get access denied on samba AD share

centos samba samba4
6,836

After updating sssd* packages to 1.15.2-50.el7_4.6,restart smb service,i could access samba AD shares,it caused by sssd authentication broken with AD

Share:
6,836

Related videos on Youtube

xq10907
Author by

xq10907

Updated on September 18, 2022

Comments

  • xq10907
    xq10907 over 1 year

    I can not access my samba shares after upgrade my centos to 7.4,samba version was upgraded to 4.6.2 I joined centos to windows domain by realm command,domain user(format as username@doaminname) could login to centos could get kerberos ticket by kinit with domain user

    execute net view command at domain windows server get access denied

    C:\>net view \\ark-centos-smb4.qa.arkivio.com
System error 5 has occurred.

Access is denied.


C:\>net view \\192.168.32.26
System error 5 has occurred.

Access is denied.

    collected following log while get access denied error with samba server ip, I complains can not find the user,and run getent passwd domainuser@domainname could finish successfully:

    [2017/09/21 00:36:03.319546,  3]
../source3/smbd/oplock.c:1322(init_oplocks)   init_oplocks:
initializing messages. [2017/09/21 00:36:03.319707,  3]
../source3/smbd/process.c:1957(process_smb)   Transaction 0 of length
159 (0 toread) [2017/09/21 00:36:03.319744,  3]
../source3/smbd/process.c:1538(switch_message)   switch message
SMBnegprot (pid 23703) conn 0x0 [2017/09/21 00:36:03.319767,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.320414,  3]
../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol [PC
NETWORK PROGRAM 1.0] [2017/09/21 00:36:03.320441,  3]
../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol
[LANMAN1.0] [2017/09/21 00:36:03.320454,  3]
../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol
[Windows for Workgroups 3.1a] [2017/09/21 00:36:03.320466,  3]
../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol
[LM1.2X002] [2017/09/21 00:36:03.320482,  3]
../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol
[LANMAN2.1] [2017/09/21 00:36:03.320497,  3]
../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol [NT
LM 0.12] [2017/09/21 00:36:03.320509,  3]
../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol [SMB
2.002] [2017/09/21 00:36:03.320538,  3] ../source3/smbd/negprot.c:603(reply_negprot)   Requested protocol [SMB
2.???] [2017/09/21 00:36:03.320638,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.320722,  3]
../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF [2017/09/21 00:36:03.321314,  2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine
password [2017/09/21 00:36:03.321344,  3]
../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem
keytab from secrets! [2017/09/21 00:36:03.322377,  3]
../source3/smbd/negprot.c:730(reply_negprot)   Selected protocol SMB
2.??? [2017/09/21 00:36:03.323207,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.323262,  4]
../source3/smbd/sec_ctx.c:217(push_sec_ctx)   push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.323300,  4]
../source3/smbd/uid.c:491(push_conn_ctx)   push_conn_ctx(0) :
conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.323326,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.325145,  4]
../source3/smbd/sec_ctx.c:439(pop_sec_ctx)   pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.325187,  3]
../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB2_10 [2017/09/21 00:36:03.325448,  2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine
password [2017/09/21 00:36:03.325466,  3]
../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem
keytab from secrets! [2017/09/21 00:36:03.327171,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327477,  4]
../source3/smbd/sec_ctx.c:217(push_sec_ctx)   push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327498,  4]
../source3/smbd/uid.c:491(push_conn_ctx)   push_conn_ctx(0) :
conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327509,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327562,  4]
../source3/smbd/sec_ctx.c:439(pop_sec_ctx)   pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327754,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)   Got NTLMSSP
neg_flags=0xe2088297
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_LM_KEY
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    NTLMSSP_NEGOTIATE_56 [2017/09/21 00:36:03.327897,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)   push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327919,  4]
