one user is working, but another isn't, both users are in the same group:
mbclient -L infbup1.EXAMPLE.local -U user1
Enter EXAMPLE\user1's password:
Sharename Type Comment
--------- ---- -------
samba-test Disk
SHARE1 Disk SHARE1 Users
IPC$ IPC IPC Service (Samba 4.6.4)
user1 Disk Home Directories
hp19blk Printer
Server Comment
--------- -------
Workgroup Master
--------- -------
EXAMPLE ASPAPP24
smbclient -L infbup1.EXAMPLE.local -U user2
Enter EXAMPLE\user2's password:
session setup failed: NT_STATUS_ACCESS_DENIED
Host Diagnostics
uname: AIX infbup1 1 7 00C0E4344C00
OS: AIX
Version: 7.1
Number of CPUs: 8
IP Diagnostics
Local host name: infbup1
Local IP Address: 172.20.20.99
FQDN host name:infbup1.example.local
Domain Diagnostics
Domain: example.local
Subnet site: Default-First-Site
DNS query for: _ldap._tcp.example.local
Found SRV records:
flexsrv01.example.local:389
w2008dcbu.example.local:389
Testing Active Directory connectivity:
Domain Controller: flexsrv01.example.local
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - timeout
Domain Controller: w2008dcbu.example.local
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - timeout
Domain Controller: flexsrv01.example.local:389
Domain controller type: Windows 2008 R2
Domain Name: example.LOCAL
isGlobalCatalogReady: TRUE
domainFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
forestFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
domainControllerFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
Domain Controller: w2008dcbu.example.local:389
Domain controller type: Windows 2008 R2
Domain Name: example.LOCAL
isGlobalCatalogReady: TRUE
domainFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
forestFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
domainControllerFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
Forest Name: example.LOCAL
DNS query for: _gc._tcp.example.LOCAL
Testing Active Directory connectivity:
Global Catalog: flexsrv01.example.local
gc: 3268/tcp - good
Global Catalog: w2008dcbu.example.local
gc: 3268/tcp - good
Domain Controller: flexsrv01.example.local:3268
Domain controller type: Windows 2008 R2
Domain Name: example.LOCAL
isGlobalCatalogReady: TRUE
domainFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
forestFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
domainControllerFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
Domain Controller: w2008dcbu.example.local:3268
Domain controller type: Windows 2008 R2
Domain Name: example.LOCAL
isGlobalCatalogReady: TRUE
domainFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
forestFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
domainControllerFunctionality: 4 = (DS_BEHAVIOR_WIN2008_R2)
Forest Name: example.LOCAL
Site: Default-First-Site
Subnet: 172.20.20.0/24
Server: FLEXSRV01 (flexsrv01.example.local)
Server: W2008DCBU (W2008DCBU.example.local)
Retrieving zone data from example.local
Domain RIDs in forest:
example.LOCAL: 223 (current domain)
Computer Account Diagnostics
Joined as: infbup1.example.local
Trusted for Delegation: false
Use DES Key Only: false
Key Version: 14
Service Principal Names: host/infbup1.example.local
host/infbup1
ftp/infbup1.example.local
ftp/infbup1
cifs/infbup1.example.local
cifs/infbup1
Supported Encryption Type(s): RC4-HMAC
AES128-CTS-HMAC-SHA1-96
AES256-CTS-HMAC-SHA1-96
Operating System Version: 6.1:7.1
System Diagnostic
=======DNS Servers State==========
DNS Server Used: 172.20.20.30
DNS Status: Up
=======DNS Server Info=======
Last Sweep: Wed Aug 9 14:05:57 2017
Total Sweeps: 32
Fast Sweeps: 3
Deep Sweeps: 29
Okay Sweeps: 32
Failed Sweeps: 0
Cache Hits: 83
Cache Misses: 7
DNS Flushes: 2
=======DNS Server List=======
IP: 172.20.20.30
Status: Alive
udpSuccess: 19
tcpSuccess: 30
udpNoSuchName: 0
tcpNoSuchName: 0
udpTruncations: 0
tcpTruncations: 0
udpIOFailures: 0
tcpIOFailures: 0
udpTimeouts: 0
tcpTimeouts: 0
udpFailures: 0
tcpFailures: 0
udpServerFail: 0
tcpServerFail: 0
lastQueryTime: Wed Aug 9 14:28:35 2017
lastDnsCode: 0
Average Time: 0.00206985 seconds
IP: 172.20.20.29
