Reading : http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed it seems there are options not to check having consistant SIDs. Otherwise, I used the solution with : net setlocalsid and it worked for me. Jacky ------------------------------------------- Here, the details of what I did : BEFORE : j-carimalo at j-carimalo-desktop:~$ smbclient //172.18.220.10/test -U j-carimalo Enter j-carimalo's password: session setup failed: NT_STATUS_UNSUCCESSFUL -------------------------------------------------------------------------------------------------------- root at doctoriale:/var/log/samba# vi log.j-carimalo-desktop [2013/02/04 18:39:53.255226, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for j-carimalo [2013/02/04 18:39:53.255402, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-2904347395-2486898077-706273725-513) does not match the domain sid(S-1-5-21-1927198471-1056857077-4159082931) for j-carimalo(S-1-5-21-1927198471-1056857077-4159082931-14228) [2013/02/04 18:39:53.255479, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2013/02/04 18:39:53.255684, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [j-carimalo] -> [j-carimalo] FAILED with error NT_STATUS_UNSUCCESSFUL [2013/02/04 18:39:53.255731, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_UNSUCCESSFUL [2013/02/04 18:39:53.256517, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) -------------------------------------------------------------------------------------------------------- root at doctoriale:/etc/samba# net getlocalsid smbldap_search_domain_info: Adding domain info for DOCTO failed with NT_STATUS_UNSUCCESSFUL SID for domain DOCTO is: S-1-5-21-2904347395-2486898077-706273725 root at doctoriale:/etc/samba# net getdomainsid smbldap_search_domain_info: Adding domain info for DOCTO failed with NT_STATUS_UNSUCCESSFUL SID for local machine DOCTO is: S-1-5-21-2904347395-2486898077-706273725 SID for domain DOCTO is: S-1-5-21-2904347395-2486898077-706273725 -------------------------------------------------------------------------------------------------------- root at doctoriale:/etc/samba# pdbedit -v j-carimalo WARNING: The "enable privileges" option is deprecated smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MSH))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server smbldap_search_domain_info: Got no domain info entries for domain add_new_domain_info: Adding new domain add_new_domain_info: failed to add domain dn= sambaDomainName=MSH,dc=univ-nantes,dc=fr with: Referral unknown smbldap_search_domain_info: Adding domain info for MSH failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs init_sam_from_ldap: Entry found for user: j-carimalo Unix username: j-carimalo NT username: j-carimalo Account Flags: [UX ] User SID: S-1-5-21-1927198471-1056857077-4159082931-14228 Primary Group SID: S-1-5-21-2942490213-4119275230-1086943613-513 Full Name: Jacky CARIMALO Home Directory: \\HOMESRV\j-carimalo HomeDir Drive: Z: Logon Script: Profile Path: \\docto\j-carimalo\profile Domain: DOCTO Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: sam., 30 juin 2012 11:19:31 CEST Password can change: sam., 30 juin 2012 11:19:31 CEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -------------------------------------------------------------------------------------------------------- ACTION : root at doctoriale:/etc/samba# net setlocalsid S-1-5-21-1927198471-1056857077-4159082931 -------------------------------------------------------------------------------------------------------- AFTER : root at doctoriale:/etc/samba# net getlocalsid smbldap_search_domain_info: Adding domain info for DOCTO failed with NT_STATUS_UNSUCCESSFUL SID for domain DOCTO is: S-1-5-21-1927198471-1056857077-4159082931 root at doctoriale:/etc/samba# net getdomainsid smbldap_search_domain_info: Adding domain info for DOCTO failed with NT_STATUS_UNSUCCESSFUL SID for local machine DOCTO is: S-1-5-21-1927198471-1056857077-4159082931 SID for domain DOCTO is: S-1-5-21-1927198471-1056857077-4159082931 -------------------------------------------------------------------------------------------------------- root at doctoriale:/etc/samba# /etc/init.d/smbd stop root at doctoriale:/etc/samba# /etc/init.d/smbd start -------------------------------------------------------------------------------------------------------- j-carimalo at j-carimalo-desktop:~$ smbclient //172.18.220.10/test -U j-carimalo Enter j-carimalo's password: Domain=[DOCTO] OS=[Unix] Server=[Samba 3.6.6] smb: \> mkdir toto smb: \> ls . D 0 Mon Feb 4 18:42:35 2013 .. D 0 Fri Feb 1 08:42:40 2013 toto D 0 Mon Feb 4 18:42:35 2013 46932 blocks of size 2097152. 44454 blocks available smb: \> quit j-carimalo at j-carimalo-desktop:~$ -------------------------------------------------------------------------------------------------------- root at doctoriale:/etc/samba# pdbedit -v j-carimalo WARNING: The "enable privileges" option is deprecated smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOCTO))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server smbldap_search_domain_info: Got no domain info entries for domain add_new_domain_info: Adding new domain add_new_domain_info: failed to add domain dn= sambaDomainName=DOCTO,dc=univ-nantes,dc=fr with: Insufficient access no write access to entry smbldap_search_domain_info: Adding domain info for DOCTO failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistent SIDs init_sam_from_ldap: Entry found for user: j-carimalo Forcing Primary Group to 'Domain Users' for j-carimalo Unix username: j-carimalo NT username: j-carimalo Account Flags: [UX ] User SID: S-1-5-21-1927198471-1056857077-4159082931-14228 Primary Group SID: S-1-5-21-1927198471-1056857077-4159082931-513 Full Name: Jacky CARIMALO Home Directory: \\HOMESRV\j-carimalo HomeDir Drive: Z: Logon Script: Profile Path: \\docto\j-carimalo\profile Domain: DOCTO Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: sam., 30 juin 2012 11:19:31 CEST Password can change: sam., 30 juin 2012 11:19:31 CEST Password must change: mar., 19 janv. 2038 04:14:07 CET Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF On 02/23/2012 11:38 AM, marco.schaerfke at proteomics.com wrote: > [2012/02/23 09:32:21.669389, 1] auth/server_info.c:391(samu_to_SamInfo3) > The primary group domain > sid(S-1-5-21-463168302-511420122-2937072671-513) does not match the > domain sid(S-1-5-21-706331994-863180292-319919955) for > mos(S-1-5-21-706331994-863180292-319919955-5019) > [2012/02/23 09:32:21.669528, 0] auth/check_samsec.c:491(check_sam_security) > check_sam_security: make_server_info_sam() failed with > 'NT_STATUS_UNSUCCESSFUL' The entries for the domain and the users/groups are inconsistent. Newer Samba versions added some more consistency checks. So the primary group has domain SID S-1-5-21-463168302-511420122-2937072671 while user "mos" has domain SID of S-1-5-21-706331994-863180292-319919955 The domain SIDs need to be in sync to pass the semantical checks in Samba. Cheers, Christian