../source3/smbd/uid.c:491(push_conn_ctx)   push_conn_ctx(0) :
conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327930,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327951,  4]
../source3/smbd/sec_ctx.c:439(pop_sec_ctx)   pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328313,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328360,  4]
../source3/smbd/sec_ctx.c:217(push_sec_ctx)   push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.328376,  4]
../source3/smbd/uid.c:491(push_conn_ctx)   push_conn_ctx(0) :
conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328387,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.328403,  4]
../source3/smbd/sec_ctx.c:439(pop_sec_ctx)   pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328478,  3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)   Got
user=[arkadmin] domain=[QA] workstation=[NWT-VM-ARK8118] len1=24
len2=350 [2017/09/21 00:36:03.328573,  3]
../source3/param/loadparm.c:3823(lp_load_ex)   lp_load_ex: refreshing
parameters [2017/09/21 00:36:03.328664,  3]
../source3/param/loadparm.c:542(init_globals)   Initialising global
parameters [2017/09/21 00:36:03.328773,  3]
../source3/param/loadparm.c:2752(lp_do_section)   Processing section
"[global]"   doing parameter netbios name = ARK-CENTOS-SMB4   doing
parameter security = ADS   doing parameter workgroup = QA.ARKIVIO.COM
doing parameter kerberos method = secrets and keytab   doing parameter
realm = QA.ARKIVIO.COM   doing parameter log file =
/var/log/samba/%m.log   doing parameter log level = 4   doing
parameter local master = no   doing parameter domain master = no
doing parameter server string = Samba Server Version %v   doing
parameter max log size = 5000   doing parameter load printers = No
doing parameter wins support = no   doing parameter wins proxy = no
doing parameter dns proxy = yes   doing parameter name resolve order =
host lmhosts wins bcast [2017/09/21 00:36:03.328953,  2]
../source3/param/loadparm.c:2769(lp_do_section)   Processing section
"[arkc1]"   doing parameter comment = centos samba4 share1   doing
parameter path = /rocket/cifs/cifs1   doing parameter writable = yes
doing parameter guest ok = yes   doing parameter valid users =
[email protected],[email protected],[email protected],@"Domain
[email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected]
doing parameter admin users =
[email protected],[email protected],[email protected],@"Domain
[email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin
[2017/09/21 00:36:03.329055,  2]
../source3/param/loadparm.c:2769(lp_do_section)   Processing section
"[arkc2]"   doing parameter comment = centos samba4 share2   doing
parameter path = /rocket/cifs/cifs2   doing parameter writable = yes
doing parameter admin users =
[email protected],[email protected],[email protected],@"Domain
[email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin
doing parameter valid users =
[email protected],[email protected],[email protected],@"Domain
[email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin
[2017/09/21 00:36:03.329149,  4]
../source3/param/loadparm.c:3864(lp_load_ex)   pm_process() returned
Yes [2017/09/21 00:36:03.329186,  3]
../source3/param/loadparm.c:1592(lp_add_ipc)   adding IPC service
[2017/09/21 00:36:03.329981,  4]
../source3/libsmb/namequery_dc.c:77(ads_dc_name)   ads_dc_name:
domain=QA.ARKIVIO.COM [2017/09/21 00:36:03.331294,  3]
../source3/libsmb/namequery.c:3160(get_dc_list)   get_dc_list:
preferred server list: ", *" [2017/09/21 00:36:03.332043,  4]
../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)   ads_dns_lookup_srv:
2 records returned in the answer section. [2017/09/21 00:36:03.333572,
4] ../source3/libsmb/namequery.c:3305(get_dc_list)   get_dc_list:
returning 3 ip addresses in an ordered list [2017/09/21
00:36:03.333594,  4] ../source3/libsmb/namequery.c:3306(get_dc_list)
get_dc_list: 192.168.32.231:389 192.168.32.230:389
2001:21:21:32:743e:17d2:61a4:fdb8:389 [2017/09/21 00:36:03.334552,  3]
../source3/libads/ldap.c:618(ads_connect)   Successfully contacted
LDAP server 192.168.32.231 [2017/09/21 00:36:03.334622,  3]
../source3/libsmb/namequery.c:3160(get_dc_list)   get_dc_list:
preferred server list: ", *" [2017/09/21 00:36:03.334961,  4]
../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)   ads_dns_lookup_srv:
2 records returned in the answer section. [2017/09/21 00:36:03.335007,
4] ../source3/libsmb/namequery.c:3305(get_dc_list)   get_dc_list:
