[Samba] Unable to join Windows 2k AD NT_STATUS_ACCESS_DENIED

Elliot Mackenzie sage at adixein.com
Tue Jun 22 04:47:43 GMT 2004 

I am having horrendous issues with trying to get Samba 3.0.4 to join to
a Windows 2000 AD (patched to current).  As this one is hurting a bit
and needs to be fixed soon, I was hoping I may find salvation in this
list from someone here who may be able to shed some useful light on this
issue.  I am using the latest gentoo mit-krb5 build.

 

Net join always results in NT_STATUS_ACCESS_DENIED - this is bizarre as
I am using the same administrative account I use to join Windows
workstations to the domain.  Klist shows me a Kerberos ticket that
appears to be valid.  I have wiped Kerberos tickets with kdestroy then
recreated one with kinit as that administrative account.  Net join and
still no gold.

 

Unfortunately the Windows logs are not particularly verbose and I
haven't been able to gain any further information.

 

Google is full of these sorts of errors, but they are not usually
accompanied by any solutions - most of which seem to be password issues.

 

Any ideas?  

 

Cheers,

Elliot.

 

 

mail log # net rpc join -S IOR-SRV-Z6 -d3 -U Administrator

[2004/06/22 13:18:34, 3] param/loadparm.c:lp_load(3877)

  lp_load: refreshing parameters

[2004/06/22 13:18:34, 3] param/loadparm.c:init_globals(1307)

  Initialising global parameters

[2004/06/22 13:18:34, 3] param/params.c:pm_process(566)

  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"

[2004/06/22 13:18:34, 3] param/loadparm.c:do_section(3375)

  Processing section "[global]"

[2004/06/22 13:18:34, 2] lib/interface.c:add_interface(79)

  added interface ip=203.x.x.x bcast=203.x.x.255 nmask=255.255.255.0

[2004/06/22 13:18:34, 2] lib/interface.c:add_interface(79)

  added interface ip=192.x.x.x bcast=192.x.x.255 nmask=255.255.255.0

[2004/06/22 13:18:34, 3] libsmb/cliconnect.c:cli_start_connection(1373)

  Connecting to host=IOR-SRV-Z6

[2004/06/22 13:18:34, 3] lib/util_sock.c:open_socket_out(735)

  Connecting to 203.x.x.x at port 445

[2004/06/22 13:18:34, 1] libsmb/cliconnect.c:cli_full_connection(1473)

  failed tcon_X with NT_STATUS_ACCESS_DENIED

[2004/06/22 13:18:34, 1] utils/net.c:connect_to_ipc_anonymous(191)

  Cannot connect to server (anonymously).  Error was
NT_STATUS_ACCESS_DENIED

Password:

[2004/06/22 13:18:39, 3] libsmb/cliconnect.c:cli_start_connection(1373)

  Connecting to host=IOR-SRV-Z6

[2004/06/22 13:18:39, 3] lib/util_sock.c:open_socket_out(735)

  Connecting to 203.x.x.x at port 445

[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(705)

  Doing spnego session setup (blob length=119)

[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)

  got OID=1 2 840 48018 1 2 2

[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)

  got OID=1 2 840 113554 1 2 2

[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)

  got OID=1 2 840 113554 1 2 2 3

[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)

  got OID=1 3 6 1 4 1 311 2 2 10

[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(737)

  got principal=ior-srv-z6$@BRISBANE.COMPANY.COM.AU

[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)

  Got challenge flags:

[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)

  Got NTLMSSP neg_flags=0x62890215

[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)

  NTLMSSP: Set final flags:

[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)

  Got NTLMSSP neg_flags=0x60080215

[2004/06/22 13:18:39, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)

  NTLMSSP Sign/Seal - Initialising with flags:

[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)

  Got NTLMSSP neg_flags=0x60080215

[2004/06/22 13:18:39, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)

  lsa_io_sec_qos: length c does not match size 8

[2004/06/22 13:18:39, 3] libsmb/cliconnect.c:cli_start_connection(1373)

  Connecting to host=IOR-SRV-Z6

[2004/06/22 13:18:39, 3] lib/util_sock.c:open_socket_out(735)

  Connecting to 203.x.x.x at port 445

[2004/06/22 13:18:39, 1] libsmb/cliconnect.c:cli_full_connection(1473)

  failed tcon_X with NT_STATUS_ACCESS_DENIED

[2004/06/22 13:18:39, 1] utils/net.c:connect_to_ipc_anonymous(191)

  Cannot connect to server (anonymously).  Error was
NT_STATUS_ACCESS_DENIED

Unable to join domain BRISBANE.

[2004/06/22 13:18:39, 2] utils/net.c:main(792)

  return code = 1

More information about the samba mailing list