Problem
root@ucs-server:~# smbcacls "//$(hostname -f)/user1" / -U user1
[...]
cli_full_connection failed! (NT_STATUS_INVALID_WORKSTATION)
Solution
Check the userWorkstation
attribute in Samba/AD, probably that’s set:
root@ucs-server:~# univention-s4search samaccountname=user1 userworkstations
# record 1
dn: CN=user1,OU=my-ou,DC=my-domain,DC=com
userWorkstations: DESKTOP-2BRDJG2
If that is the case, then the smbcacls command line option --netbiosname
can be used to simulate coming from that worstation:
root@ucs-server:~# smbcacls "//$(hostname -f)/user1" / -U user1 \
--netbiosname DESKTOP-2BRDJG2 ## or -n
REVISION:1
CONTROL:SR|PD|DI|DP
OWNER:MY-DOMAIN+user1
GROUP:MY-DOMAIN+Domain Users DEMOSCHOOL
ACL:MY-DOMAIN+user1:DENIED/OI|CI/PO
ACL:MY-DOMAIN+user1:ALLOWED/0x0/FULL
ACL:MY-DOMAIN+Domain Users DEMOSCHOOL:ALLOWED/0x0/
ACL:Everyone:ALLOWED/0x0/
ACL:CREATOR OWNER:ALLOWED/OI|CI|IO/FULL
ACL:CREATOR GROUP:ALLOWED/OI|CI|IO/READ
ACL:Everyone:ALLOWED/OI|CI|IO/READ
ACL:OWNER RIGHTS:ALLOWED/OI|CI/CHANGE