I would like to share a folder by a Samba server installed in my Linux (yocto) distribution.
The configuration of my Samba server (file /etc/samba/smb.conf)
The output of the command testparm -s is:
# testparm -s Load smb config files from /etc/samba/smb.conf WARNING: The "syslog" option is deprecated Loaded services file OK. Server role: ROLE_STANDALONE # Global parameters [global] dns proxy = No log file = /var/log/samba/log.%m map to guest = Bad User max log size = 1000 obey pam restrictions = Yes pam password change = Yes panic action = /usr/share/samba/panic-action %d passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u server role = standalone server server string = %h server (Samba, Ubuntu) syslog = 0 unix password sync = Yes usershare allow guests = Yes idmap config * : backend = tdb [printers] browseable = No comment = All Printers create mask = 0700 path = /var/spool/samba printable = Yes [print$] comment = Printer Drivers path = /var/lib/samba/printers [myshare] comment = My Shared Folder path = /srv/samba/myshare read only = No These parameters are the default values with the adding of the followed section in the file /etc/samba/smb.conf:
[myshare] comment = My Shared Folder path = /srv/samba/myshare browseable = yes writable = yes guest ok = no read only = no My goal is to share the folder /srv/samba/myshare.
The user sambauser
In my Linux system I have created the user sambauser by the followed commands:
# creation of the user "sambauser" > useradd sambauser -s /bin/sh -c "User for share folder access" # set the password "123456" for the user "sambauser" > passwd sambauser New password: 123456 Retype new password: 123456 # add "sambauser" to the list of the Samba users > smbpasswd -a sambauser New SMB password: 123456 Retype new SMB password: 123456 Added user sambauser. The output of the command pdbedit -L shows that sambauser is a user enabled for Samba:
> pdbedit -L sambauser:1002:User for share folder access Connection test with smbclient: NT_STATUS_LOGON_FAILURE
I have tried to connect by the Samba client smbclient from an other Linux distribution. The authentication fails and gives the NT_STATUS_LOGON_FAILURE error message:
> smbclient //<server-ip-address>/myshare -U sambauser WARNING: The "syslog" option is deprecated Enter WORKGROUP\sambauser's password: session setup failed: NT_STATUS_LOGON_FAILURE I'm sure that the inserted password is correct because I have repeated this authentication test many times.
In the log file /var/log/samba/log.client-ip is present the followed error:
[2025/09/11 15:20:17.609966, 0] ../../source3/auth/pampass.c:797(smb_pam_accountcheck) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User sambauser! The log message shows that the problem is linked with PAM (Pluggable Authentication Modules), but honestly I'm not able to find how to solve it!
Question
Since I'm sure that the sambauser is present in the Linux system, and I'm sure that I have executed the authentication tests by the correct password, why does the authentication error occur?
obey pam restrictions = Yesfrom yoursmb.confand do aservice smb restart; the default setting is obey pam = no.accountstage, and do any of them log anything to the system log? (This "account validation" isn't authentication, it's authorization. Indeed Samba can't use PAM for authentication regardless of the option; it necessarily keeps its own password database.)obey pam restrictions = noand execute the commandsmbcontrol smbd reload-config. After that I test the connection to the shared folder bysmdclient //<server-ip>/myshare -U sambauserand the client connected immediately. Thanks very very much. If you can write a brief answer so the solution will be more evident for other with the same problem.