Smb authentication on macos fails with one user only

TrueNAS General
1

Sorry if the has been asked earlier.

This is a new installation of core (TrueNAS-13.3-BETA2).
I created 2 users on my TrueNAS box. One user can authenticate to SMB on 3 different Macs, another user can’t authenticate from any of these Mac.
macos is different on all 3 Macs (from 10.15 up to Sonoma).

This user can authenticate:

GID:
1200

Home directory:
/mnt/share-mirror/home/ajr

Shell:
/usr/local/bin/bash

Email:
some email

Password Disabled:
false

Lock User:
false

Permit Sudo:
true

Microsoft Account:
true

Samba Authentication:
true

This user can’t:

ID:
1200

Home directory:
/mnt/share-mirror/home/wlr

Shell:
/usr/local/bin/bash

Email:
another EMail

Password Disabled:
false

Lock User:
false

Permit Sudo:
false

Microsoft Account:
true

Samba Authentication:
true

Both users are (only) in group builtin_users and in a new group (gid 1200).
The password of the problematic user has been changed (to remove special characters). The new password has been verified via ssh login.

Questions:
What are the password rules for samba ?
What can I do to resolve the issue ?

2

The data you posted show ID for second user and GID for first. Was that a typo in posting?

3

It is GID in both cases.

4

Debug log:

Failed auth:

Aug  4 19:52:42 atlas 1 2024-08-04T19:52:42.684904+02:00 atlas.in.chaos1.de TNAUDIT_SMB 35098 - - @cee:{"TNAUDIT": {"aid": "37ce29ac-b213-4956-969d-aba9aac0eb42", "vers": {"major": 0, "minor": 1}, "addr": "192.168.220.142", "user": "wlr", "sess": null, "time": "2024-08-04 17:52:42.684840Z", "svc": "SMB", "svc_data": "{\"vers\": {\"major\": 0, \"minor\": 1}, \"service\": null, \"session_id\": null, \"tcon_id\": null}", "event": "AUTHENTICATION", "event_data": "{\"logonId\": \"0\", \"logonType\": 3, \"localAddress\": \"ipv4:192.168.220.20:445\", \"remoteAddress\": \"ipv4:192.168.220.142:50020\", \"serviceDescription\": \"SMB2\", \"authDescription\": null, \"clientDomain\": \"ATLAS\", \"clientAccount\": \"wlr\", \"workstation\": \"ATLAS\", \"becameAccount\": \"wlr\", \"becameDomain\": \"ATLAS\", \"becameSid\": \"S-1-5-21-3242936988-131677294-3909876623-20036\", \"mappedAccount\": \"wlr\", \"mappedDomain\": \"ATLAS\", \"netlogonComputer\": null, \"netlogonTrustAccount\": null, \"netlogonNegotiateFlags\": \"0x00000000\", \"netlogonSecureChannelType\": 0, \"netlogonTrustAccountSid\": null, \"passwordType\": \"NTLMv2\", \"clientPolicyAccessCheck\": null, \"serverPolicyAccessCheck\": null, \"vers\": {\"major\": 0, \"minor\": 1}, \"result\": {\"type\": \"NTSTATUS\", \"value_raw\": 0, \"value_parsed\": \"SUCCESS\"}}", "success": true}}

Valid auth:

Aug  4 18:14:26 atlas 1 2024-08-04T18:14:26.799568+02:00 atlas.in.chaos1.de TNAUDIT_SMB 33890 - - @cee:{"TNAUDIT": {"aid": "dee0a660-8510-4e10-91dc-06430f028a2a", "vers": {"major": 0, "minor": 1}, "addr": "192.168.220.124", "user": "ajr", "sess": null, "time": "2024-08-04 16:14:26.799530Z", "svc": "SMB", "svc_data": "{\"vers\": {\"major\": 0, \"minor\": 1}, \"service\": null, \"session_id\": null, \"tcon_id\": null}", "event": "AUTHENTICATION", "event_data": "{\"logonId\": \"0\", \"logonType\": 3, \"localAddress\": \"ipv4:192.168.220.20:445\", \"remoteAddress\": \"ipv4:192.168.220.124:52262\", \"serviceDescription\": \"SMB2\", \"authDescription\": null, \"clientDomain\": \"ATLAS\", \"clientAccount\": \"ajr\", \"workstation\": \"AXELS-IMAC\", \"becameAccount\": \"ajr\", \"becameDomain\": \"TRUENAS\", \"becameSid\": \"S-1-5-21-3242936988-131677294-3909876623-20035\", \"mappedAccount\": \"ajr\", \"mappedDomain\": \"ATLAS\", \"netlogonComputer\": null, \"netlogonTrustAccount\": null, \"netlogonNegotiateFlags\": \"0x00000000\", \"netlogonSecureChannelType\": 0, \"netlogonTrustAccountSid\": null, \"passwordType\": \"NTLMv2\", \"clientPolicyAccessCheck\": null, \"serverPolicyAccessCheck\": null, \"vers\": {\"major\": 0, \"minor\": 1}, \"result\": {\"type\": \"NTSTATUS\", \"value_raw\": 0, \"value_parsed\": \"SUCCESS\"}}", "success": true}}
5

It seems to be a problem at the Mac side.
I created some test users on the server and client and at some point I got a server error with the problematic user.
From that point it could connect.