I tried to login on Host GARGAMEL to Domain GSB with user admin at 1:04:01. GARGAMEL is running Windows 2000 SP4 Server and had a remote desktop session for admin running which i whould have attached. Terminal services are configured for admin mode. The PDC for GSB is GARFIELD running Samba 3.0.23c-gwc-2. The loggin attempt failed with the message I were not allowed to login to the session, which means I have no admin rights. The password was already verified then. There are no conflicts with other users. After restarting Samba (a few times), login succeeds. Information about my system users, groups, groupmembership and groupmapping: # getent passwd admin admin:x:1000:1000:Admin:/home/admin:/bin/bash $ getent group admin admin:x:1000:[...] $ getent group gsb gsb:x:60000: # net groupmap list admin (S-1-5-21-4092459118-2595994810-1099795350-512) -> admin guests (S-1-5-21-4092459118-2595994810-1099795350-514) -> guests gsb (S-1-5-21-4092459118-2595994810-1099795350-513) -> gsb bib-admins (S-1-5-21-4092459118-2595994810-1099795350-11099) -> bib-admins bibliothek (S-1-5-21-4092459118-2595994810-1099795350-11001) -> bibliothek
Created attachment 2118 [details] Full samba log I attach a full debug level 10 smbd log from samba start till samba stop. One thing I noticed are entries about the group with gid 60000 (gsb). User admin is not member of this group.
Mario, would you mind testing 3.0.23c. I had one final fix between the patch-gwc-2 and the final release that fixed a gid_to_sid cache bug that sounds similar to what you describe.
I really would like to have tried this earlier. But did not find the time. After doing some testing with 3.0.23c it looks good. So far everything worked. If the problem occurs again I will reopen the bug. And thank you very much for your excellent work.