[Samba] winbind and NTLM authentication problems -
NT_STATUS_ACCESS_DENIED
John H Terpstra
jht at Samba.Org
Wed Apr 27 18:45:48 GMT 2005
On Wednesday 27 April 2005 11:32, Ashutosh Kamdar wrote:
> Hello,
>
> Specifications of the environment:
> Samba 3.0.13 running on Solaris 8. This is configured as a domain member of
> a NT4 style PDC. The smb.conf file is provided for details.
>
> Problem definition:
> When trying to access the Samba server from a windows machine through
> network neighborhood, the system challenges the user for their credentials.
> On providing the username/password the system rejects the combination. The
> Samba logs suggest that winbind authentication for the user has failed with
> the error message NT_STATUS_ACCESS_DENIED. A more detailed log follows. The
> user has an entry in /etc/passwd and the NT PDC.
Have you read out documentation? Did you check chapter 7 of the book "Samba-3
by Example"? You can download this from:
http://www.samba.org/samba/docs/Samba-Guide.pdf
The steps described should work on Solaris just as on Linux (the documented
case).
Did you join the Samba server to the domain? The process for doing that is:
net rpc join -S PDC_name -UAdministrator%password
>
> Can someone help me understand what causes the windbind authentication to
> fail and report NT_STATUS_ACCESS_DENIED?
>
> Snippet of the error message in the log (log level = 10):
> [2005/04/27 06:12:09, 6] param/loadparm.c:lp_file_list_changed(2707)
> lp_file_list_changed()
> file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last
> mod_time: Wed Apr 27 06:06:29 2005
>
> [2005/04/27 06:12:09, 5] auth/auth_util.c:make_user_info_map(224)
> make_user_info_map: Mapping user [DOMAINNAME]\[akamdar] from workstation
> [ASHUTOSH] [2005/04/27 06:12:09, 5]
> libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted
> domain DOMAINNAME found.
The above line would suggest that you did not join the Samba server to the
domain.
- John T.
More information about the samba
mailing list