Authentication of non-Domain joined clients with Samba 3.6.12+ joined to W2K12 fails with ACCESS DENIED
realrichardsharpe at gmail.com
Thu May 8 15:30:52 MDT 2014
On Thu, May 8, 2014 at 2:28 PM, Jeremy Allison <jra at samba.org> wrote:
> On Thu, May 08, 2014 at 02:24:36PM -0700, Richard Sharpe wrote:
>> On Thu, May 8, 2014 at 10:53 AM, Richard Sharpe
>> <realrichardsharpe at gmail.com> wrote:
>> > Hi folks,
>> > Does anyone know what is going on here.
>> > Non-domain-joined client. Samba 3.6.12+ and W2K12 server.
>> > Winbindd says this:
>> > [2014/05/07 15:13:33.936864, 1]
>> > ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
>> > netr_LogonSamLogonEx: struct netr_LogonSamLogonEx
>> > out: struct netr_LogonSamLogonEx
>> > validation : *
>> > validation : union netr_Validation(case 6)
>> > sam6 : NULL
>> > authoritative : *
>> > authoritative : 0x00 (0)
>> > flags : *
>> > flags : 0x00000000 (0)
>> > result : NT_STATUS_ACCESS_DENIED
>> > Is it possible that they are configured for too high an encryption level for us?
>> > I know that the credentials are good, because I can use rpcclient with
>> > those credentials againts the DC.
>> By the way, wbinfo -t returns success. The trust password does not
>> seem to have changed ...
> What does the Windows syslog say ? That might
> give you a clue as to why it's failing there..
Sadly, it seems to say nothing and we don't know how to make it talk.
More information about the samba-technical