[Samba] samba as ADS member(s) - virtually identical yet..

lejeczek peljasz at yahoo.co.uk
Tue Sep 13 10:37:39 UTC 2016

hi everyone,

.. one of the Sambas fails to authenticate users.

I have four virtually identical Samba systems which are 
configured as AD members.
All servers seem fine, I can
$ net ads lookup | status | dn | user | testjoin .. and so on.

But, problem is that all servers except one can successfully:

smbclient -L $(hostname) -UDOM\\user

here that one server fails:
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

That one server was the only one which was initially 
configured as local Samba to IPA domain.
But I
$ net conf drop
and I force config backend = file

I'm guessing it's somewhere id database/registry of Samba 
that prevents successful users authentication/verification.

Would you suggest how to troubleshoot it? Without wiping 
samba/configuration clean.
Version 4.2.10
I have full access to win AD DC (which I'm not very fluent 
at) if that helps.

many thanks for any help

More information about the samba mailing list