[Samba] Linux member joined to AD domain: No login with domain user possible, getent not working
Rowland Penny
rpenny at samba.org
Mon Apr 14 19:11:29 UTC 2025
On Mon, 14 Apr 2025 15:50:50 +0200
Paul Leiber via samba <samba at lists.samba.org> wrote:
> Dear Samba list,
>
> I am pulling my hair out over one linux machine (a laptop) joined to
> my Samba AD domain. On this machine, I can't use domain users to
> login. wbinfo -u shows AD users, getent passwd doesn't (no output is
> given). From other linux and windows machines, I can login with AD
> credentials and getent is working, so I assume that the issue is with
> that specific member.
>
> I can issue kerberos tickets on this machine for domain members.
>
> If I use wbinfo --verbose -K INTERNAL\\user%password, the output is
> the following:
> plaintext kerberos password authentication for [INTERNAL\user] failed
> (requesting cctype: FILE)
> wbcLogonUser(INTERNAL\user): error code was NT_STATUS_LOGON_FAILURE
> (0xc000006d)
> error message was: The attempted logon is invalid. This is either due
> to a bad username or authentication information.
> Could not authenticate user [INTERNAL\user%password] with Kerberos
> (ccache: FILE)
>
> You can find the sanitized samba info collected with the script
> samba-collect-debug-info.sh below. I changed a lot of stuff while
> trying to fix this issue, the smb.conf therefore looks a bit messy. I
> tried it with a copy of a smb.conf from a working domain member, but
> that didn't help.
>
I haven't seen the output from that script for a very long time, but it
all appears to be what is expected, so my first thought, is there a
firewall getting in the way ?
Rowland
More information about the samba
mailing list