master slave (with the univention-samba-slave-pdc package) UCS: 4.4-6 errata776 Installed: samba-memberserver=4.7 samba: 2:4.10.18-1A~4.4.0.202010271 All the following commands on the slave. -> smbclient -U 'Administrator'%univention //slave098/Administrator Try "help" to get a list of possible commands. smb: \> but -> kinit --password-file=/etc/machine.secret $(hostname)'$' -> smbclient -U 'Administrator'%univention //slave098/Administrator tree connect failed: NT_STATUS_ACCESS_DENIED Without the domain part in the username (or -W) smbclient no longer works. -> smbclient -U 'AUTOTEST098\Administrator'%univention //slave098/Administrator Try "help" to get a list of possible commands. smb: \> But only as long as there is a kerberos ticket. -> kdestroy -> smbclient -U 'Administrator'%univention //slave098/Administrator Try "help" to get a list of possible commands. smb: \> With samba version 2:4.10.1-1A~4.4.0.2020100715 we did not have this "problem". But it seems to be a minor issue as smbclient still works with domain part in the username.
In case of -> -> smbclient -U 'Administrator'%univention //slave098/Administrator tree connect failed: NT_STATUS_ACCESS_DENIED smbd looks like this Mapping user []\[Administrator@AUTOTEST098.LOCAL] from workstation [SLAVE098] [2020/10/26 22:47:10.910436, 5] ../../source3/auth/user_info.c:64(make_user_info) attempting to make a user_info for Administrator@AUTOTEST098.LOCAL (Administrator@AUTOTEST098.LOCAL) [2020/10/26 22:47:10.910452, 5] ../../source3/auth/user_info.c:72(make_user_info) making strings for Administrator@AUTOTEST098.LOCAL's user_info struct [2020/10/26 22:47:10.910468, 5] ../../source3/auth/user_info.c:117(make_user_info) making blobs for Administrator@AUTOTEST098.LOCAL's user_info struct [2020/10/26 22:47:10.910483, 3] ../../source3/auth/auth.c:189(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[Administrator@AUTOTEST098.LOCAL]@[SLAVE098] with the new password interface [2020/10/26 22:47:10.910500, 3] ../../source3/auth/auth.c:192(auth_check_ntlm_password) check_ntlm_password: mapped user is: []\[Administrator@AUTOTEST098.LOCAL]@[SLAVE098] [2020/10/26 22:47:10.910515, 5] ../../lib/util/util.c:511(dump_data) [0000] 2C 81 0E 55 BA D2 8D 3D ,..U...= [2020/10/26 22:47:10.910555, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2020/10/26 22:47:10.910572, 4] ../../source3/smbd/uid.c:576(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2020/10/26 22:47:10.910588, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2020/10/26 22:47:10.910602, 5] ../../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/10/26 22:47:10.910617, 5] ../../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/10/26 22:47:10.910672, 5] ../../source3/lib/smbldap.c:1308(smbldap_search_ext) smbldap_search_ext: base => [dc=autotest098,dc=local], filter => [(&(uid=Administrator@AUTOTEST098.LOCAL)(objectclass=sambaSamAccount))], scope => [2] [2020/10/26 22:47:10.912671, 4] ../../source3/passdb/pdb_ldap.c:1549(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [Administrator@AUTOTEST098.LOCAL] count=0 normally the mapping goes like this Mapping user [AUTOTEST098]\[Administrator] from workstation [SLAVE098] [2020/10/26 22:59:01.276610, 5] ../../source3/auth/user_info.c:64(make_user_info) attempting to make a user_info for Administrator (Administrator) [2020/10/26 22:59:01.276620, 5] ../../source3/auth/user_info.c:72(make_user_info) making strings for Administrator's user_info struct [2020/10/26 22:59:01.276632, 5] ../../source3/auth/user_info.c:117(make_user_info) making blobs for Administrator's user_info struct [2020/10/26 22:59:01.276647, 3] ../../source3/auth/auth.c:189(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [AUTOTEST098]\[Administrator]@[SLAVE098] with the new password interface [2020/10/26 22:59:01.276658, 3] ../../source3/auth/auth.c:192(auth_check_ntlm_password) check_ntlm_password: mapped user is: [AUTOTEST098]\[Administrator]@[SLAVE098] [2020/10/26 22:59:01.276668, 5] ../../lib/util/util.c:511(dump_data) [0000] B0 32 C2 4C 81 91 FE 42 .2.L...B [2020/10/26 22:59:01.276692, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2020/10/26 22:59:01.276704, 4] ../../source3/smbd/uid.c:576(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2020/10/26 22:59:01.276714, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2020/10/26 22:59:01.276781, 5] ../../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/10/26 22:59:01.276794, 5] ../../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/10/26 22:59:01.276842, 5] ../../source3/lib/smbldap.c:1308(smbldap_search_ext) smbldap_search_ext: base => [dc=autotest098,dc=local], filter => [(&(uid=Administrator)(objectclass=sambaSamAccount))], scope => [2] [2020/10/26 22:59:01.277423, 2] ../../source3/passdb/pdb_ldap.c:530(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Administrator
This issue has been filed against UCS 4.4. UCS 4.4 is out of maintenance and components may have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer versions, please use "Clone this bug" or reopen this issue. In this case please provide information on how this issue is affecting you.