Denis Cardon:>> *one* AD user is able to log into his Windows10 PC, but doesn't get a >> network share connected. > > when you specify win10, do you mean that it works properly for that same > user on a win7 workstation?No. No win7 tested.>> If I test that from the DM server or the DCs via smbclient it fails as >> well. >> >> main # smbclient -L main -U kamleitnerl%hispw >> session setup failed: NT_STATUS_UNSUCCESSFUL > > If you want to reproduce the same behavior as your workstation, you > should first kinit and then smbclient with -k: > kinit kamleitnerl > smbclient -k -L mainAh, I see ... Does every kinit change the current user context for the following "smbclient -k" ? As mentioned "net cache flush" made it work again. Unsure what was the reason, though!> And by the way, until 4.7, smbclient was limited to SMB1 because of unix > extensions. If you want to have a better simulation, you should also > change the "client max protocol" parameter.Unfortunately gentoo linux doesn't bring me samba-4.7 as "stable" package, in their portage package system they provide 4.5.10 as stable and 4.6 and 4.7 as unstable. So I have to decide if to stay with stable packages in terms of gentoo or in terms of upstream samba project. And this in the context of having the DCs on debian, with LPH packages ... always difficult for me to decide between "latest release" and "stable environment".
Am 2018-01-16 um 16:09 schrieb Stefan G. Weichinger via samba:> As mentioned "net cache flush" made it work again. Unsure what was the > reason, though!today we had the same issue again and had to run "net cache flush" again. The admin there googled this: https://community.spiceworks.com/topic/1997592-winbind-samba-some-users-unable-to-authenticate-until-local-cache-is-cleared but a cronjob like that doesn't look like a good solution to me, more like a hack until a real fix is found. Does anyone know if this issue would be solved by upgrading the DM to 4.6.12 or even 4.7.x ? We are unsure which way to go here.
Am 2018-01-17 um 16:27 schrieb Stefan G. Weichinger via samba:> Am 2018-01-16 um 16:09 schrieb Stefan G. Weichinger via samba: > >> As mentioned "net cache flush" made it work again. Unsure what was the >> reason, though! > > today we had the same issue again and had to run "net cache flush" > again. The admin there googled this: > > https://community.spiceworks.com/topic/1997592-winbind-samba-some-users-unable-to-authenticate-until-local-cache-is-clearedI will try to wipe /var/cache/samba later today, maybe we pull allong some old stuff in some old files (I see files from 2016 in there !?) Additional qs: as it seems to be one user only with this problem -> is there a way to re-create an AD user and keep its SID/RID/whatever is needed to make sure that the windows user profile doesn't have to be re-created as well?