[Samba] NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)

Rowland penny rpenny at samba.org
Thu Nov 7 19:37:33 UTC 2019 

On 07/11/2019 19:25, Themis Hoffmeister Villegas via samba wrote:
> Good afternoon friends
>
> I have a problem with SAMPA
> My environment has several branches. And each branch office has an AD Win 2012 Server
> And I have in each branch a Centos Server 7.7 with sampa 4.9.1 that only communicates with the matrix server AD. Samba does not communicate with the local AD Server.
>
> Follow my SAMPA setup
>
> # See smb.conf.example for a more detailed config file or
> # read the smb.conf manpage.
> # Run 'testparm' to verify the config is correct after
> # you modified it.
>
> [global]
> #--authconfig--start-line--
>
> # Generated by authconfig on 2019/08/16 20:00:43
> # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
> # Any modification may be deleted or altered by authconfig in future
>
>     workgroup = FEMME
>     realm = FEMME.BR
>     security = ads
>     password server = 10.3.24.1
>     idmap config * : range = 16777216-33554431
>     template shell = /sbin/nologin
>     kerberos method = secrets only
>     winbind use default domain = yes
>     winbind offline logon = false
>
> #--authconfig--end-line--
>
> netbios name = SVFEBELC7PX02
> server string = SVFEBELC7PX02 server Proxy Internet
> load printers = no
> printcap name = /dev/null
> #log level = 10
> log file = /var/log/samba/log.%m
> max log size = 500
> idmap config * : backend = tdb
> winbind separator = +
> encrypt passwords = yes
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind cache time = 15
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> local master = no
> os level = 233
> domain master = no
> preferred master = no
> domain logons = no
> wins server = 10.3.24.1
> dns proxy = no
>
>
> Tests
>
>
>
> Test wbinfo –u ok
>
> Test wbinfo –g ok
>
> Test wbinfo –u ok
>
> wbinfo -Ptp
>
> checking the NETLOGON for domain[FEMME] dc connection to "SVFEBEW12AD01.femme.br" succeeded
>
> checking the trust secret for domain FEMME via RPC calls succeeded
>
> Ping to winbindd succeeded
>
>
>
> Test fail
>
> ntlm_auth --username=user --password=Password
>
> NT_STATUS_ACCESS_DENIED: {Access Denied} A process has requested access to an object but has not been granted those access rights. (0xc0000022)
>
> wbinfo -a sathemis
>
> Enter sathemis's password:
>
> plaintext password authentication failed
>
> Could not authenticate user sathemis with plaintext password
>
> Enter sathemis's password:
>
> challenge/response password authentication failed
>
> wbcAuthenticateUserEx(FEMME+sathemis): error code was NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)
>
> error message was: {Access Denied} A process has requested access to an object but has not been granted those access rights.
>
> Could not authenticate user sathemis with challenge/response
>
> ----------------------------------
>
> can anyone help me?
>
>
Are you using sssd ?

Rowland

More information about the samba mailing list