[cifs-protocol] [Pfif] [REG:111071166110452] access denied in NetrLogonSamLogonEx

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Jul 12 15:40:46 MDT 2011


On Tue, Jul 12, 2011 at 09:27:37PM +0000, Edgar Olougouna wrote:
> Matthieu,
> It appears that the behavior you observed is by design.
> From the debugger, the Netlogon service is running in the
> following condition.
> If the Netlogon service is paused or the Sysvol is not in
> ready state, only logons from inside the machine
> (MsvApSecureChannel) and logons from a BDC in the domain
> (ServerSecureChannel ) can be accepted.
> The data shows that your Netlogon service is in a running
> state but your Sysvol is not in a ready state. Since the
> secure channel type is WorkstationSecureChannel, the
> NetrLogonSamLogonEx call is rejected with

Sorry to step in here. I've seen this in a customer scenario
as well in the past but could not explain it. What do you
exactly mean by "Sysvol is not in a ready state" and what
can Samba as a member server do about this condition? With
sysvol, do you mean the sysvol share? Samba as member server
does not care about that share? Or is sysvol something else?



SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen

More information about the cifs-protocol mailing list