[Samba] Samba 4 AD share: Access denied
Ryan Ashley
ryana at reachtechfp.com
Thu Jul 31 10:04:15 MDT 2014
I made a strange discovery this morning. If I attempt to map the drive
using the server's IP address, I get invalid password. If I attempt to
map it using the hostname, it flat out denies access.
C:\Users\reach_support>net use s: \\172.16.0.5\staff$ /persistent:no
Enter the user name for '172.16.0.5': reach_support
Enter the password for 172.16.0.5:
System error 86 has occurred.
The specified network password is not correct.
C:\Users\reach_support>net use s: \\fs01\staff$ /persistent:no
Enter the user name for 'fs01': reach_support
Enter the password for fs01:
System error 5 has occurred.
Access is denied.
C:\Users\reach_support>
This REALLY looks like an S4 bug to me. Why would it give different
errors if using a hostname versus the static IP? The hostname simply
resolves to the IP anyway. Is there anything we can do now?
On 07/30/2014 10:18 AM, Ryan Ashley wrote:
> Sorry for the delay. I am in eastern time and have been busy with
> another project. I cannot convert that ID to SID. In Windows however,
> this shows as "SYSTEM". How do I know? Simple, there are only three
> things listed. Those are "Domain Admins", "Administration", and
> "SYSTEM". Also, what do you mean by "ntadmins" being local? I have
> added no groups to the Linux systems, so if you're asking if it is a
> local group on the Linux box, no it is not. I can remove the SYSTEM
> account from the share if needed, but it is on all Windows shares as
> well and causes no issues.
>
> failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert uid 70028 to sid
>
> On 7/30/2014 6:01 AM, steve wrote:
>> On Tue, 2014-07-29 at 19:47 +0100, Rowland Penny wrote:
>>> On 29/07/14 18:42, steve wrote:
>>> Hi Steve, how about bug 10508 ??
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=10508
>>>
>>> Rowland
>>>
>> Hi Rowland,
>> Yes, it looks possible.
>> Could OP tell us if his ntadmins is local to /etc/group? Also, the what
>> does:
>> wbinfo --uid-to-sid=70028
>> give us?
>> Steve
>>
>>
>
More information about the samba
mailing list