[Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED

John H Terpstra jht at Samba.Org
Wed Apr 27 19:07:49 GMT 2005

On Wednesday 27 April 2005 12:58, Ashutosh Kamdar wrote:
> Thank you for pointing this out, Paul. I was assuming this to be some sort
> of cache for previously accesses to machines in the domain. But, I was
> wrong.
> The Samba HOW-TO documentation does not say anything specific about
> configuring winbind while becoming a part of the NT domain. Are there any
> tools that the group is aware of to test whether the samba server is indeed
> a domain member?

OK - I'll bite. When you have figured out how to solve the problem please, 
please give me documentation updates so we can fix this glaring deficiency.
In the mean time, I would appreciate a pointer the the section numbers of the 
documentation that you did read and that did not provide the necessary 

I am in the process of updating the Samba-HOWTO-Collection and would like to 
close the gap as soon as possible.

Thanks for pointing out a problem area.

Meanwhile, May I suggest chapter 7 of the book "Samba-3 by Example", also 
known as the Samba-Guide. You can download it from:


It may help a lot. (Then again, it may not).

- John T.

> Any help is appreciated.
> Thanks,
> Ash
> ------Original Message-----
> -From: Paul Gienger [mailto:pgienger at ae-solutions.com]
> -Sent: Wednesday, April 27, 2005 06:26 PM
> -To: 'Ashutosh Kamdar'
> -Cc: samba at lists.samba.org
> -Subject: Re: [Samba] winbind and NTLM authentication problems
> -
> ->DOMAINNAME is not the real name of the domain I am joining. I have
> sanitized the logs for obvious reasons. ->
> -Maybe I'm crazily niave, but I'll never understand why things need to be
> -santized that much...  password hashes, sure; real world IP addresses,
> -you bet; things that don't matter in the world outside of your network,
> -who cares?  Anyway, back to the issue at hand, since we've gotten this
> -out of the way.
> -
> ->How do I check if the samba server has joined the domain or not? The net
> roc join command suggested by the documentation was executed with the
> smbd,nmbd stopped and it worked just fine. No errors reported. Out of
> curiousity, what part of the log suggested that the server hasn't joined
> the domain? ->
> ->
> -Oh, I see I left the wrong line of the log... it was this one:
> -
> -[2005/04/27 06:12:09, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
> -  no entry for trusted domain DOMAINNAME found.
> -
> -
> -Not being a winbind-runner here, I can't offer much beyond pointing at
> -the documentation to be sure you've followed all of the steps there to
> -be sure your setup is sane.
> -
> ---
> -Paul Gienger                    Office: 701-281-1884
> -Applied Engineering Inc.
> -Systems Architect               Fax:    701-281-1322
> -URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com
> -
> -
> -
> -

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list