This may be the root of your issue. There is a registry/gpo edit that might be of assistance.
https://blogs.technet.microsoft.com/askpfeplat/2018/05/07/credssp-rdp-and-raven/ Richard Jahnel Backups Team 2201 Lakeside Blvd, Richardson, Tx 75007 Office: (972) 810-2527 From: OmniOS-discuss [mailto:omnios-discuss-boun...@lists.omniti.com] On Behalf Of Piotr Kaminski Sent: Saturday, May 26, 2018 12:57 PM To: omnios-discuss@lists.omniti.com Subject: [OmniOS-discuss] CIFS access denied to some users from AD Hi Everybody, My OmniOSce CIFS server is joined to AD domain (based on Samba 4 from Ubuntu). A few days ago some client computers where updated to Win 10 1803 and two users started complaining they cannot access the CIFS share. I have checked everything and cannot find the problem. * There is ACL rule for a "employees" AD group allowing access for the members, * there are about 20 members and only 2 of them have problem, * the two accounts CAN connect to another Windows machine via RDP and are authorized by AD DC (I even changed passwords to check and still can connect with the new passwords), * the two accounts cannot access the CIFS share from OmniIOSce server. When I try to access the server from Ubuntu machine I get the following with "good_user": # smbclient -U good_user -L //omnios Enter test11's password: Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service] Sharename Type Comment --------- ---- ------- public Disk c$ Disk Default Share test1 Disk test2 Disk ipc$ IPC Remote IPC test Disk Domain=[DOMAIN_NAME] OS=[SunOS 5.11 omnios-r151026-673c5] Server=[Native SMB service] Server Comment --------- ------- Workgroup Master --------- ------- and with "bad_user" I get # smbclient -U bad_user -L //omnios Enter bad_user's password: session setup failed: NT_STATUS_ACCESS_DENIED I cannot see any difference between the users. They are members of the same AD groups. Even the password is the same! It seems like //omnios does not like the two users (or cannot authorize them). As a workaround I created two new accounts and they work as a charm. But that is just a temporary workaround. I'd be grateful for a hint where to look for the mistake. With regards -- Piotr
_______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.omniti.com%2Fmailman%2Flistinfo%2Fomnios-discuss&data=02%7C01%7Crichard.jahnel%40realpage.com%7Ca5ae0964e8ba4c09b33e08d5c3354197%7C2c94bed6d6754d3da53b7b461fd6acc2%7C0%7C0%7C636629555871877630&sdata=4fUVBxDXm%2Fpa%2B0oDqfyIIsmaksGMpS4nxebRCqwUP14%3D&reserved=0
_______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
