[Samba] session setup failed: NT_STATUS_LOGON_FAILURE

Roger Wu wu1004 at gmail.com
Wed Nov 4 15:38:24 UTC 2015 

2015-11-04 22:55 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 04/11/15 14:34, Roger Wu wrote:
>
>>
>>
>>
>>
>>     Doh! now you have raised more questions :-D
>>
>>     First, the more users that you have, the harder it gets to
>>     maintain them in a workgroup, about 8 users is the maximum from my
>>     experience. Some of them will never use more than one machine, but
>>     most will move from one machine to another and so they will have
>>     to have login details on *all* machines they will log into. This
>>     is where a domain comes in, you create the user in one place and
>>     the user can then login everywhere.
>>
>>
>> I don't really get it. Maybe I misinterpret what you said.
>> If our samba server works, users only want to access samba service using
>> their own PC,
>> that's what they need, they are not allowed to use others' PCs but their
>> own.
>>
>> And yes, users can move from one machine to another, that's how a domain
>> works,
>> but we don't need to provide samba service between Workstation,
>> only one way access from PCs to Workstations is needed for users.
>>
>> I am not worried about users limitation, it's just as I said that not so
>> many users need this service.
>> If so, I'll figure it out.
>>
>>
>>     Now we come to the new questions, will the Unix machines need to
>>     be part of the domain ?
>>
>>
>> What do you mean "to be part of the domain"?
>> We have unix/linux machines in each NIS domain, they are a part of their
>> domain.
>> Could you define your question more precisely?
>>
>>     You mention that they are in different domains, do you mean
>>     domains or do you mean workgroups?
>>
>> What I mean is NIS domain. We have three different domains, so I plan to
>> start up one samba server for each domain separately
>> As for workgroup, we only have one workgroup for windows, so it won't be
>> an issue.
>>
>>     Are any machines in a windows domain already?
>>
>> No.
>>
>>     Finally, if you cannot set up a new domain, do your users need to
>>     own files on your samba server or do they just need to read &
>>     store files on the samba server.
>>
>>     Rowland
>>
>> They just need to read & store files on the samba server.
>>
>> Regards,
>> Roger
>>
>>
> OK, from what you have posted, you have Unix & windows workstations and
> they are in groups. You will probably be better of creating a new AD domain
> with a number of sites, you can use the DCs to authenticate all the users &
> groups and if push comes to shove, use the DCs as fileservers. Your users
> would log into their workstation (either windows or Unix) and have all
> their data to hand, the windows users would use the standard AD
> capabilities and the Unix users would use the RFC2307 attributes that are
> built into a Samba AD as standard.
>
> This will give you is centralisation of user & group maintenance, your
> users info will exist in just one place, you only need to add a user once,
> you can do it without leaving your chair, unlike a WORKGROUP, where you
> will have to visit *every* workstation or server that a user will connect
> to. I have been there, done that and my workgroup was scattered over three
> counties! It isn't easy.
>
> Rowland
>
>
Geez! It's too deep for me to understand.
I did achieve what I want with old samba version only doing some simple
settings,
I tried to reduplicate the result using new samba version but it failed.
I didn't expect it comes to this way you mentioned, it seems more
complicated.

We do have an AD for PC windows workgroup. Why should I need to create a
new AD?
Would you please give me an example or show me how to setup samba as you
said?

I have no experience creating a AD domain and DCs.

Roger




> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list