[Samba] samba as ADS member(s) - virtually identical yet..
Rowland Penny
rpenny at samba.org
Tue Sep 13 11:04:23 UTC 2016
On Tue, 13 Sep 2016 11:37:39 +0100
lejeczek via samba <samba at lists.samba.org> wrote:
> hi everyone,
>
> .. one of the Sambas fails to authenticate users.
>
> I have four virtually identical Samba systems which are
> configured as AD members.
> All servers seem fine, I can
> $ net ads lookup | status | dn | user | testjoin .. and so on.
>
> But, problem is that all servers except one can successfully:
>
> smbclient -L $(hostname) -UDOM\\user
>
> here that one server fails:
> SPNEGO login failed: Logon failure
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> That one server was the only one which was initially
> configured as local Samba to IPA domain.
> But I
> $ net conf drop
> and I force config backend = file
>
> I'm guessing it's somewhere id database/registry of Samba
> that prevents successful users authentication/verification.
>
> Would you suggest how to troubleshoot it? Without wiping
> samba/configuration clean.
> Version 4.2.10
> I have full access to win AD DC (which I'm not very fluent
> at) if that helps.
>
> many thanks for any help
> L.
>
>
If only one domain member is giving problems, it is likely to be a
problem with that computer.
You could start by comparing the conf files on the non working computer
with a working computer.
It might help if you give us a bit more info, what OS ?
post your conf files, we might spot something.
Rowland
More information about the samba
mailing list