[Samba] Domain member server: user access
Stefan G. Weichinger
lists at xunil.at
Mon Sep 25 14:01:59 UTC 2017
samba-4.6.8 on both DC and DM.
3 users were created as suggested:
DC # samba-tool user create kamleitnerl Le26xxx
--nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl
--uid-number=10070 --login-shell=/bin/false --gid-number=100
this user can login to a Windows PC, but not access/connect shares.
log for the PC's IP:
[2017/09/25 15:45:10.522051, 1]
../source3/auth/token_util.c:431(add_local_groups)
SID S-1-5-21-2777655458-4002997014-749295002-3141 -> getpwuid(10070)
failed
[2017/09/25 15:45:10.522091, 1]
../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac)
Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
[2017/09/25 15:45:10.522120, 1]
../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego)
Failed to generate session_info (user and group token) for session
setup: NT_STATUS_ACCESS_DENIED
on the DM I see the user like:
main # wbinfo -S S-1-5-21-2777655458-4002997014-749295002-3141
10070
but why:
# smbclient -L main -Ukamleitnerl%Le26xxx
session setup failed: NT_STATUS_ACCESS_DENIED
auth works:
# wbinfo -a kamleitnerl%Le26xxx
plaintext password authentication succeeded
challenge/response password authentication succeeded
wrong group?
It is the same as for other users which work.
More information about the samba
mailing list