<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Everybody,</p>
<p><br>
</p>
<p>My OmniOSce CIFS server is joined to AD domain (based on Samba 4
from Ubuntu). A few days ago some client computers where updated
to Win 10 1803 and two users started complaining they cannot
access the CIFS share. I have checked everything and cannot find
the problem.</p>
<ul>
<li>There is ACL rule for a "employees" AD group allowing access
for the members,</li>
<li>there are about 20 members and only 2 of them have problem,</li>
<li>the two accounts CAN connect to another Windows machine via
RDP and are authorized by AD DC (I even changed passwords to
check and still can connect with the new passwords),</li>
<li>the two accounts cannot access the CIFS share from OmniIOSce
server.</li>
</ul>
<p>When I try to access the server from Ubuntu machine I get the
following with "good_user":</p>
<blockquote>
<pre># smbclient -U good_user -L //omnios
Enter test11's password:
Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service]
Sharename Type Comment
--------- ---- -------
public Disk
c$ Disk Default Share
test1 Disk
test2 Disk
ipc$ IPC Remote IPC
test Disk
Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service]
Server Comment
--------- -------
Workgroup Master
--------- -------</pre>
</blockquote>
<p>and with "bad_user" I get <br>
</p>
<blockquote>
<pre># smbclient -U bad_user -L //omnios
Enter bad_user's password:
session setup failed: NT_STATUS_ACCESS_DENIED</pre>
</blockquote>
<p>I cannot see any difference between the users. They are members
of the same AD groups. Even the password is the same! It seems
like //omnios does not like the two users (or cannot authorize
them). As a workaround I created two new accounts and they work as
a charm. But that is just a temporary workaround.<br>
</p>
<p>I'd be grateful for a hint where to look for the mistake.</p>
<p>With regards<br>
</p>
<pre class="moz-signature" cols="72">--
Piotr</pre>
</body>
</html>