[Samba] NT_STATUS_ACCESS_DENIED - Samba on Mandrake 8.2

Buchan Milne bgmilne at cae.co.za
Fri Oct 18 14:38:56 GMT 2002 

> Message: 7
> Date: Thu, 17 Oct 2002 12:31:39 -0400
> From: "Albert E. Whale" <aewhale at ABS-CompTech.com>
> Organization: ABS Computer Technology, Inc.
> To: Samba <samba at lists.samba.org>
> Subject: [Samba] NT_STATUS_ACCESS_DENIED - Samba on Mandrake 8.2
> 
> I am attempting to integrate a Linux Samba Server with an NT 4.0 PDC.
> Ideally I am looking to authenticate the users on the PDC, and then
> permit access to the Samba Shares on the Linux Box.

You probably want to setup winbind. Winbind is available in Mandrake 
8.2, you may need to install it:

# urpmi samba-winbind

You will need to uncomment the winbind sections of the default smb.conf 
file, set it to 'security=domain', set the workgroup, and join the domain:

# smbpasswd -j <domain> -U <domain admin account>

For more information (note that most steps should have been done for you 
in the 8.2 RPMS) see:

http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind

Note that Mandrake 9.0 allows you to join it to the domain (with full 
winbind setup) during installation (probably only in expert 
installation, choose "windows domain" as authentication method where you 
enter your root password).

The latest samba RPMS for 8.2 (2.2.6 is available at 
http://ranger.dnsalias.com/mandrake/samba) have a better example 
smb.conf example configuration for winbind, /etc/samba/smb-winbind.conf. 
All that you should need to do to it is change your workgroup name).

> I have several
> issues, but the one which is presenting itself currently is when I
> attempt to Browse the PDC using smbclient.  I get the following:
> 
>  smbclient -L dumbo

You haven't specified a username, by default smbclient uses the username 
you are currently logged in as. Do you have a domain account with the 
same username?

> added interface ip=192.168.0.11 bcast=192.168.15.255 nmask=255.255.240.0
> 
> session request to DUMBO failed (Called name not present)

Are you sure you're using the right netbios name for the machine (only 
applies to error above).

> Password:
> Anonymous login successful

You haven't authenticated successfully.

> Domain=[FCCA.COM] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0]
> 
>         Sharename      Type      Comment
>         ---------      ----      -------
> Error returning browse list: NT_STATUS_ACCESS_DENIED
> 
>         Server               Comment
>         ---------            -------
>         ACCMAN-JAIME
>         ACCMAN-ROUSCHKA
> 
> Dumbo is the DNS Name of the PDC.

Netbios and DNS names should preferably match (either using DNS 
aliases/CNAMEs etc)

> Why Do I get the
> NT_STATUS_ACCESS_DENIED message?

Because your machine does not have the guest account enabled, and you 
haven't connected with a valid username/password.

>  I get this same message when I attempt
> to use the Samba Share as an NT PDC User (using the Username and
> password as well).

That would probably be because you either haven't joined the domain, or 
don't have existing usernames on the samba server.

Here are two sessions to our windows server (member of our samba 
domain), one without a valid username/password, one with a valid 
username/password:


[bgmilne at bgmilne bgmilne]$ smbclient -L atlas
added interface ip=146.232.174.36 bcast=146.232.174.255 nmask=255.255.255.0
Password:
Anonymous login successful
Domain=[CAE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

         Sharename      Type      Comment
         ---------      ----      -------
Error returning browse list: NT_STATUS_ACCESS_DENIED

         Server               Comment
         ---------            -------

         Workgroup            Master
         ---------            -------
[bgmilne at bgmilne bgmilne]$ smbclient -L atlas
added interface ip=146.232.174.36 bcast=146.232.174.255 nmask=255.255.255.0
Password:
Domain=[CAE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

         Sharename      Type      Comment
         ---------      ----      -------
         pwshare        Disk
         pw             Disk
         IPC$           IPC       Remote IPC
         D$             Disk      Default share
         ADMIN$         Disk      Remote Admin
         C$             Disk      Default share

         Server               Comment
         ---------            -------

         Workgroup            Master
         ---------            -------


Regards,
Buchan

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

More information about the samba mailing list