[Samba] session setup failed: NT_STATUS_LOGON_FAILURE

mathias dufresne infractory at gmail.com
Thu Nov 5 10:18:25 UTC 2015

As you said you have an AD domain already set up, this AD domain contains
already your users and certainly some groups to manage them. You can re-use
this AD of course, that's the whole point of AD since 15 years: to be

You seem to want to have files server, add this server as a member of your
already existing domain. Doing that this server will become part of your
domain, it will be able to retrieve users from your already existing AD to
use them as local users, to grant these users (coming from your AD domain)
for authenticating them when they will access the file server. In others
words, AD users will be able to access your file server. After some
configuration of course, but without recreating users, they are existing in
your already existing domain.

This page gives links, read them.

2015-11-05 9:56 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 05/11/15 03:38, Roger Wu wrote:
>>                     Now we come to the new questions, will the Unix
>>         machines
>>                 need to
>>                     be part of the domain ?
>>                 What do you mean "to be part of the domain"?
>>                 We have unix/linux machines in each NIS domain, they are a
>>                 part of their domain.
>>                 Could you define your question more precisely?
>>                     You mention that they are in different domains, do
>>         you mean
>>                     domains or do you mean workgroups?
>>                 What I mean is NIS domain. We have three different
>>         domains, so
>>                 I plan to start up one samba server for each domain
>>         separately
>>                 As for workgroup, we only have one workgroup for
>>         windows, so
>>                 it won't be an issue.
>>                     Are any machines in a windows domain already?
>>                 No.
>>                     Finally, if you cannot set up a new domain, do
>>         your users
>>                 need to
>>                     own files on your samba server or do they just
>>         need to read &
>>                     store files on the samba server.
>>                     Rowland
>>                 They just need to read & store files on the samba server.
>> I'm try to study the above link you suggest, but I can't find samba-tool
>> for my installed packages
>> Where can I find samba-tool?
>> [root at testcad16 ~]# rpm -qa | grep samba
>> sernet-samba-4.2.5-19.el6.x86_64
>> sernet-samba-libs-4.2.5-19.el6.x86_64
>> sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64
>> sernet-samba-client-4.2.5-19.el6.x86_64
>> sernet-samba-common-4.2.5-19.el6.x86_64
> If you install the sernet packages, you should just be able to run
> 'samba-tool --help'
>>         I have no experience creating a AD domain and DCs.
>>     Everybody has to start somewhere.
>>     OK, if you do not want to go down this path, then try this smb.conf
>>     [global]
>>         workgroup = WORKGROUP
>>         server string = ****
>>         netbios name = *****
>>         printcap name = /dev/null
>>         load printers = no
>>         disable spoolss = yes
>>         printing = bsd
>>         dns proxy = no
>>         map to guest = Bad User
>>         guest ok = yes
>>     This should work without adding any users to the server, anybody
>>     that connects gets mapped to the guest user, but this does mean
>>     that your users cannot own anything on the server and anybody will
>>     be able to read or delete anything!!!
>> I've tried the above smb.conf, and ya, it worked, but it's definitely not
>> what I want.
>> I'll jump to the other option you suggested, but it will takes me time to
>> learn it.
> You have a few options here, you could create all your users on the samba
> machine, then recreate then again as samba users, this of course means
> knowing all your users passwords and changing them on the samba machine
> when they change them on the workstations. This way the files will be owned
> by whoever creates them.
> You could setup a new NT4-style domain, but as these are on the way out, I
> wouldn't bother.
> Probably the best way to go is to setup a new AD domain, this may think
> this is hard, but once you get into it, it is fairly logical. There is a
> lot of info out there on the internet, but I would start with the Samba
> wiki:
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
> Create your first domain in a test environment (this way it won't matter
> if you make a big error) and once you are sure it works as you want, you
> can move it to production.
> Any problems or questions, just ask.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list