I cannot access a remote drive using Windows or smbclient; my authentication appears successful according to the samba log file, but getpwuid fails. The server (remote) is running CentOS 7.2 and Samba 4.2.3. The client is CentOS 7.2 and smbclient 4.2.3. The logfile shows:
[2017/05/06 22:57:48.729284, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [developer_prod] -> [developer_prod] -> [developer_prod] succeeded
[2017/05/06 22:57:48.731091, 1] ../source3/auth/token_util.c:430(add_local_groups)
SID S-1-5-21-4007675785-2624567327-467545301-1000 -> getpwuid(16777216) failed
[2017/05/06 22:57:48.731164, 1] ../source3/smbd/sesssetup.c:280(reply_sesssetup_and_X_spnego)
Failed to generate session_info (user and group token) for session setup: NT_STATUS_UNSUCCESSFUL
Strangely, the SID corresponds to a local user:
# wbinfo -s S-1-5-21-4007675785-2624567327-467545301-1000
NY4010\developer_prod 1
(ny4010 is my samba server machine) Even though on the client I am logging in using a domain user:
$ smbclient -U 'my_domain\developer_prod' \\\\ny4010\\release 'password'
session setup failed: NT_STATUS_UNSUCCESSFUL
Here is my smb.conf file:
[global]
workgroup = MYDOMAIN
password server = my_domain_server.mydomain.local
realm = MYDOMAIN.LOCAL
security = ads
idmap config * : range = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
kerberos method = secrets only
winbind use default domain = true
winbind offline logon = false
log level = 2
encrypt passwords = yes
unix extensions = no
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
security = ads
passdb backend = tdbsam
realm = MYDOMAIN.LOCAL
password server = my_domain_server.mydomain.local
local master = no
[homes]
comment = Home Directories
browseable = no
writable = yes
[release]
comment = Shared directory: /prod
path = /prod
browseable = yes
read only = no
valid users = developer_prod
guest ok = yes
public = yes
follow symlinks = yes
wide links = yes
force user = developer_prod
[log]
comment = Shared directory: /prod/log
path = /prod/log
browseable = yes
read only = yes
guest ok = yes
public = yes
my nsswitch.conf file looks like: passwd: files winbind
I think the smoking gun here is that a local user's SID is showing up in that getpwuid failed line...
For us everything was working till Samba version 4.8.3 on Centos 7, it broke with samba update samba-4.9.1-6.el7.x86_64.
I was getting this error :
So after hours of troubleshooting adding winbind instead of sss to "/etc/nsswitch.conf" worked.
Also added these new options to smb.conf
Clear Winbind cache
How to clear Winbind cache
Stop the Winbind service :
Stop the samba service if you have it :
Clear the Samba Net cache:
Delete the Winbind cache :
Start the samba service if you have it :
Start the Winbind service
Now you can check.