returning 3 ip addresses in an ordered list [2017/09/21
00:36:03.335023,  4] ../source3/libsmb/namequery.c:3306(get_dc_list)
get_dc_list: 192.168.32.230:88 192.168.32.231:88
2001:21:21:32:743e:17d2:61a4:fdb8:88 [2017/09/21 00:36:03.335042,  3]
../source3/libsmb/namequery.c:3160(get_dc_list)   get_dc_list:
preferred server list: ", *" [2017/09/21 00:36:03.335419,  4]
../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)   ads_dns_lookup_srv:
2 records returned in the answer section. [2017/09/21 00:36:03.335463,
4] ../source3/libsmb/namequery.c:3305(get_dc_list)   get_dc_list:
returning 3 ip addresses in an ordered list [2017/09/21
00:36:03.335478,  4] ../source3/libsmb/namequery.c:3306(get_dc_list)
get_dc_list: 192.168.32.230:88 192.168.32.231:88
2001:21:21:32:743e:17d2:61a4:fdb8:88 [2017/09/21 00:36:03.336391,  4]
../source3/libsmb/namequery_dc.c:151(ads_dc_name)   ads_dc_name: using
server='ARK-QA-DC2.QA.ARKIVIO.COM' IP=192.168.32.231 [2017/09/21
00:36:03.336496,  3]
../source3/lib/util_sock.c:515(open_socket_out_send)   Connecting to
192.168.32.231 at port 445 [2017/09/21 00:36:03.337733,  3] ../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30   got OID=1.2.840.48018.1.2.2
[2017/09/21 00:36:03.338945,  3]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)   Got
challenge flags: [2017/09/21 00:36:03.338973,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)   Got NTLMSSP
neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_TARGET_TYPE_DOMAIN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.339060,  3] ../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags: [2017/09/21 00:36:03.339076,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)   Got NTLMSSP
neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.339112,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)   NTLMSSP
Sign/Seal - Initialising with flags: [2017/09/21 00:36:03.339123,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)   Got NTLMSSP
neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.339972,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)   NTLMSSP
Sign/Seal - Initialising with flags: [2017/09/21 00:36:03.340000,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)   Got NTLMSSP
neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.344582,  3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
check_ntlm_password:  Checking password for unmapped user
[QA]\[arkadmin]@[NWT-VM-ARK8118] with the new password interface
[2017/09/21 00:36:03.344615,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
check_ntlm_password:  mapped user is:
[ARK-CENTOS-SMB4]\[arkadmin]@[NWT-VM-ARK8118] [2017/09/21
00:36:03.344650,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21
00:36:03.344698,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344714,
4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec
ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.344768,  4]
../source3/smbd/sec_ctx.c:439(pop_sec_ctx)   pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344785,  3]
../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'arkadmin' in passdb.
[2017/09/21 00:36:03.344808,  3]
../source3/auth/auth_winbind.c:60(check_winbind_security)
check_winbind_security: Not using winbind, requested domain
[ARK-CENTOS-SMB4] was for this SAM. [2017/09/21 00:36:03.344835,  2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password:  Authentication for user [arkadmin] -> [arkadmin]
FAILED with error NT_STATUS_NO_SUCH_USER [2017/09/21 00:36:03.344858,
2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2017/09/21
00:36:03.344879,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21
00:36:03.344891,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344901,
4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec
ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.344919,  4]
../source3/smbd/sec_ctx.c:439(pop_sec_ctx)   pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344949,  3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_LOGON_FAILURE] || at
../source3/smbd/smb2_sesssetup.c:134 [2017/09/21 00:36:03.345308,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345337,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345351,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345365,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)   setting sec ctx
(0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345535,  3]
../source3/smbd/server_exit.c:246(exit_server_common)   Server exit
(NT_STATUS_CONNECTION_RESET)

