Kept getting prompted for a username and password when trying to connect to a samba share despite the permissions being correct. And got this error message in the samba logs:
[2011/10/31 13:54:16.781238, 1] smbd/sesssetup.c:454(reply_spnego_kerberos) Username DOMAIN\username is invalid on this system
Samba has to be able to map any connecting windows user to a linux user. So in ADS mode where it’s getting it’s list of users off a windows dc it still needs to be able to assign a linux uid and gid to the windows userid/sid.
So you need to add the idmap uid / idmap gid map settings as below
The fix is to add idmap uid and gid entry to the global section of smb.conf and restart your samba services.
[global] workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Samba Server Version %v security = ADS password server = dc01.domain.local dc02.domain.local log file = /var/log/samba/log.%m max log size = 50 idmap uid = 100000-200000 idmap gid = 100000-200000 winbind use default domain = Yes cups options = raw