Re: [Samba] User is invalid on this system
A rejoin unfortunately did not fix this issue and interestingly enough Samba failed to find a domain controller by any of the standard lookup means (hosts, lmhosts, WINS and with a broadcast) so I had to use the -s argument to manually specify the server in the 'net ads join' command. This probably signifies deeper issues. Eventually I just used the current Sernet provided 3.6.9 packages which resolved the issue. What's so odd about this is that there is a nearly identical secondary host running the same version of Samba used for failover. No issues with the secondary. Go figure. --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Friday, November 30, 2012 10:55 AM To: Kevin Elliott Cc: 'samba@lists.samba.org' Subject: Re: [Samba] User is invalid on this system With what I've read and what I've seen with the rebuilds, there's a good chance the rejoin could fix your problem. That being said, there are no guarantees with winbind. It's the part of the Samba suite that has given me the most problems over the years, breaking existing configs almost every time its internal workings are changed. I wish you good luck! Dale On 11/30/2012 12:57 PM, Kevin Elliott wrote: Dale, I was afraid of that. We we're forced to upgrade from 3.5.x because of a reoccurring Winbind issue but I'm a bit disappointed to see that 3.6.x introduces a idmap/rid issues. I guess we just traded one for another. Do you think un-joining and then re-joining the existing system could fix this? Thanks. --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Friday, November 30, 2012 9:38 AM To: Kevin Elliott Cc: 'samba@lists.samba.org' Subject: Re: [Samba] User is invalid on this system Kevin, 3.6.x has had several issues with idmap rid. I was hit with this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 . Searching for idmap rid issues with 3.6.x will reveal others as well. Someone indicated that rejoining the domain would fix this issue. As it so happened, I had to rebuild one of the servers. After joining the rebuilt system to the domain, it has worked flawlessly ever since. So, it appears the problem with rid and some of the other idmap backends is somehow related to upgrading, as newly joined systems work as expected. Dale On 11/29/2012 6:51 PM, Kevin Elliott wrote: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): [2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 2517) conn 0x0 [2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1680 [2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: kevin_elliott [Kevin Elliott] [2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [kevin_elliott@CBJ.LOCAL] [2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system [2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET. [2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. And the relevant section of smb.conf: [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90
Re: [Samba] User is invalid on this system
) winbind_client_response_written[425:PING]: delivered response to client [2012/11/30 08:41:58.866817, 10] winbindd/winbindd.c:616(process_request) process_request: Handling async request 425:PING [2012/11/30 08:41:58.866937, 10] winbindd/winbindd.c:678(wb_request_done) wb_request_done[425:PING]: NT_STATUS_OK [2012/11/30 08:41:58.867034, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[425:PING]: delivered response to client [2012/11/30 08:42:05.563565, 6] winbindd/winbindd.c:793(new_connection) accepted socket 29 [2012/11/30 08:42:05.563716, 10] winbindd/winbindd.c:643(process_request) process_request: request fn INTERFACE_VERSION [2012/11/30 08:42:05.563778, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [ 453]: request interface version [2012/11/30 08:42:05.563884, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[453:INTERFACE_VERSION]: delivered response to client [2012/11/30 08:42:05.563976, 10] winbindd/winbindd.c:643(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2012/11/30 08:42:05.564028, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [ 453]: request location of privileged pipe [2012/11/30 08:42:05.564112, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[453:WINBINDD_PRIV_PIPE_DIR]: delivered response to client [2012/11/30 08:42:05.564201, 6] winbindd/winbindd.c:841(winbind_client_request_read) closing socket 29, client exited [2012/11/30 08:42:05.564274, 6] winbindd/winbindd.c:793(new_connection) accepted socket 29 [2012/11/30 08:42:05.564351, 10] winbindd/winbindd.c:616(process_request) process_request: Handling async request 453:PING [2012/11/30 08:42:05.564411, 10] winbindd/winbindd.c:678(wb_request_done) wb_request_done[453:PING]: NT_STATUS_OK [2012/11/30 08:42:05.564480, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[453:PING]: delivered response to client [2012/11/30 08:42:05.585267, 10] winbindd/winbindd.c:616(process_request) process_request: Handling async request 453:PING [2012/11/30 08:42:05.585367, 10] winbindd/winbindd.c:678(wb_request_done) wb_request_done[453:PING]: NT_STATUS_OK [2012/11/30 08:42:05.585443, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[453:PING]: delivered response to client [2012/11/30 08:42:10.081128, 6] winbindd/winbindd.c:841(winbind_client_request_read) closing socket 29, client exited [2012/11/30 08:42:12.146894, 6] winbindd/winbindd.c:841(winbind_client_request_read) closing socket 28, client exited If I'm reading the logs correctly it looks like winbind opens the Unix pipe for the client, the client re-establishes the connection and we get a NT_STATUS_OK at the end of it. Appreciate the help! -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Thomas Mueller Sent: Thursday, November 29, 2012 9:50 PM To: samba@lists.samba.org Subject: Re: [Samba] User is invalid on this system Am Thu, 29 Nov 2012 15:51:55 -0900 schrieb Kevin Elliott: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): ... auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system ... However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. Any ideas? Anyone else see this? maybe the winbind in /etc/nsswitch.conf got lost? is getent -s winbind passwd $username returning something? is winbindd running (ps -C winbindd -f)? any log messages in /var/log/samba/log.winbindd ? - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User is invalid on this system
