[Samba] intermittent NT_STATUS_ACCESS_DENIED
egold at fsa.com
egold at fsa.com
Tue Sep 14 20:02:32 GMT 2004
Im having an intermittent problem with samba.
Im running samba 3.0.2a on solaris 8 that i downloaded from sunfreeware.com
I have my smb.conf setup to get passwords from my active directory server
and it usually works fine.
I ran a net join command like so to originally join the domain:
root# net join -S WIN2KSERVER -w MYDOMAIN.com -U Administrator
Password:
Joined domain MYDOMAIN.
It will run for days fine, but all of a sudden at random, users cannot
connect and I will get the following errors in my samba logs:
smbd version 3.0.2a started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2004/09/14 15:03:40, 2] param/loadparm.c:do_section(3339)
Processing section "[export]"
[2004/09/14 15:03:40, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.6.84 bcast=192.168.6.255 nmask=255.255.255.0
[2004/09/14 15:03:40, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
Registered MSG_REQ_POOL_USAGE
[2004/09/14 15:03:40, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2004/09/14 15:03:40, 2] smbd/server.c:open_sockets_smbd(318)
waiting for a connection
[2004/09/14 15:03:41, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.21.144)
[2004/09/14 15:03:41, 2] smbd/reply.c:reply_special(105)
netbios connect: name1=sunserver name2=ACH2000
[2004/09/14 15:03:41, 2] smbd/reply.c:reply_special(112)
netbios connect: local=sunserver remote=ach2000, name type = 0
[2004/09/14 15:03:41, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/09/14 15:03:41, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/09/14 15:03:41, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:41, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:41, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:41, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:41, 0] auth/auth_domain.c:domain_client_validate(175)
domain_client_validate: Domain password server not available.
[2004/09/14 15:03:41, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [jfl] -> [jfl] FAILED with
error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
[2004/09/14 15:03:43, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/09/14 15:03:43, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/09/14 15:03:43, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:43, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:43, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:43, 0] auth/auth_domain.c:domain_client_validate(175)
domain_client_validate: Domain password server not available.
[2004/09/14 15:03:43, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [jfl] -> [jfl] FAILED with
error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
[2004/09/14 15:03:43, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/09/14 15:03:43, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/09/14 15:03:44, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:44, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:44, 0]
auth/auth_domain.c:connect_to_domain_password_server(123)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
[2004/09/14 15:03:44, 0] auth/auth_domain.c:domain_client_validate(175)
domain_client_validate: Domain password server not available.
[2004/09/14 15:03:44, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [jfl] -> [jfl] FAILED with
error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
Here is my smb.conf:
[Global] parameters
workgroup = MYDOMAIN
wins support = Yes
hosts allow = all
encrypt passwords = Yes
unix password sync = Yes
passwd program = /usr/bin/passwd %u
update encrypted = No
lm announce = true
log level = 3
# for AD passwords
password server = WIN2KSERVER
security = domain
[export]
path = /export
comment = export
browseable = yes
writable = yes
read only = No
thank you in advance!
E
____________________________________
This e-mail message is for the sole use of the intended recipient(s) and
may contain proprietary, confidential and/or privileged information. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient (or an employee or agent responsible to
deliver it to the intended recipient), you may not copy or deliver this
message to anyone. In such case, you should destroy this message and kindly
notify the sender by reply e-mail.
More information about the samba
mailing list