There’s two possibilities here: either your users are failing authentication, which is a DS/winbindd problem, or they’re failing authoriziation, which is likely a memberd problem. As a test, when the problem happens, try authenticating with an AD user account using dirt with ntlm authentication:
dirt -a nt -u -p
If this fails, you have an authentication problem, and the steps I talked about at WWDC should be able to help you.
If it succeeds, your authentication is ok, but you’re being blocked by permissions. Assuming your permissions are set such that the user in question should have access, the culprit is probably memberd. Resetting the memberd cache on the fileserver ought to fix this: memberd -r. You can also fix this issue for a specific user by running id for that user on the fileserver, as this will refresh the memberd cache for that user. Once you “id” the user, they should be able to login again.
Hope that helps.
Recent Comments