[Samba] Samba Active Directory NT_STATUS_ACCESS_DENIED - expired?
unki at netshadow.at
Wed Jan 25 10:42:16 GMT 2006
I'm using several samba server (mix between v2.2 and v3.0 versions)
within an Active Directory domain. These servers are normal domain
members and winbind is used to lookup the domain users on the linux
Sometimes it looks like that some of the servers get kicked out of the
domain. In the samba logs suddenly NT_STATUS_ACCESS_DENIED messages
appear and samba stopps authenticate users against domain.
The computer account is still present in Active Directory. I've check
if the account has expired but it's expired time is far away
(9223372036854775807, in 2038 ...). The account is neither inactive,
disabled or locked out.
When I try to rejoin on the existing computer account (smbpasswd -j,
net join) it works on samba side but in the domain controllers event
log I see some of the following errors:
The session setup from the computer SRV-MFM-30 failed to authenticate.
The name of the account referenced in the security database is
SRV-MFM-30$. The following error occurred: Access is denied.
I have to remove the computer object and join the domain again. Then
everything works again (for some time).
This happens with security=domain (rpc) and also with security=ads
(ldap,kdc,...). The timeframe ist mostly 2 or 3 months.
Anyone has a clue what can cause this or encountered similar problems?
More information about the samba