    here is my smb.conf content

    #working since 2017-8-1 with sssd?+ad
[global]
netbios name = ARK-CENTOS-SMB4
security = ADS
#workgroup = QA
workgroup = QA.ARKIVIO.COM
kerberos method = secrets and keytab
realm = QA.ARKIVIO.COM
log file = /var/log/samba/%m.log
log level = 4
#password server = *
#passdb backend  = tdbsam
#template shell  = /bin/bash
#template homedir = /home/%u
#winbind separator = +
local master    = no
domain master   = no
#auth methods    = guest sam_ignoredomain winbind
#guest ok        = no
server string = Samba Server Version %v
max log size = 5000
load printers = No
#idmap config * : backend = tdb
#preferred master = no
wins support = no
wins proxy = no
dns proxy = yes
#name resolve order = wins bcast host lmhosts
name resolve order = host lmhosts wins bcast

# Winbind idmap RID settings
#    winbind use default domain = yes
#    allow trusted domains = yes
#    winbind enum users = yes
#    winbind enum groups = yes
#    winbind nested groups = yes
#    idmap config QA : backend = rid
#    idmap config QA : default = yes
#    idmap config QA : range = 100-33554431
#    idmap config * : range = 33554432-67108862
#    idmap config * : backend = tdb
#    printing        = bsd
#    load printers   = no
#    disable spoolss = yes
#    printcap name   = /dev/null
#    log level       = 10
#    log file        = /var/log/samba/samba.log.%m
#    max log size    = 5000
#    debug timestamp = yes
#    oplocks         = 1
#    unix extensions = yes
#    clustering      = 0
#    smb ports       = 445, 139
#    mangled names   = yes
#    default case    = lower
#    case sensitive  = auto
#    preserve case   = yes
#    short preserve case = yes
#    bind interfaces only = yes
#    interfaces = lo bond0:2 eth0:1 eth0:2 eth2 eth3
#    dos filetimes = 1
#    create mask = 777
#    admin users = administrator

[arkc1]
comment = centos samba4 share1
path = /rocket/cifs/cifs1
#public = no
#read only = no
writable = yes
#guest ok = yes
#inherit permissions = 1
#inherit acls = 1
#map acl inherit = 1
#vfs objects = acl_xattr
#acl_xattr:ignore system acls = 1

#valid users = @"[email protected]"
#valid users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins
valid users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected]
#admin users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins,QA\arkadmin,QA.ARKIVIO.COM\arkadmin
admin users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin

[arkc2]
comment = centos samba4 share2
path = /rocket/cifs/cifs2
#public = no
#read only = no
writable = yes
#guest ok = no
#vfs objects = acl_xattr
#acl_xattr:ignore system acls = yes

admin users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin
valid users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin

[root@ark-centos-smb4 /]# getent passwd [email protected]
[email protected]:*:1712439520:1712400513:arkadmin:/home/[email protected]:/bin/bash
[root@ark-centos-smb4 /]# id [email protected]
uid=1712439520([email protected]) gid=1712400513(domain [email protected]) groups=1712400513(domain [email protected]),10(wheel),1712439592([email protected]),1712439438([email protected])

    domain users already recognized by centos,see following results

    getent passwd [email protected]
[email protected]:*:1712439520:1712400513:arkadmin:/home/[email protected]:/bin/bash

getent passwd QA\\arkadmin
[email protected]:*:1712439520:1712400513:arkadmin:/home/[email protected]:/bin/bash

    please give some advice,thanks

    • roaima
      roaima over 6 years
      The important part of all the log file dump is check_ntlm_password: Authentication for user [arkadmin] -> [arkadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2017/09/21 00:36:03.344858,. Is arkadmin the account you're using on the Windows system? How is your CentOS system able to authenticate that name - sssd perhaps? You haven't told us.
    • xq10907
      xq10907 over 6 years
      yes arkadmin is the domain user that could login to the centos server,it was recognized by getent,id, will append command results to the question
    • xq10907
      xq10907 over 6 years
      also per centos7.4 release notes,samba has issues with sssd authentication,should wait for new samba package?
  • xq10907
    xq10907 over 6 years
    thanks,but still get access denied error after applying those configuration items

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

CentOS 6.3 Samba share over internet not working
Can read but cannot write to Samba share
Missing step in setting up samba share on Centos 6
How to change SAMBA default port on centos?
Samba 4 has high CPU usage when accessing mapped drive through Windows
Issues with SAMBA starting, stopping and restarting on CentOS 7.0
SELinux Write access for vsftpd and samba
Samba + Centos (Share not working)
Commands for successful domain controller replication on Ubuntu / Samba4 / Zentyal
Samba 4 gives "Failed to find a writeable DC for domain" on samba-tool domain join