NT_STATUS_ACCESS_DENIED
Zoran Pucar
Zoran.Pucar at era.ericsson.se
Wed Dec 5 04:12:07 GMT 2001
Hi all!
I wonder what this problem may depend on.
I got 3 servers running solaris 8 and samba 2.2.2. One, in this case
ZDLFILES is configured to be a PDC for domain OSSFLU. Following is
smb.conf on this machine.
[global]
workgroup = OSSFLU
security = user #I even tried server och domain with same result
here..
encrypt passwords = Yes
os level = 128
preferred master = True
domain master = True
domain logons = yes
add user script = /usr/sbin/useradd -g machines -d /dev/null -s
/bin/false -c Machine %m$
log file = /usr/local/samba/var/log.%m
log level = 4
max log size = 50
Rest of the machines ie. lager and zdlcomp2 are clients. Their smb.conf
follows.
[global]
workgroup = OSSFLU
security = DOMAIN
encrypt passwords = Yes
password server = zdlfiles
log file = /usr/local/samba/var/log.%m
log level = 4
max log size = 50
....shares and stuff...
I have joined OSSFLU domain on both zdlcomp2 and lager with.
smbpasswd -jOSSFLU -rZDLFILES -Uroot
and i got the message that everything was successfull. However when I
try to access zdlcomp2 from lager as user ezoranp, this user exists on
all 3 servers with same group and uid (in fact zdlfiles is nis server of
all machines), it fails complaining about bad user/password.
log.lager on zdlcomp2 says following.
cli_net_req_chal: LSA Request Challenge from ZDLFILES to ZDLCOMP2:
D874D11E2C1E6002
[2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_session_key(64)
cred_session_key
[2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_create(95)
cred_create
[2001/12/05 10:43:18, 4] rpc_client/cli_netlogon.c:cli_net_auth2(134)
cli_net_auth2: srv:\\ZDLFILES acct:ZDLCOMP2$ sc:2 mc: ZDLCOMP2 chal
957EC33D2FF3FBDB neg: 1ff
[2001/12/05 10:43:18, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2001/12/05 10:43:18, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2001/12/05 10:43:18, 0]
smbd/password.c:connect_to_domain_password_server(1371)
connect_to_domain_password_server: unable to setup the PDC credentials
to machine ZDLFILES. Error was : NT_STATUS_A
CCESS_DENIED.
[2001/12/05 10:43:18, 0] smbd/password.c:domain_client_validate(1591)
domain_client_validate: Domain password server not available.
Somebody?
If I set security = server on clients (zdlcomp2 and lager) everything
seams to be working just fine, however I would like to optimize access
by using domain security.
Thnx!
Zoran Pucar
More information about the samba-ntdom
mailing list