Username DOMAIN\username is invalid on this system

Written by James McDonald

October 31, 2011

Kept getting prompted for a username and password when trying to connect to a samba share despite the permissions being correct. And got this error message in the samba logs:

[2011/10/31 13:54:16.781238,  1] smbd/sesssetup.c:454(reply_spnego_kerberos)
  Username DOMAIN\username is invalid on this system

Samba has to be able to map any connecting windows user to a linux user. So in ADS mode where it’s getting it’s list of users off a windows dc it still needs to be able to assign a linux uid and gid to the windows userid/sid.

So you need to add the idmap uid / idmap gid map settings as below

The fix is to add idmap uid and gid entry to the global section of smb.conf and restart your samba services.

[global]
	workgroup = DOMAIN
	realm = DOMAIN.LOCAL
	server string = Samba Server Version %v
	security = ADS
	password server = dc01.domain.local dc02.domain.local
	log file = /var/log/samba/log.%m
	max log size = 50
	idmap uid = 100000-200000
	idmap gid = 100000-200000
	winbind use default domain = Yes
	cups options = raw

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...