[Samba] Unable to join Windows 2k AD NT_STATUS_ACCESS_DENIED

Daniel Ramaley daniel.ramaley at DRAKE.EDU
Tue Jun 22 13:21:02 GMT 2004 

What was the output of the "net ads join" command?

On Monday 21 June 2004 11:47 pm, Elliot Mackenzie wrote:
>I am having horrendous issues with trying to get Samba 3.0.4 to join
> to a Windows 2000 AD (patched to current).  As this one is hurting a
> bit and needs to be fixed soon, I was hoping I may find salvation in
> this list from someone here who may be able to shed some useful light
> on this issue.  I am using the latest gentoo mit-krb5 build.
>
>
>
>Net join always results in NT_STATUS_ACCESS_DENIED - this is bizarre
> as I am using the same administrative account I use to join Windows
> workstations to the domain.  Klist shows me a Kerberos ticket that
> appears to be valid.  I have wiped Kerberos tickets with kdestroy
> then recreated one with kinit as that administrative account.  Net
> join and still no gold.
>
>
>
>Unfortunately the Windows logs are not particularly verbose and I
>haven't been able to gain any further information.
>
>
>
>Google is full of these sorts of errors, but they are not usually
>accompanied by any solutions - most of which seem to be password
> issues.
>
>
>
>Any ideas?
>
>
>
>Cheers,
>
>Elliot.
>
>
>
>
>
>mail log # net rpc join -S IOR-SRV-Z6 -d3 -U Administrator
>
>[2004/06/22 13:18:34, 3] param/loadparm.c:lp_load(3877)
>
>  lp_load: refreshing parameters
>
>[2004/06/22 13:18:34, 3] param/loadparm.c:init_globals(1307)
>
>  Initialising global parameters
>
>[2004/06/22 13:18:34, 3] param/params.c:pm_process(566)
>
>  params.c:pm_process() - Processing configuration file
>"/etc/samba/smb.conf"
>
>[2004/06/22 13:18:34, 3] param/loadparm.c:do_section(3375)
>
>  Processing section "[global]"
>
>[2004/06/22 13:18:34, 2] lib/interface.c:add_interface(79)
>
>  added interface ip=203.x.x.x bcast=203.x.x.255 nmask=255.255.255.0
>
>[2004/06/22 13:18:34, 2] lib/interface.c:add_interface(79)
>
>  added interface ip=192.x.x.x bcast=192.x.x.255 nmask=255.255.255.0
>
>[2004/06/22 13:18:34, 3]
> libsmb/cliconnect.c:cli_start_connection(1373)
>
>  Connecting to host=IOR-SRV-Z6
>
>[2004/06/22 13:18:34, 3] lib/util_sock.c:open_socket_out(735)
>
>  Connecting to 203.x.x.x at port 445
>
>[2004/06/22 13:18:34, 1] libsmb/cliconnect.c:cli_full_connection(1473)
>
>  failed tcon_X with NT_STATUS_ACCESS_DENIED
>
>[2004/06/22 13:18:34, 1] utils/net.c:connect_to_ipc_anonymous(191)
>
>  Cannot connect to server (anonymously).  Error was
>NT_STATUS_ACCESS_DENIED
>
>Password:
>
>[2004/06/22 13:18:39, 3]
> libsmb/cliconnect.c:cli_start_connection(1373)
>
>  Connecting to host=IOR-SRV-Z6
>
>[2004/06/22 13:18:39, 3] lib/util_sock.c:open_socket_out(735)
>
>  Connecting to 203.x.x.x at port 445
>
>[2004/06/22 13:18:39, 3]
>libsmb/cliconnect.c:cli_session_setup_spnego(705)
>
>  Doing spnego session setup (blob length=119)
>
>[2004/06/22 13:18:39, 3]
>libsmb/cliconnect.c:cli_session_setup_spnego(730)
>
>  got OID=1 2 840 48018 1 2 2
>
>[2004/06/22 13:18:39, 3]
>libsmb/cliconnect.c:cli_session_setup_spnego(730)
>
>  got OID=1 2 840 113554 1 2 2
>
>[2004/06/22 13:18:39, 3]
>libsmb/cliconnect.c:cli_session_setup_spnego(730)
>
>  got OID=1 2 840 113554 1 2 2 3
>
>[2004/06/22 13:18:39, 3]
>libsmb/cliconnect.c:cli_session_setup_spnego(730)
>
>  got OID=1 3 6 1 4 1 311 2 2 10
>
>[2004/06/22 13:18:39, 3]
>libsmb/cliconnect.c:cli_session_setup_spnego(737)
>
>  got principal=ior-srv-z6$@BRISBANE.COMPANY.COM.AU
>
>[2004/06/22 13:18:39, 3]
> libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
>
>  Got challenge flags:
>
>[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>
>  Got NTLMSSP neg_flags=0x62890215
>
>[2004/06/22 13:18:39, 3]
> libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
>
>  NTLMSSP: Set final flags:
>
>[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>
>  Got NTLMSSP neg_flags=0x60080215
>
>[2004/06/22 13:18:39, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
>
>  NTLMSSP Sign/Seal - Initialising with flags:
>
>[2004/06/22 13:18:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>
>  Got NTLMSSP neg_flags=0x60080215
>
>[2004/06/22 13:18:39, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
>
>  lsa_io_sec_qos: length c does not match size 8
>
>[2004/06/22 13:18:39, 3]
> libsmb/cliconnect.c:cli_start_connection(1373)
>
>  Connecting to host=IOR-SRV-Z6
>
>[2004/06/22 13:18:39, 3] lib/util_sock.c:open_socket_out(735)
>
>  Connecting to 203.x.x.x at port 445
>
>[2004/06/22 13:18:39, 1] libsmb/cliconnect.c:cli_full_connection(1473)
>
>  failed tcon_X with NT_STATUS_ACCESS_DENIED
>
>[2004/06/22 13:18:39, 1] utils/net.c:connect_to_ipc_anonymous(191)
>
>  Cannot connect to server (anonymously).  Error was
>NT_STATUS_ACCESS_DENIED
>
>Unable to join domain BRISBANE.
>
>[2004/06/22 13:18:39, 2] utils/net.c:main(792)
>
>  return code = 1

-- 
------------------------------------------------------------------------
Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University

More information about the samba mailing list