[OmniOS-discuss] FW: CIFS access denied to some users from AD

Richard Jahnel Richard.Jahnel at RealPage.com
Tue May 29 15:32:49 UTC 2018 

This may be the root of your issue. There is a registry/gpo edit that might be of assistance.

https://blogs.technet.microsoft.com/askpfeplat/2018/05/07/credssp-rdp-and-raven/


Richard Jahnel
Backups Team
2201 Lakeside Blvd, Richardson, Tx 75007
Office: (972) 810-2527

From: OmniOS-discuss [mailto:omnios-discuss-bounces at lists.omniti.com] On Behalf Of Piotr Kaminski
Sent: Saturday, May 26, 2018 12:57 PM
To: omnios-discuss at lists.omniti.com
Subject: [OmniOS-discuss] CIFS access denied to some users from AD


Hi Everybody,



My OmniOSce CIFS server is joined to AD domain (based on Samba 4 from Ubuntu). A few days ago some client computers where updated to Win 10 1803 and two users started complaining they cannot access the CIFS share. I have checked everything and cannot find the problem.

  *   There is ACL rule for a "employees" AD group allowing access for the members,
  *   there are about 20 members and only 2 of them have problem,
  *   the two accounts CAN  connect to another Windows machine via RDP and are authorized by AD DC (I even changed passwords to check and still can connect with the new passwords),
  *   the two accounts cannot access the CIFS share from OmniIOSce server.

When I try to access the server from Ubuntu machine I get the following with "good_user":

# smbclient -U good_user -L //omnios

Enter test11's password:

Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service]



        Sharename       Type      Comment

        ---------       ----      -------

        public          Disk

        c$              Disk      Default Share

        test1           Disk

        test2           Disk

        ipc$            IPC       Remote IPC

        test            Disk

Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service]



        Server               Comment

        ---------            -------



        Workgroup            Master

        ---------            -------

and with "bad_user" I get

# smbclient -U bad_user -L //omnios

Enter bad_user's password:

session setup failed: NT_STATUS_ACCESS_DENIED

I cannot see any difference between the users. They are members of the same AD groups. Even the password is the same! It seems like //omnios does not like the two users (or cannot authorize them). As a workaround I created two new accounts and they work as a charm. But that is just a temporary  workaround.

I'd be grateful for a hint where to look for the mistake.

With regards

--

Piotr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20180529/404078a4/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <https://omniosce.org/ml-archive/attachments/20180529/404078a4/attachment-0001.txt>

More information about the OmniOS-discuss mailing list