[Samba] Samba as AD member can not validate domain user
jd at ionica.lv
jd at ionica.lv
Sun Apr 5 12:26:39 MDT 2015
Hi!
Wheh domain user tries to access file server (samba4, member of AD domain)
server logs such error:
2015/04/05 21:13:01.095178, 1]
../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
Username DOMAINwusername is invalid on this system
[2015/04/05 21:13:01.095200, 1]
../source3/auth/auth_generic.c:99(auth3_generate_session_info_pac)
Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
which, on one hand, is right - such UNIX user does not exist on the
file server. If I try to access file server as user registered both in
AD domain and file server's local passwd/shadow, I succed.
Does it mean that I have to have all intended users to be registered
as local UNIX users on file server, and, if I plan to manage share
permissions using domain groups, I have to make "mirror" groups
locally as well?
Janis
More information about the samba
mailing list