I would like to share a folder by a Samba server installed in my Linux (yocto) distribution.
The configuration of my Samba server (file /etc/samba/smb.conf)
The output of the command testparm -s is:
# testparm -s
Load smb config files from /etc/samba/smb.conf
WARNING: The "syslog" option is deprecated
Loaded services file OK.
Server role: ROLE_STANDALONE
# Global parameters
[global]
dns proxy = No
log file = /var/log/samba/log.%m
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server role = standalone server
server string = %h server (Samba, Ubuntu)
syslog = 0
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
[printers]
browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[myshare]
comment = My Shared Folder
path = /srv/samba/myshare
read only = No
These parameters are the default values with the adding of the followed section in the file /etc/samba/smb.conf:
[myshare]
comment = My Shared Folder
path = /srv/samba/myshare
browseable = yes
writable = yes
guest ok = no
read only = no
My goal is to share the folder /srv/samba/myshare.
The user sambauser
In my Linux system I have created the user sambauser by the followed commands:
# creation of the user "sambauser"
> useradd sambauser -s /bin/sh -c "User for share folder access"
# set the password "123456" for the user "sambauser"
> passwd sambauser
New password: 123456
Retype new password: 123456
# add "sambauser" to the list of the Samba users
> smbpasswd -a sambauser
New SMB password: 123456
Retype new SMB password: 123456
Added user sambauser.
The output of the command pdbedit -L shows that sambauser is a user enabled for Samba:
> pdbedit -L
sambauser:1002:User for share folder access
Connection test with smbclient: NT_STATUS_LOGON_FAILURE
I have tried to connect by the Samba client smbclient from an other Linux distribution. The authentication fails and gives the NT_STATUS_LOGON_FAILURE error message:
> smbclient //<server-ip-address>/myshare -U sambauser
WARNING: The "syslog" option is deprecated
Enter WORKGROUP\sambauser's password:
session setup failed: NT_STATUS_LOGON_FAILURE
I'm sure that the inserted password is correct because I have repeated this authentication test many times.
In the log file /var/log/samba/log.client-ip is present the followed error:
[2025/09/11 15:20:17.609966, 0] ../../source3/auth/pampass.c:797(smb_pam_accountcheck)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User sambauser!
The log message shows that the problem is linked with PAM (Pluggable Authentication Modules), but honestly I'm not able to find how to solve it!
Question
Since I'm sure that the sambauser is present in the Linux system, and I'm sure that I have executed the authentication tests by the correct password, why does the authentication error occur?
obey pam restrictions = Yesfrom yoursmb.confand do aservice smb restart; the default setting is obey pam = no.accountstage, and do any of them log anything to the system log? (This "account validation" isn't authentication, it's authorization. Indeed Samba can't use PAM for authentication regardless of the option; it necessarily keeps its own password database.)obey pam restrictions = noand execute the commandsmbcontrol smbd reload-config. After that I test the connection to the shared folder bysmdclient //<server-ip>/myshare -U sambauserand the client connected immediately. Thanks very very much. If you can write a brief answer so the solution will be more evident for other with the same problem.