<html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body text="#000000" bgcolor="#FFFFFF"> Hi Everybody, My OmniOSce CIFS server is joined to AD domain (based on Samba 4 from Ubuntu). A few days ago some client computers where updated to Win 10 1803 and two users started complaining they cannot access the CIFS share. I have checked everything and cannot find the problem. <ul> <li>There is ACL rule for a "employees" AD group allowing access for the members,</li> <li>there are about 20 members and only 2 of them have problem,</li> <li>the two accounts CAN connect to another Windows machine via RDP and are authorized by AD DC (I even changed passwords to check and still can connect with the new passwords),</li> <li>the two accounts cannot access the CIFS share from OmniIOSce server.</li> </ul> When I try to access the server from Ubuntu machine I get the following with "good_user": <blockquote> <pre># smbclient -U good_user -L //omnios Enter test11's password: Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service] Sharename Type Comment --------- ---- ------- public Disk c$ Disk Default Share test1 Disk test2 Disk ipc$ IPC Remote IPC test Disk Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service] Server Comment --------- ------- Workgroup Master --------- -------</pre> </blockquote> and with "bad_user" I get <blockquote> <pre># smbclient -U bad_user -L //omnios Enter bad_user's password: session setup failed: NT_STATUS_ACCESS_DENIED</pre> </blockquote> I cannot see any difference between the users. They are members of the same AD groups. Even the password is the same! It seems like //omnios does not like the two users (or cannot authorize them). As a workaround I created two new accounts and they work as a charm. But that is just a temporary workaround. I'd be grateful for a hint where to look for the mistake. With regards <pre class="moz-signature" cols="72">-- Piotr</pre> </body> </html>