[Samba] Samba as AD member can not validate domain user

jd at ionica.lv jd at ionica.lv
Sun Apr 5 12:26:39 MDT 2015


Wheh domain user tries to access file server (samba4, member of AD domain)
server logs such error:

2015/04/05 21:13:01.095178,  1]  
Username DOMAINwusername is invalid on this system

[2015/04/05 21:13:01.095200,  1]  
Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)

which, on one hand, is right - such UNIX user does not exist on the  
file server. If I try to access file server as user registered both in  
AD domain and file server's local passwd/shadow, I succed.

Does it mean that I have to have all intended users to be registered  
as local UNIX users on file server, and, if I plan to manage share  
permissions using domain groups, I have to make "mirror" groups  
locally as well?


More information about the samba mailing list