Username DOMAIN\username is invalid on this system

Written by James McDonald

October 31, 2011

Kept getting prompted for a username and password when trying to connect to a samba share despite the permissions being correct. And got this error message in the samba logs:

[2011/10/31 13:54:16.781238,  1] smbd/sesssetup.c:454(reply_spnego_kerberos)
  Username DOMAIN\username is invalid on this system

Samba has to be able to map any connecting windows user to a linux user. So in ADS mode where it’s getting it’s list of users off a windows dc it still needs to be able to assign a linux uid and gid to the windows userid/sid.

So you need to add the idmap uid / idmap gid map settings as below

The fix is to add idmap uid and gid entry to the global section of smb.conf and restart your samba services.

	workgroup = DOMAIN
	server string = Samba Server Version %v
	security = ADS
	password server = dc01.domain.local dc02.domain.local
	log file = /var/log/samba/log.%m
	max log size = 50
	idmap uid = 100000-200000
	idmap gid = 100000-200000
	winbind use default domain = Yes
	cups options = raw


Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Network speed test host to host

On Ubuntu / Debian apt-get install iperf3 On Windows download it from Make...

Clear HSTS Settings in CHrome

Open chrome://net-internals/#hsts enter the domain in the query field and click Query to confirm it has HSTS settings...