[Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED

John H Terpstra jht at Samba.Org
Wed Apr 27 18:45:48 GMT 2005

On Wednesday 27 April 2005 11:32, Ashutosh Kamdar wrote:
> Hello,
> Specifications of the environment:
> Samba 3.0.13 running on Solaris 8. This is configured as a domain member of
> a NT4 style PDC. The smb.conf file is provided for details.
> Problem definition:
> When trying to access the Samba server from a windows machine through
> network neighborhood, the system challenges the user for their credentials.
> On providing the username/password the system rejects the combination. The
> Samba logs suggest that winbind authentication for the user has failed with
> the error message NT_STATUS_ACCESS_DENIED. A more detailed log follows. The
> user has an entry in /etc/passwd and the NT PDC.

Have you read out documentation? Did you check chapter 7 of the book "Samba-3 
by Example"? You can download this from:


The steps described should work on Solaris just as on Linux (the documented 

Did you join the Samba server to the domain? The process for doing that is:

	net rpc join -S PDC_name -UAdministrator%password

> Can someone help me understand what causes the windbind authentication to
> fail and report NT_STATUS_ACCESS_DENIED?
> Snippet of the error message in the log (log level = 10):
> [2005/04/27 06:12:09, 6] param/loadparm.c:lp_file_list_changed(2707)
>   lp_file_list_changed()
>   file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf  last
> mod_time: Wed Apr 27 06:06:29 2005
> [2005/04/27 06:12:09, 5] auth/auth_util.c:make_user_info_map(224)
>   make_user_info_map: Mapping user [DOMAINNAME]\[akamdar] from workstation
> [ASHUTOSH] [2005/04/27 06:12:09, 5]
> libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted
> domain DOMAINNAME found.

The above line would suggest that you did not join the Samba server to the 

- John T.

More information about the samba mailing list