NT_STATUS_ACCESS_DENIED

Zoran Pucar Zoran.Pucar at era.ericsson.se
Wed Dec 5 04:12:07 GMT 2001 

Hi all!

I wonder what this problem may depend on.
I got 3 servers running solaris 8 and samba 2.2.2. One, in this case
ZDLFILES is configured to be a PDC for domain OSSFLU. Following is
smb.conf on this machine. 
[global]
        workgroup = OSSFLU
        security = user #I even tried server och domain with same result
here..
        encrypt passwords = Yes
        os level = 128
        preferred master = True
        domain master = True
        domain logons = yes
        add user script = /usr/sbin/useradd -g machines -d /dev/null -s
/bin/false -c Machine %m$
        log file = /usr/local/samba/var/log.%m
        log level = 4
        max log size = 50

Rest of the machines ie. lager and zdlcomp2 are clients. Their smb.conf
follows.
[global]
        workgroup = OSSFLU
        security = DOMAIN
        encrypt passwords = Yes
        password server = zdlfiles
        log file = /usr/local/samba/var/log.%m
        log level = 4
        max log size = 50
....shares and stuff...


I have joined OSSFLU domain on both zdlcomp2 and lager with.

smbpasswd -jOSSFLU -rZDLFILES -Uroot 

and i got the message that everything was successfull. However when I
try to access zdlcomp2 from lager as user ezoranp, this user exists on
all 3 servers with same group and uid (in fact zdlfiles is nis server of
all machines), it fails complaining about bad user/password. 

log.lager on zdlcomp2 says following.


  cli_net_req_chal: LSA Request Challenge from ZDLFILES to ZDLCOMP2:
D874D11E2C1E6002
[2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_session_key(64)
  cred_session_key
[2001/12/05 10:43:18, 4] libsmb/credentials.c:cred_create(95)
  cred_create
[2001/12/05 10:43:18, 4] rpc_client/cli_netlogon.c:cli_net_auth2(134)
  cli_net_auth2: srv:\\ZDLFILES acct:ZDLCOMP2$ sc:2 mc: ZDLCOMP2 chal
957EC33D2FF3FBDB neg: 1ff
[2001/12/05 10:43:18, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2001/12/05 10:43:18, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2001/12/05 10:43:18, 0]
smbd/password.c:connect_to_domain_password_server(1371)
  connect_to_domain_password_server: unable to setup the PDC credentials
to machine ZDLFILES. Error was : NT_STATUS_A
CCESS_DENIED.
[2001/12/05 10:43:18, 0] smbd/password.c:domain_client_validate(1591)
  domain_client_validate: Domain password server not available.


Somebody? 
If I set security = server on clients (zdlcomp2 and lager) everything
seams to be working just fine, however I would like to optimize access
by using domain security.

Thnx!


Zoran Pucar

More information about the samba-ntdom mailing list