search for: qwertz12345

...name) works and refers to the sAMAccountName. "uid=3000(tim-sam) gid=3000(domain users) groups=3000(domain users),3001(storage-users),1000001(BUILTIN\users). "login tim-upn" works, "ssh tim-upn at localhost", too.? Also: "smbclient -L //localhost -W ADTEST -U tim-sam%Qwertz12345" works, but "smbclient -L //localhost -W ADTEST -U tim-upn%Qwertz12345" doesn't. Still confused. > This matches my direct observations. Also sssd has many options for > tuning that get *thrown out* with any security update of the software, > they are flushed by any run...

...e sAMAccountName. > > "uid=3000(tim-sam) gid=3000(domain users) groups=3000(domain > users),3001(storage-users),1000001(BUILTIN\users). > > "login tim-upn" works, "ssh tim-upn at localhost", too.? Also: "smbclient > -L //localhost -W ADTEST -U tim-sam%Qwertz12345" works, but "smbclient > -L //localhost -W ADTEST -U tim-upn%Qwertz12345" doesn't. > > Still confused. > So am I, '3000' for Domain Users and '1000001' for BUILTIN\users. Might help if you post the smb.conf you are using. Rowland

On 13/10/2020 15:01, Markus Jansen via samba wrote: > Thank you very much for your hints. > > I got rid of SSSD and managed to get a successful kerberos > authentication via wbinfo -K and the UPN. > > But accessing via SMB (using MAC OS' smbutil or Finder) still fails with > "FAILED with error NT_STATUS_NO_SUCH_USER". > > As I'm using CentOS 8, I used

...t; >> "uid=3000(tim-sam) gid=3000(domain users) groups=3000(domain >> users),3001(storage-users),1000001(BUILTIN\users). >> >> "login tim-upn" works, "ssh tim-upn at localhost", too.? Also: "smbclient >> -L //localhost -W ADTEST -U tim-sam%Qwertz12345" works, but "smbclient >> -L //localhost -W ADTEST -U tim-upn%Qwertz12345" doesn't. >> >> Still confused. >> > So am I, '3000' for Domain Users and '1000001' for BUILTIN\users. > Might help if you post the smb.conf you are using. >...