You have local accounts which match Samba AD accounts? That seems like a terrible idea; but in particular surely the user SID's don't match and maybe this is the problem? On 2/10/22 14:50, Lukasz Brodowski via samba wrote:> Hi all. This is my first post, so be gentle :) > > Software that i use (Cinegy Capture) record video streams to files. Working on windows server 2019 machine. This software works as service with local user credentials. The same credencial are on samba server. When i connecting using windows gui to samba server everything works - users on both side are the same, password also, so everything works fine. But when service wants to connect i receive access denied. > > When i switch samba server to windows server - connecting by gui and by service works fine. > > i attach logs and smb.conf > > logs: > https://zerobin.net/?7c1179bd421cbb29#3WAvMykZrLc0dVcJqnpELBYRFojn+tCdzq4lw7IP8b4= <https://zerobin.net/?7c1179bd421cbb29#3WAvMykZrLc0dVcJqnpELBYRFojn+tCdzq4lw7IP8b4=> > > smb.conf > https://zerobin.net/?ff26ea95206e89d5#ThX8Qf1geoed3oGALvHwaRAeCYeipEStJSUjngS0okA= <https://zerobin.net/?ff26ea95206e89d5#ThX8Qf1geoed3oGALvHwaRAeCYeipEStJSUjngS0okA=> > > ? > ?ukasz Brodowski | teamUp > tel: +48.600.156.666 | mail: lukasz at teamup.pl <mailto:lukasz at teamup.pl> | www.teamup.pl <http://teamup.pl/> > > > > > >
Of course not - i have local accounts on both sides - windows have their own local ?cinegy? account and samba have its onw ?cinegy?. Working without problems when you just type unc in windows. But windows service - shows access denied. ? ?ukasz Brodowski | teamUp tel: +48.600.156.666 | mail: lukasz at teamup.pl | www.teamup.pl> Wiadomo?? napisana przez Patrick Goetz via samba <samba at lists.samba.org> w dniu 11.02.2022, o godz. 23:24: > > You have local accounts which match Samba AD accounts? That seems like a terrible idea; but in particular surely the user SID's don't match and maybe this is the problem? > > On 2/10/22 14:50, Lukasz Brodowski via samba wrote: >> Hi all. This is my first post, so be gentle :) >> Software that i use (Cinegy Capture) record video streams to files. Working on windows server 2019 machine. This software works as service with local user credentials. The same credencial are on samba server. When i connecting using windows gui to samba server everything works - users on both side are the same, password also, so everything works fine. But when service wants to connect i receive access denied. >> When i switch samba server to windows server - connecting by gui and by service works fine. >> i attach logs and smb.conf >> logs: >> https://zerobin.net/?7c1179bd421cbb29#3WAvMykZrLc0dVcJqnpELBYRFojn+tCdzq4lw7IP8b4= <https://zerobin.net/?7c1179bd421cbb29#3WAvMykZrLc0dVcJqnpELBYRFojn+tCdzq4lw7IP8b4=> >> smb.conf >> https://zerobin.net/?ff26ea95206e89d5#ThX8Qf1geoed3oGALvHwaRAeCYeipEStJSUjngS0okA= <https://zerobin.net/?ff26ea95206e89d5#ThX8Qf1geoed3oGALvHwaRAeCYeipEStJSUjngS0okA=> >> ? >> ?ukasz Brodowski | teamUp >> tel: +48.600.156.666 | mail: lukasz at teamup.pl <mailto:lukasz at teamup.pl> | www.teamup.pl <http://teamup.pl/> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
12.02.2022 01:24, Patrick Goetz via samba wrote:> You have local accounts which match Samba AD accounts?? That seems like a terrible idea; but in particular surely the user SID's don't match and maybe > this is the problem?Um. *why* this is a bad idea, Patrick? It seems to be a popular topic (I faced another prob due to this), but it seems it all boils down to 2 questions: 1. *why* it is actually a bad idea to have the same users locally and in AD? Myself, I think about just one "user", parts of its attributes, roughly speaking, are stored locally in /etc/passwd &Co for local access and parts are in AD, for access over SMB network. The two parts are in sync (I assume it is okay for that user to not work right in case they're not in sync). Why my view is a "terrible idea"? This question is important, to me at least. 2. If it really is this that bad an idea, why this really important and confusing for so many people fact isn't mentioned in bold on every ad-related page? :) Seriously, people come to this conclusion only after facing many errors trying to fix all sorts of probs. I guess it'd be much less surprising/confusing if there was some information about this somewhere... Thank you! /mjt