Kevin, 3.6.x has had several issues with idmap rid. I was hit with this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 . Searching for idmap rid issues with 3.6.x will reveal others as well. Someone indicated that rejoining the domain would fix this issue. As it so happened, I had to rebuild one of the servers. After joining the rebuilt system to the domain, it has worked flawlessly ever since. So, it appears the problem with rid and some of the other idmap backends is somehow related to upgrading, as newly joined systems work as expected. Dale On 11/29/2012 6:51 PM, Kevin Elliott wrote: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): [2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 2517) conn 0x0 [2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1680 [2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: kevin_elliott [Kevin Elliott] [2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [kevin_elliott@CBJ.LOCAL] [2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system [2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET. [2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. And the relevant section of smb.conf: [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 192.0.2.87/32, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes password server = 192.0.2.25, 192.0.2.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 192.0.2.25 ldap ssl = no panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config LIBRARY:range = 65535-7 idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:backend = rid idmap config * : range = 1-65533 idmap config * : base_rid = 0 idmap config * : backend = rid admin users = @CBJ_NT+admin veto files = /.*/ [ftp] comment = FTP directory path = /var/ftp/pub/ valid users = @CBJ_NT+domain users read only = No create mask = 0775 directory mask = 0775 hide unreadable = Yes Any ideas? Anyone else see this? --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User is invalid on this system
Dale, I was afraid of that. We we're forced to upgrade from 3.5.x because of a reoccurring Winbind issue but I'm a bit disappointed to see that 3.6.x introduces a idmap/rid issues. I guess we just traded one for another. Do you think un-joining and then re-joining the existing system could fix this? Thanks. --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Friday, November 30, 2012 9:38 AM To: Kevin Elliott Cc: 'samba@lists.samba.org' Subject: Re: [Samba] User is invalid on this system Kevin, 3.6.x has had several issues with idmap rid. I was hit with this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 . Searching for idmap rid issues with 3.6.x will reveal others as well. Someone indicated that rejoining the domain would fix this issue. As it so happened, I had to rebuild one of the servers. After joining the rebuilt system to the domain, it has worked flawlessly ever since. So, it appears the problem with rid and some of the other idmap backends is somehow related to upgrading, as newly joined systems work as expected. Dale On 11/29/2012 6:51 PM, Kevin Elliott wrote: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): [2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 2517) conn 0x0 [2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1680 [2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: kevin_elliott [Kevin Elliott] [2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [kevin_elliott@CBJ.LOCAL] [2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system [2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET. [2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. And the relevant section of smb.conf: [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 192.0.2.87/32, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes password server = 192.0.2.25, 192.0.2.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 192.0.2.25 ldap ssl = no panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config LIBRARY:range = 65535-7 idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:backend = rid idmap config * : range = 1-65533 idmap config * : base_rid = 0 idmap config * : backend = rid admin users = @CBJ_NT+admin veto files = /.*/ [ftp] comment = FTP directory path = /var/ftp/pub/ valid users = @CBJ_NT+domain users read only
Re: [Samba] User is invalid on this system
With what I've read and what I've seen with the rebuilds, there's a good chance the rejoin could fix your problem. That being said, there are no guarantees with winbind. It's the part of the Samba suite that has given me the most problems over the years, breaking existing configs almost every time its internal workings are changed. I wish you good luck! Dale On 11/30/2012 12:57 PM, Kevin Elliott wrote: Dale, I was afraid of that. We we're forced to upgrade from 3.5.x because of a reoccurring Winbind issue but I'm a bit disappointed to see that 3.6.x introduces a idmap/rid issues. I guess we just traded one for another. Do you think un-joining and then re-joining the existing system could fix this? Thanks. --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Friday, November 30, 2012 9:38 AM To: Kevin Elliott Cc: 'samba@lists.samba.org' Subject: Re: [Samba] User is invalid on this system Kevin, 3.6.x has had several issues with idmap rid. I was hit with this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 . Searching for idmap rid issues with 3.6.x will reveal others as well. Someone indicated that rejoining the domain would fix this issue. As it so happened, I had to rebuild one of the servers. After joining the rebuilt system to the domain, it has worked flawlessly ever since. So, it appears the problem with rid and some of the other idmap backends is somehow related to upgrading, as newly joined systems work as expected. Dale On 11/29/2012 6:51 PM, Kevin Elliott wrote: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): [2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 2517) conn 0x0 [2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1680 [2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: kevin_elliott [Kevin Elliott] [2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [kevin_elliott@CBJ.LOCAL] [2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system [2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET. [2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. And the relevant section of smb.conf: [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 192.0.2.87/32, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes password server = 192.0.2.25, 192.0.2.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 192.0.2.25 ldap ssl = no panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config LIBRARY:range = 65535-7 idmap config LIBRARY:base_rid
Re: [Samba] User is invalid on this system
Am Thu, 29 Nov 2012 15:51:55 -0900 schrieb Kevin Elliott: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): ... auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system ... However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. Any ideas? Anyone else see this? maybe the winbind in /etc/nsswitch.conf got lost? is getent -s winbind passwd $username returning something? is winbindd running (ps -C winbindd -f)? any log messages in /var/log/samba/log.winbindd ? - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba