Samba – smbclient NT_STATUS_LOGON_FAILURE against Windows Server 2012 R2 share

We are running Debian wheezy, with smbclient v 3.6.6, trying to reach a Windows 2012 R2 share.

This conundrum involves two users: ReadOnlyUser and WriteUser

We have been using -A (–authentication-file) to reach our windows shares from this box for years in order to automate many file transfer jobs against various Windows shares, sftp, and web endpoints. I can use the -A option to log in with the ReadOnlyUser against this share without difficulty.

smbclient '//server.domain/share' -A ReadOnlyUser.auth

I can use -U to log in with the WriteUser if I provide the password in response to the prompt interactively.

smbclient '//server.domain/share' -U WriteUser

However, when I try to provide an authentication file with the WriteUser credentials, I get this error: session setup failed: NT_STATUS_LOGON_FAILURE

The authentication files look like this:

username = WriteUser
password = 3iDPCAWmdiAQxTn3
domain = mydomain

I checked in our AD to make sure that the two users are identical in all other respects.

Best Answer

It is a known issue which has been reported on https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1318835

The symptom of smbclient seems to ignore the "domain" section in your credentials file, so that -A doesn't override /etc/samba/smb.conf。The workaround based on the issue report is you have to modify WORKGROUP in smb.conf:

[global]
workgroup = mydomain

So that you can keep using -A to access SMB server.

Hope this helps.

Best Answer

Related Solutions

Linux – Windows Share authentication from Active Directory Linux login

Ubuntu – Can Samba “security = user” be used for guest share without Windows login prompt

Related Topic