[Samba] Unable to join Windows 2k AD NT_STATUS_ACCESS_DENIED
Elliot Mackenzie
sage at adixein.com
Tue Jun 22 04:47:43 GMT 2004
I am having horrendous issues with trying to get Samba 3.0.4 to join to
a Windows 2000 AD (patched to current). As this one is hurting a bit
and needs to be fixed soon, I was hoping I may find salvation in this
list from someone here who may be able to shed some useful light on this
issue. I am using the latest gentoo mit-krb5 build.
Net join always results in NT_STATUS_ACCESS_DENIED - this is bizarre as
I am using the same administrative account I use to join Windows
workstations to the domain. Klist shows me a Kerberos ticket that
appears to be valid. I have wiped Kerberos tickets with kdestroy then
recreated one with kinit as that administrative account. Net join and
still no gold.
Unfortunately the Windows logs are not particularly verbose and I
haven't been able to gain any further information.
Google is full of these sorts of errors, but they are not usually
accompanied by any solutions - most of which seem to be password issues.
Any ideas?
Cheers,
Elliot.
mail log # net rpc join -S IOR-SRV-Z6 -d3 -U Administrator
[2004/06/22 13:18:34, 3] param/loadparm.c:lp_load(3877)
lp_load: refreshing parameters
[2004/06/22 13:18:34, 3] param/loadparm.c:init_globals(1307)
Initialising global parameters
[2004/06/22 13:18:34, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2004/06/22 13:18:34, 3] param/loadparm.c:do_section(3375)
Processing section "[global]"
[2004/06/22 13:18:34, 2] lib/interface.c:add_interface(79)
added interface ip=203.x.x.x bcast=203.x.x.255 nmask=255.255.255.0
[2004/06/22 13:18:34, 2] lib/interface.c:add_interface(79)
added interface ip=192.x.x.x bcast=192.x.x.255 nmask=255.255.255.0
[2004/06/22 13:18:34, 3] libsmb/cliconnect.c:cli_start_connection(1373)
Connecting to host=IOR-SRV-Z6
[2004/06/22 13:18:34, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 203.x.x.x at port 445
[2004/06/22 13:18:34, 1] libsmb/cliconnect.c:cli_full_connection(1473)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2004/06/22 13:18:34, 1] utils/net.c:connect_to_ipc_anonymous(191)
Cannot connect to server (anonymously). Error was
NT_STATUS_ACCESS_DENIED
Password:
[2004/06/22 13:18:39, 3] libsmb/cliconnect.c:cli_start_connection(1373)
Connecting to host=IOR-SRV-Z6
[2004/06/22 13:18:39, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 203.x.x.x at port 445
[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(705)
Doing spnego session setup (blob length=119)
[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)
got OID=1 2 840 48018 1 2 2
[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)
got OID=1 2 840 113554 1 2 2
[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)
got OID=1 2 840 113554 1 2 2 3
[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(730)
got OID=1 3 6 1 4 1 311 2 2 10
[2004/06/22 13:18:39, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(737)
got principal=ior-srv-z6$@BRISBANE.COMPANY.COM.AU
[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
Got challenge flags:
[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x62890215
[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
NTLMSSP: Set final flags:
[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2004/06/22 13:18:39, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2004/06/22 13:18:39, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
lsa_io_sec_qos: length c does not match size 8
[2004/06/22 13:18:39, 3] libsmb/cliconnect.c:cli_start_connection(1373)
Connecting to host=IOR-SRV-Z6
[2004/06/22 13:18:39, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 203.x.x.x at port 445
[2004/06/22 13:18:39, 1] libsmb/cliconnect.c:cli_full_connection(1473)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2004/06/22 13:18:39, 1] utils/net.c:connect_to_ipc_anonymous(191)
Cannot connect to server (anonymously). Error was
NT_STATUS_ACCESS_DENIED
Unable to join domain BRISBANE.
[2004/06/22 13:18:39, 2] utils/net.c:main(792)
return code = 1
More information about the samba
mailing list