[Samba] NT_STATUS_LOGON_FAILURE

Rowland penny rpenny at samba.org
Wed Oct 23 15:43:29 UTC 2019


On 23/10/2019 16:16, Timothy Brewer via samba wrote:
> Hi,
> I disabled SSSD and made the suggested changes to my smb.conf. Now Win10
> says "Windows cannot access <path>". I can no longer ssh to the server -
> permission denied error.
>
>
OK, have you added any uidNumber & gidNumber attributes to AD, if so 
your 'idmap config' block (based on what you posted earlier) should be:

     idmap config * : backend=tdb
     idmap config * : range=1000-2000
     idmap config SAMBADOM : backend = ad
     idmap config SAMBADOM : range = 10000-600000
     idmap config SAMBADOM : schema_mode =rfc2307
     idmap config SAMBADOM : unix_nss_info = yes
     idmap config SAMBADOM : unix_primary_group = yes

Just as long as the uidNumber & gidNumber attributes contain numbers 
inside the '10000-600000' range AND 'Domain Users' has a gidNumber

If you haven't added any uidNumber & gidNumber attributes, then you need 
to use this:

     idmap config * : backend=tdb
     idmap config * : range=1000-2000
     idmap config SAMBADOM : backend = rid
     idmap config SAMBADOM : range = 10000-600000

You would need to run 'net cache flush'

I would also test the join with 'net ads testjoin'

Rowland






More information about the samba mailing list