[Samba] Samba login failure: getpwuid failed

Michael Schwager mschwage at gmail.com
Sun May 7 14:04:25 UTC 2017 

Hello,
I cannot access a remote drive using Windows or smbclient; my
authentication appears successful according to the samba log file, but
`getpwuid` fails. The server (remote) is running CentOS 7.2 and Samba
4.2.3. The client is CentOS 7.2 and smbclient 4.2.3.  The logfile shows:

    [2017/05/06 22:57:48.729284,  2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
      check_ntlm_password:  authentication for user [developer_prod] ->
[developer_prod] -> [developer_prod] succeeded
    [2017/05/06 22:57:48.731091,  1]
../source3/auth/token_util.c:430(add_local_groups)
      SID S-1-5-21-4007675785-2624567327-467545301-1000 ->
getpwuid(16777216) failed
    [2017/05/06 22:57:48.731164,  1]
../source3/smbd/sesssetup.c:280(reply_sesssetup_and_X_spnego)
      Failed to generate session_info (user and group token) for session
setup: NT_STATUS_UNSUCCESSFUL

Strangely, the SID corresponds to a local user:

    # wbinfo -s S-1-5-21-4007675785-2624567327-467545301-1000
    NY4010\developer_prod 1

(ny4010 is my samba server machine) Even though on the client I am logging
in using a domain user:

    $ smbclient -U 'my_domain\developer_prod' \\\\ny4010\\release 'password'
    session setup failed: NT_STATUS_UNSUCCESSFUL

Here is my smb.conf file:

    [global]
       workgroup = MYDOMAIN
       password server = my_domain_server.mydomain.local
       realm = MYDOMAIN.LOCAL
       security = ads
       idmap config * : range = 16777216-33554431
       template homedir = /home/%U
       template shell = /bin/bash
       kerberos method = secrets only
       winbind use default domain = true
       winbind offline logon = false
       log level = 2
       encrypt passwords = yes
           unix extensions = no
            server string = Samba Server Version %v
            log file = /var/log/samba/log.%m
            max log size = 50
            security = ads
            passdb backend = tdbsam
            realm = MYDOMAIN.LOCAL
            password server = my_domain_server.mydomain.local
            local master = no
    [homes]
            comment = Home Directories
            browseable = no
            writable = yes
    [release]
           comment = Shared directory: /prod
           path = /prod
           browseable = yes
           read only = no
           valid users = developer_prod
           guest ok = yes
           public = yes
           follow symlinks = yes
           wide links = yes
           force user = developer_prod
    [log]
           comment = Shared directory: /prod/log
           path = /prod/log
           browseable = yes
           read only = yes
           guest ok = yes
           public = yes

my nsswitch.conf file looks like:
    passwd:     files winbind

I think the smoking gun here is that a local user's SID is showing up in
that "getpwuid() failed" line...

Thanks.
-- 
-Mike Schwager

More information about the samba mailing list