Status: Alive
udpSuccess: 17
tcpSuccess: 29
udpNoSuchName: 0
tcpNoSuchName: 0
udpTruncations: 0
tcpTruncations: 0
udpIOFailures: 0
tcpIOFailures: 0
udpTimeouts: 0
tcpTimeouts: 0
udpFailures: 0
tcpFailures: 0
udpServerFail: 0
tcpServerFail: 0
lastQueryTime: Wed Aug 9 14:05:57 2017
lastDnsCode: 0
Average Time: 0.00244205 seconds
=======DNS Cache contents==========
Hflexsrv01.example.local=>flexsrv01.example.local 172.20.20.30
Hw2008dcbu.example.local=>w2008dcbu.example.local 172.20.20.29
S_kerberos._tcp.default-first-site._sites.example.local=>w2008dcbu.example.local:88:100:0 flexsrv01.example.local:88:100:0
S_ldap._tcp.default-first-site._sites.example.local=>flexsrv01.example.local:389:100:0 w2008dcbu.example.local:389:100:0
S_ldap._tcp.example.local=>flexsrv01.example.local:389:100:0 w2008dcbu.example.local:389:100:0
========Domain info map========
DC=example,DC=local
CN = example.LOCAL
SID = S-1-5-21-3855219484-2485371615-219349322
TRUST_ATTRS = 0x20
TRUST_DIRECTION = 3
TRUST_TYPE = 2
NTLM NAME = example
LOCAL FOREST = YES
===============Network State===================
Site Map
example.local=>PreferredSite:Default-First-Site, SubnetSite:Default-First-Site
Domain Map
example.local
dc: w2008dcbu.example.local
gc: w2008dcbu.example.local
forest: example.local
state: alive
swept: 17 mins ago
Domain Controllers
flexsrv01.example.local (172.20.20.30)
pinged: 17 mins ago
state: up
ping: 0.001337 secs
forest: example.local
nbhost: flexsrv01
site: Default-First-Site
flags: WCtKLG
Blocked Services: None
w2008dcbu.example.local (172.20.20.29)
pinged: 17 mins ago
state: up
ping: 0.002085 secs
forest: example.local
nbhost: w2008dcbu
site: Default-First-Site
flags: WCtKLG
Blocked Services: None
===============DC Statistics===================
flexsrv01.example.local
Last Success: Wed Aug 9 14:41:00 2017
Last Failure:
Successes: 84
Failures: 0
===================adagent internals===================
Binding Table
$=>flexsrv01.example.local(example.LOCAL) connected
example.LOCAL=>flexsrv01.example.local(example.LOCAL) connected
Netlogon Secure Channel
INFBUP1=>flexsrv01.example.local authenticated(Tranport: RPC over SMB; Security Provider: Kerberos)
===================Property values===================
adclient.clients.socket: /var/centrifydc/daemon
adclient.clients.socket2: /var/centrifydc/daemon2
adclient.custom.attributes.user: unixUserPassword msSFU30Password
lam.max.group.count: 1000
lam.max.user.count: 1000
log: INFO
nss.program.ignore: mkuser,mkgroup,rmuser,rmgroup,chuser,chgroup,chfn,chsh,chpasswd,pwdadm,mkrole,rmrole,chrole,smit,smitty
nss.runtime.defaultvalue.var.domain: example.local
nss.runtime.defaultvalue.var.home: /home
nss.runtime.defaultvalue.var.host:
nss.runtime.defaultvalue.var.shell: /usr/bin/ksh
nss.runtime.defaultvalue.var.site: Default-First-Site
nss.runtime.defaultvalue.var.zone: DC=example,DC=local
nss.shell.nologin: /bin/false
pam.allow.override: root
samba.base.path: /opt/freeware
samba.interop.uselibtdb: false
samba.winbindd.listen.path: /var/run/winbindd
================= Access Manager Info =====================================================
Database: /var/centrifydc/dz.cache
Cached connections: 0
Active ZAGs
======== Zone Information ========
Auto zone
===============System Health===================
No health history
==============Centrify Identity Platform Instances/Centrify Connectors info============
Centrify Identity Platform Instances:
Centrify Identity Platform Instances in zone:
Centrify Connectors:
Current used connector:
Centrify Connectors in current site:
Centrify Connectors in other site:
Centrify Connectors discarded:
Centrify Connectors in current site and unused:
Centrify Connectors in other site and unused:
Centrify Connectors invalid:
==============Centrify MFA Service Connections Info============
Centrify MFA Service Connections maximum: 0
Current count: 0
Current occupied count: 0
Current timestamp: 1502282774
Connections:
Total;Count;Average;Name
Centrify DirectControl Status
Running in connected mode
FIPS Mode: Disabled
Licensed Features: Disabled