[Samba] winbind and NTLM authentication problems - NT_STATUS_ACCESS_DENIED
John H Terpstra
jht at Samba.Org
Wed Apr 27 19:07:49 GMT 2005
On Wednesday 27 April 2005 12:58, Ashutosh Kamdar wrote:
> Thank you for pointing this out, Paul. I was assuming this to be some sort
> of cache for previously accesses to machines in the domain. But, I was
> The Samba HOW-TO documentation does not say anything specific about
> configuring winbind while becoming a part of the NT domain. Are there any
> tools that the group is aware of to test whether the samba server is indeed
> a domain member?
OK - I'll bite. When you have figured out how to solve the problem please,
please give me documentation updates so we can fix this glaring deficiency.
In the mean time, I would appreciate a pointer the the section numbers of the
documentation that you did read and that did not provide the necessary
I am in the process of updating the Samba-HOWTO-Collection and would like to
close the gap as soon as possible.
Thanks for pointing out a problem area.
Meanwhile, May I suggest chapter 7 of the book "Samba-3 by Example", also
known as the Samba-Guide. You can download it from:
It may help a lot. (Then again, it may not).
- John T.
> Any help is appreciated.
> ------Original Message-----
> -From: Paul Gienger [mailto:pgienger at ae-solutions.com]
> -Sent: Wednesday, April 27, 2005 06:26 PM
> -To: 'Ashutosh Kamdar'
> -Cc: samba at lists.samba.org
> -Subject: Re: [Samba] winbind and NTLM authentication problems
> - NT_STATUS_ACCESS_DENIED -
> ->DOMAINNAME is not the real name of the domain I am joining. I have
> sanitized the logs for obvious reasons. ->
> -Maybe I'm crazily niave, but I'll never understand why things need to be
> -santized that much... password hashes, sure; real world IP addresses,
> -you bet; things that don't matter in the world outside of your network,
> -who cares? Anyway, back to the issue at hand, since we've gotten this
> -out of the way.
> ->How do I check if the samba server has joined the domain or not? The net
> roc join command suggested by the documentation was executed with the
> smbd,nmbd stopped and it worked just fine. No errors reported. Out of
> curiousity, what part of the log suggested that the server hasn't joined
> the domain? ->
> -Oh, I see I left the wrong line of the log... it was this one:
> -[2005/04/27 06:12:09, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
> - no entry for trusted domain DOMAINNAME found.
> -Not being a winbind-runner here, I can't offer much beyond pointing at
> -the documentation to be sure you've followed all of the steps there to
> -be sure your setup is sane.
> -Paul Gienger Office: 701-281-1884
> -Applied Engineering Inc.
> -Systems Architect Fax: 701-281-1322
> -URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba