get access denied on samba AD share
After updating sssd* packages to 1.15.2-50.el7_4.6,restart smb service,i could access samba AD shares,it caused by sssd authentication broken with AD
Related videos on Youtube
xq10907
Updated on September 18, 2022Comments
-
xq10907 over 1 year
I can not access my samba shares after upgrade my centos to 7.4,samba version was upgraded to 4.6.2 I joined centos to windows domain by realm command,domain user(format as username@doaminname) could login to centos could get kerberos ticket by kinit with domain user
execute net view command at domain windows server get access denied
C:\>net view \\ark-centos-smb4.qa.arkivio.com System error 5 has occurred. Access is denied. C:\>net view \\192.168.32.26 System error 5 has occurred. Access is denied.
collected following log while get access denied error with samba server ip, I complains can not find the user,and run
getent passwd domainuser@domainname
could finish successfully:[2017/09/21 00:36:03.319546, 3] ../source3/smbd/oplock.c:1322(init_oplocks) init_oplocks: initializing messages. [2017/09/21 00:36:03.319707, 3] ../source3/smbd/process.c:1957(process_smb) Transaction 0 of length 159 (0 toread) [2017/09/21 00:36:03.319744, 3] ../source3/smbd/process.c:1538(switch_message) switch message SMBnegprot (pid 23703) conn 0x0 [2017/09/21 00:36:03.319767, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.320414, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2017/09/21 00:36:03.320441, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LANMAN1.0] [2017/09/21 00:36:03.320454, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2017/09/21 00:36:03.320466, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LM1.2X002] [2017/09/21 00:36:03.320482, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LANMAN2.1] [2017/09/21 00:36:03.320497, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [NT LM 0.12] [2017/09/21 00:36:03.320509, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [SMB 2.002] [2017/09/21 00:36:03.320538, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [SMB 2.???] [2017/09/21 00:36:03.320638, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.320722, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB2_FF [2017/09/21 00:36:03.321314, 2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets) ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password [2017/09/21 00:36:03.321344, 3] ../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab) ../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem keytab from secrets! [2017/09/21 00:36:03.322377, 3] ../source3/smbd/negprot.c:730(reply_negprot) Selected protocol SMB 2.??? [2017/09/21 00:36:03.323207, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.323262, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.323300, 4] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.323326, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.325145, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.325187, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB2_10 [2017/09/21 00:36:03.325448, 2] ../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets) ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password [2017/09/21 00:36:03.325466, 3] ../source3/librpc/crypto/gse_krb5.c:587(gse_krb5_get_server_keytab) ../source3/librpc/crypto/gse_krb5.c:587: Warning! Unable to set mem keytab from secrets! [2017/09/21 00:36:03.327171, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327477, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327498, 4] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327509, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327562, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327754, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2017/09/21 00:36:03.327897, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327919, 4] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.327930, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.327951, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328313, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328360, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.328376, 4] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328387, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.328403, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.328478, 3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth) Got user=[arkadmin] domain=[QA] workstation=[NWT-VM-ARK8118] len1=24 len2=350 [2017/09/21 00:36:03.328573, 3] ../source3/param/loadparm.c:3823(lp_load_ex) lp_load_ex: refreshing parameters [2017/09/21 00:36:03.328664, 3] ../source3/param/loadparm.c:542(init_globals) Initialising global parameters [2017/09/21 00:36:03.328773, 3] ../source3/param/loadparm.c:2752(lp_do_section) Processing section "[global]" doing parameter netbios name = ARK-CENTOS-SMB4 doing parameter security = ADS doing parameter workgroup = QA.ARKIVIO.COM doing parameter kerberos method = secrets and keytab doing parameter realm = QA.ARKIVIO.COM doing parameter log file = /var/log/samba/%m.log doing parameter log level = 4 doing parameter local master = no doing parameter domain master = no doing parameter server string = Samba Server Version %v doing parameter max log size = 5000 doing parameter load printers = No doing parameter wins support = no doing parameter wins proxy = no doing parameter dns proxy = yes doing parameter name resolve order = host lmhosts wins bcast [2017/09/21 00:36:03.328953, 2] ../source3/param/loadparm.c:2769(lp_do_section) Processing section "[arkc1]" doing parameter comment = centos samba4 share1 doing parameter path = /rocket/cifs/cifs1 doing parameter writable = yes doing parameter guest ok = yes doing parameter valid users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected] doing parameter admin users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin [2017/09/21 00:36:03.329055, 2] ../source3/param/loadparm.c:2769(lp_do_section) Processing section "[arkc2]" doing parameter comment = centos samba4 share2 doing parameter path = /rocket/cifs/cifs2 doing parameter writable = yes doing parameter admin users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin doing parameter valid users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin [2017/09/21 00:36:03.329149, 4] ../source3/param/loadparm.c:3864(lp_load_ex) pm_process() returned Yes [2017/09/21 00:36:03.329186, 3] ../source3/param/loadparm.c:1592(lp_add_ipc) adding IPC service [2017/09/21 00:36:03.329981, 4] ../source3/libsmb/namequery_dc.c:77(ads_dc_name) ads_dc_name: domain=QA.ARKIVIO.COM [2017/09/21 00:36:03.331294, 3] ../source3/libsmb/namequery.c:3160(get_dc_list) get_dc_list: preferred server list: ", *" [2017/09/21 00:36:03.332043, 4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv) ads_dns_lookup_srv: 2 records returned in the answer section. [2017/09/21 00:36:03.333572, 4] ../source3/libsmb/namequery.c:3305(get_dc_list) get_dc_list: returning 3 ip addresses in an ordered list [2017/09/21 00:36:03.333594, 4] ../source3/libsmb/namequery.c:3306(get_dc_list) get_dc_list: 192.168.32.231:389 192.168.32.230:389 2001:21:21:32:743e:17d2:61a4:fdb8:389 [2017/09/21 00:36:03.334552, 3] ../source3/libads/ldap.c:618(ads_connect) Successfully contacted LDAP server 192.168.32.231 [2017/09/21 00:36:03.334622, 3] ../source3/libsmb/namequery.c:3160(get_dc_list) get_dc_list: preferred server list: ", *" [2017/09/21 00:36:03.334961, 4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv) ads_dns_lookup_srv: 2 records returned in the answer section. [2017/09/21 00:36:03.335007, 4] ../source3/libsmb/namequery.c:3305(get_dc_list) get_dc_list: returning 3 ip addresses in an ordered list [2017/09/21 00:36:03.335023, 4] ../source3/libsmb/namequery.c:3306(get_dc_list) get_dc_list: 192.168.32.230:88 192.168.32.231:88 2001:21:21:32:743e:17d2:61a4:fdb8:88 [2017/09/21 00:36:03.335042, 3] ../source3/libsmb/namequery.c:3160(get_dc_list) get_dc_list: preferred server list: ", *" [2017/09/21 00:36:03.335419, 4] ../lib/addns/dnsquery.c:435(ads_dns_lookup_srv) ads_dns_lookup_srv: 2 records returned in the answer section. [2017/09/21 00:36:03.335463, 4] ../source3/libsmb/namequery.c:3305(get_dc_list) get_dc_list: returning 3 ip addresses in an ordered list [2017/09/21 00:36:03.335478, 4] ../source3/libsmb/namequery.c:3306(get_dc_list) get_dc_list: 192.168.32.230:88 192.168.32.231:88 2001:21:21:32:743e:17d2:61a4:fdb8:88 [2017/09/21 00:36:03.336391, 4] ../source3/libsmb/namequery_dc.c:151(ads_dc_name) ads_dc_name: using server='ARK-QA-DC2.QA.ARKIVIO.COM' IP=192.168.32.231 [2017/09/21 00:36:03.336496, 3] ../source3/lib/util_sock.c:515(open_socket_out_send) Connecting to 192.168.32.231 at port 445 [2017/09/21 00:36:03.337733, 3] ../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 [2017/09/21 00:36:03.338945, 3] ../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge) Got challenge flags: [2017/09/21 00:36:03.338973, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.339060, 3] ../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2017/09/21 00:36:03.339076, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62008a15 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_ANONYMOUS NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.339112, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2017/09/21 00:36:03.339123, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62008a15 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_ANONYMOUS NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.339972, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2017/09/21 00:36:03.340000, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62008a15 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_ANONYMOUS NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2017/09/21 00:36:03.344582, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [QA]\[arkadmin]@[NWT-VM-ARK8118] with the new password interface [2017/09/21 00:36:03.344615, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) check_ntlm_password: mapped user is: [ARK-CENTOS-SMB4]\[arkadmin]@[NWT-VM-ARK8118] [2017/09/21 00:36:03.344650, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.344698, 4] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344714, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.344768, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344785, 3] ../source3/auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'arkadmin' in passdb. [2017/09/21 00:36:03.344808, 