[Samba] Domain member server: user access

Stefan G. Weichinger lists at xunil.at
Mon Sep 25 14:01:59 UTC 2017

samba-4.6.8 on both DC and DM.

3 users were created as suggested:

DC # samba-tool user create kamleitnerl Le26xxx
--nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl
--uid-number=10070 --login-shell=/bin/false --gid-number=100

this user can login to a Windows PC, but not access/connect shares.

log for the PC's IP:

[2017/09/25 15:45:10.522051,  1]
  SID S-1-5-21-2777655458-4002997014-749295002-3141 -> getpwuid(10070)
[2017/09/25 15:45:10.522091,  1]
  Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
[2017/09/25 15:45:10.522120,  1]
  Failed to generate session_info (user and group token) for session

on the DM I see the user like:

main # wbinfo  -S S-1-5-21-2777655458-4002997014-749295002-3141

but why:

# smbclient -L main -Ukamleitnerl%Le26xxx
session setup failed: NT_STATUS_ACCESS_DENIED

auth works:

# wbinfo -a kamleitnerl%Le26xxx
plaintext password authentication succeeded
challenge/response password authentication succeeded

wrong group?

It is the same as for other users which work.

More information about the samba mailing list