All version of Centrify DirectControl on Linux and Unix platforms
Given security = share (non-extended security) in the smb.conf with stock Samba 3.3.8-.52.el5_5 running Centrify DirectControl 4.4.3, users are not able to access the share and returns with an error "you are not authorized to access the share, access denied". Looking through samba.log, you will find this error:
auth/auth_sam.c:check_sam_security(282) notify_callback called for company/load check_sam_security: Couldn't find user 'smith.jones' in passdb.
auth/auth.c:check_ntlm_password(272) inotify_dispatch called with mask=2, name=[smb.log] check_ntlm_password: sam authentication for user [smith.jones]
FAILED with error NT_STATUS_NO_SUCH_USER
When both the Windows client and the Samba server machine are joined to the domain, the Windows client can get Kerberos service tickets for the computer where the samba server is running. It wants to extend security negotiations which the Samba server in share level mode is not providing in the SMB Negotiate Protocol Response, so it breaks the connection. Even if you try to remove all the Kerberos service tickets, Windows is too smart and will get its own ticket on the fly.
You will either have to provide an alias by following KB-0546 or upgrade to Centrify-enabled Samba