Difference Between Authentication and Authorization

• set logging in smb.conf to level 2 or higher, e.g.

  log level = 3

• watch log files - usually in /var/log/samba/

  tail -F /var/log/samba/log.[client-machine-name]

• look for "authentication for user" ... and context

"Client Certificate Mapping Authentication" is intended for use with Active Directory.

Imagine a scenario in which you've deployed User Authentication certificates using AD CS and configured the Certificate Template to allow Active Directory storage. Now you can employ "non-IIS" Client Certificate Mapping Authentication on an AD member server with IIS installed, and have IIS automatically map the certificate to a user by querying Active Directory

"IIS Client Certificate Mapping Authentication" is intended for non-AD CS certificates and standalone servers.

Since Active Directory will not be used to map certificates to users in this scenario, you'll need to define the mappings in the configuration files, either as one-to-one mappings or many-to-one mappings.