Well, i don?t know where i mention about AD, but there is no ad. I have 2 servers - first Windows Server 2019 standard with one user ?cinegy? and second server with linux/samba with one user ?cinegy?. When i connect from windows to samba - it works without any logins. Samba get ?cinegy? account from windows client and allow access. But when Windows Service, with ?cinegy? logon want to login to samba - it shows access denied. That?s my problem. ? ?ukasz Brodowski | teamUp tel: +48.600.156.666 | mail: lukasz at teamup.pl | www.teamup.pl> Wiadomo?? napisana przez Patrick Goetz via samba <samba at lists.samba.org> w dniu 12.02.2022, o godz. 13:51: > > > > On 2/12/22 01:46, Michael Tokarev wrote: >> 12.02.2022 01:24, Patrick Goetz via samba wrote: >>> You have local accounts which match Samba AD accounts? That seems like a terrible idea; but in particular surely the user SID's don't match and maybe this is the problem? >> Um. *why* this is a bad idea, Patrick? > > This is different from the case of local accounts on a linux host. I was laboring under the assumption that Lukasz is talking about Windows clients. I'm not a Windows guy, but I think RIDs are assigned automatically by Windows when you create an account? If that's true, then having a local Windows user with the same username as a user on AD will result in having the same username with 2 different RID's. Someone correct me if I'm wrong here. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
And you have checked that the service is running as the local cinegy account? On Mon, Feb 14, 2022, 11:16 AM Lukasz Brodowski via samba < samba at lists.samba.org> wrote:> Well, i don?t know where i mention about AD, but there is no ad. > > I have 2 servers - first Windows Server 2019 standard with one user > ?cinegy? and second server with linux/samba with one user ?cinegy?. When i > connect from windows to samba - it works without any logins. Samba get > ?cinegy? account from windows client and allow access. But when Windows > Service, with ?cinegy? logon want to login to samba - it shows access > denied. That?s my problem. > > ? > ?ukasz Brodowski | teamUp > tel: +48.600.156.666 | mail: lukasz at teamup.pl | www.teamup.pl > > > > > > > > Wiadomo?? napisana przez Patrick Goetz via samba <samba at lists.samba.org> > w dniu 12.02.2022, o godz. 13:51: > > > > > > > > On 2/12/22 01:46, Michael Tokarev wrote: > >> 12.02.2022 01:24, Patrick Goetz via samba wrote: > >>> You have local accounts which match Samba AD accounts? That seems > like a terrible idea; but in particular surely the user SID's don't match > and maybe this is the problem? > >> Um. *why* this is a bad idea, Patrick? > > > > This is different from the case of local accounts on a linux host. I was > laboring under the assumption that Lukasz is talking about Windows clients. > I'm not a Windows guy, but I think RIDs are assigned automatically by > Windows when you create an account? If that's true, then having a local > Windows user with the same username as a user on AD will result in having > the same username with 2 different RID's. Someone correct me if I'm wrong > here. > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Mon, 2022-02-14 at 19:14 +0100, Lukasz Brodowski via samba wrote:> Well, i don?t know where i mention about AD, but there is no ad.Are you 100% sure about that ? I went through the logfile you posted and found these lines: Feb 10 11:02:15 vm226-omv smbd[29655]: Forcing Primary Group to 'Domain Users' for cinegy Feb 10 11:02:19 vm226-omv smbd[29655]: Security token SIDs (8): Feb 10 11:02:19 vm226-omv smbd[29655]: SID[ 0]: S-1-5-21- 837486986-1321719555-3200890617-1000 Feb 10 11:02:19 vm226-omv smbd[29655]: SID[ 1]: S-1-5-21- 837486986-1321719555-3200890617-513 You only find 'Domain Users' and the RID '513' in AD Rowland