[Samba] session setup failed: NT_STATUS_LOGON_FAILURE

Rowland Penny rowlandpenny241155 at gmail.com
Wed Nov 4 14:55:00 UTC 2015

On 04/11/15 14:34, Roger Wu wrote:
>     Doh! now you have raised more questions :-D
>     First, the more users that you have, the harder it gets to
>     maintain them in a workgroup, about 8 users is the maximum from my
>     experience. Some of them will never use more than one machine, but
>     most will move from one machine to another and so they will have
>     to have login details on *all* machines they will log into. This
>     is where a domain comes in, you create the user in one place and
>     the user can then login everywhere.
> I don't really get it. Maybe I misinterpret what you said.
> If our samba server works, users only want to access samba service 
> using their own PC,
> that's what they need, they are not allowed to use others' PCs but 
> their own.
> And yes, users can move from one machine to another, that's how a 
> domain works,
> but we don't need to provide samba service between Workstation,
> only one way access from PCs to Workstations is needed for users.
> I am not worried about users limitation, it's just as I said that not 
> so many users need this service.
> If so, I'll figure it out.
>     Now we come to the new questions, will the Unix machines need to
>     be part of the domain ?
> What do you mean "to be part of the domain"?
> We have unix/linux machines in each NIS domain, they are a part of 
> their domain.
> Could you define your question more precisely?
>     You mention that they are in different domains, do you mean
>     domains or do you mean workgroups?
> What I mean is NIS domain. We have three different domains, so I plan 
> to start up one samba server for each domain separately
> As for workgroup, we only have one workgroup for windows, so it won't 
> be an issue.
>     Are any machines in a windows domain already?
> No.
>     Finally, if you cannot set up a new domain, do your users need to
>     own files on your samba server or do they just need to read &
>     store files on the samba server.
>     Rowland
> They just need to read & store files on the samba server.
> Regards,
> Roger

OK, from what you have posted, you have Unix & windows workstations and 
they are in groups. You will probably be better of creating a new AD 
domain with a number of sites, you can use the DCs to authenticate all 
the users & groups and if push comes to shove, use the DCs as 
fileservers. Your users would log into their workstation (either windows 
or Unix) and have all their data to hand, the windows users would use 
the standard AD capabilities and the Unix users would use the RFC2307 
attributes that are built into a Samba AD as standard.

This will give you is centralisation of user & group maintenance, your 
users info will exist in just one place, you only need to add a user 
once, you can do it without leaving your chair, unlike a WORKGROUP, 
where you will have to visit *every* workstation or server that a user 
will connect to. I have been there, done that and my workgroup was 
scattered over three counties! It isn't easy.


More information about the samba mailing list