[Samba] Domain member server: user access
L.P.H. van Belle
belle at bazuin.nl
Mon Sep 25 14:24:48 UTC 2017
Hai Stefan,
Can you try the following.
Reboot the server, then reboot the pc, then login with the not working user.
When/If that works, then login and login with the other users try then.
And, i bet you checked it, but must ask, time in sync?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Stefan G. Weichinger via samba
> Verzonden: maandag 25 september 2017 16:02
> Aan: samba
> Onderwerp: [Samba] Domain member server: user access
>
>
> samba-4.6.8 on both DC and DM.
>
> 3 users were created as suggested:
>
> DC # samba-tool user create kamleitnerl Le26xxx
> --nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl
> --uid-number=10070 --login-shell=/bin/false --gid-number=100
>
> this user can login to a Windows PC, but not access/connect shares.
>
> log for the PC's IP:
>
> [2017/09/25 15:45:10.522051, 1]
> ../source3/auth/token_util.c:431(add_local_groups)
> SID S-1-5-21-2777655458-4002997014-749295002-3141 ->
> getpwuid(10070) failed
> [2017/09/25 15:45:10.522091, 1]
> ../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac)
> Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
> [2017/09/25 15:45:10.522120, 1]
> ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego)
> Failed to generate session_info (user and group token) for session
> setup: NT_STATUS_ACCESS_DENIED
>
>
> on the DM I see the user like:
>
> main # wbinfo -S S-1-5-21-2777655458-4002997014-749295002-3141
> 10070
>
> but why:
>
> # smbclient -L main -Ukamleitnerl%Le26xxx session setup
> failed: NT_STATUS_ACCESS_DENIED
>
> auth works:
>
> # wbinfo -a kamleitnerl%Le26xxx
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
> wrong group?
>
> It is the same as for other users which work.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list