[Samba] Linux member joined to AD domain: No login with domain user possible, getent not working

[Piviul]

On 14/04/25 15:50, Paul Leiber via samba wrote:
> Dear Samba list,
>
> I am pulling my hair out over one linux machine (a laptop) joined to 
> my Samba AD domain. On this machine, I can't use domain users to 
> login. wbinfo -u shows AD users, getent passwd doesn't (no output is 
> given). From other linux and windows machines, I can login with AD 
> credentials and getent is working, so I assume that the issue is with 
> that specific member.
>
> I can issue kerberos tickets on this machine for domain members.
>
> If I use wbinfo --verbose -K INTERNAL\\user%password, the output is 
> the following:
> plaintext kerberos password authentication for [INTERNAL\user] failed 
> (requesting cctype: FILE)
> wbcLogonUser(INTERNAL\user): error code was NT_STATUS_LOGON_FAILURE 
> (0xc000006d)
> error message was: The attempted logon is invalid. This is either due 
> to a bad username or authentication information.
> Could not authenticate user [INTERNAL\user%password] with Kerberos 
> (ccache: FILE)
>
> You can find the sanitized samba info collected with the script 
> samba-collect-debug-info.sh below. I changed a lot of stuff while 
> trying to fix this issue, the smb.conf therefore looks a bit messy. I 
> tried it with a copy of a smb.conf from a working domain member, but 
> that didn't help.
>
> As this is a laptop, NetworkManager is active to provide WiFi access. 
> I don't know NetworkManager very well, I usually prefer the 
> traditional way with /etc/network/interfaces, but in this case, it 
> seemed the right thing to do. I tested a wired ethernet connection as 
> well, with the same results.I am mentioning this because I can't rule 
> out network issues, although I don't think this is the cause.
>
> I don't know what to do anymore. Any hints and advice for 
> troubleshooting are appreciated.
Hi Paul, what about the date/time on the laptop? Are you sure that the 
date/time is set correctly?

Piviul