3] ../source3/auth/auth_winbind.c:60(check_winbind_security) check_winbind_security: Not using winbind, requested domain [ARK-CENTOS-SMB4] was for this SAM. [2017/09/21 00:36:03.344835, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [arkadmin] -> [arkadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2017/09/21 00:36:03.344858, 2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2017/09/21 00:36:03.344879, 4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.344891, 4] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344901, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2017/09/21 00:36:03.344919, 4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.344949, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134 [2017/09/21 00:36:03.345308, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345337, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345351, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345365, 4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/09/21 00:36:03.345535, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)
here is my smb.conf content
#working since 2017-8-1 with sssd?+ad [global] netbios name = ARK-CENTOS-SMB4 security = ADS #workgroup = QA workgroup = QA.ARKIVIO.COM kerberos method = secrets and keytab realm = QA.ARKIVIO.COM log file = /var/log/samba/%m.log log level = 4 #password server = * #passdb backend = tdbsam #template shell = /bin/bash #template homedir = /home/%u #winbind separator = + local master = no domain master = no #auth methods = guest sam_ignoredomain winbind #guest ok = no server string = Samba Server Version %v max log size = 5000 load printers = No #idmap config * : backend = tdb #preferred master = no wins support = no wins proxy = no dns proxy = yes #name resolve order = wins bcast host lmhosts name resolve order = host lmhosts wins bcast # Winbind idmap RID settings # winbind use default domain = yes # allow trusted domains = yes # winbind enum users = yes # winbind enum groups = yes # winbind nested groups = yes # idmap config QA : backend = rid # idmap config QA : default = yes # idmap config QA : range = 100-33554431 # idmap config * : range = 33554432-67108862 # idmap config * : backend = tdb # printing = bsd # load printers = no # disable spoolss = yes # printcap name = /dev/null # log level = 10 # log file = /var/log/samba/samba.log.%m # max log size = 5000 # debug timestamp = yes # oplocks = 1 # unix extensions = yes # clustering = 0 # smb ports = 445, 139 # mangled names = yes # default case = lower # case sensitive = auto # preserve case = yes # short preserve case = yes # bind interfaces only = yes # interfaces = lo bond0:2 eth0:1 eth0:2 eth2 eth3 # dos filetimes = 1 # create mask = 777 # admin users = administrator [arkc1] comment = centos samba4 share1 path = /rocket/cifs/cifs1 #public = no #read only = no writable = yes #guest ok = yes #inherit permissions = 1 #inherit acls = 1 #map acl inherit = 1 #vfs objects = acl_xattr #acl_xattr:ignore system acls = 1 #valid users = @"[email protected]" #valid users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins valid users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected] #admin users = administrator,auto-stor,arkadmin,Domain Admins,autostoradmins,QA\arkadmin,QA.ARKIVIO.COM\arkadmin admin users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin [arkc2] comment = centos samba4 share2 path = /rocket/cifs/cifs2 #public = no #read only = no writable = yes #guest ok = no #vfs objects = acl_xattr #acl_xattr:ignore system acls = yes admin users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin valid users = [email protected],[email protected],[email protected],@"Domain [email protected]",@"[email protected]","QA.ARKIVIO.COM\AutostorAdmins",[email protected],QA\arkadmin,QA.ARKIVIO.COM\arkadmin [root@ark-centos-smb4 /]# getent passwd [email protected] [email protected]:*:1712439520:1712400513:arkadmin:/home/[email protected]:/bin/bash [root@ark-centos-smb4 /]# id [email protected] uid=1712439520([email protected]) gid=1712400513(domain [email protected]) groups=1712400513(domain [email protected]),10(wheel),1712439592([email protected]),1712439438([email protected])
domain users already recognized by centos,see following results
getent passwd [email protected] [email protected]:*:1712439520:1712400513:arkadmin:/home/[email protected]:/bin/bash getent passwd QA\\arkadmin [email protected]:*:1712439520:1712400513:arkadmin:/home/[email protected]:/bin/bash
please give some advice,thanks
-
roaima over 6 yearsThe important part of all the log file dump is
check_ntlm_password: Authentication for user [arkadmin] -> [arkadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2017/09/21 00:36:03.344858,
. Isarkadmin
the account you're using on the Windows system? How is your CentOS system able to authenticate that name -sssd
perhaps? You haven't told us. -
xq10907 over 6 yearsyes arkadmin is the domain user that could login to the centos server,it was recognized by getent,id, will append command results to the question
-
xq10907 over 6 yearsalso per centos7.4 release notes,samba has issues with sssd authentication,should wait for new samba package?
-
-
xq10907 over 6 yearsthanks,but still get access denied error after applying those configuration items