[Samba] NT_STATUS_ACCESS_DENIED

Mailing List SVR lists at svrinformatica.it
Thu Dec 4 14:55:53 GMT 2008 

Il giorno mer, 03/12/2008 alle 10.27 -0800, Robinson, Eric ha scritto:
> What does 'net ads testjoin' say? Sounds like the trust is broken.
> Whevever we've seen those errors, we've fixed them by remove and
> rejoining the computer to the domain.
> 
> --
> Eric Robinson

on the samba domain controller I run:

net ads testjoin
[2008/12/04 15:49:47, 0] utils/net_ads.c:ads_startup_int(286)
  ads_connect: No logon servers
Join to domain is not valid: No logon servers

but strangely now all seems to work,


testparm 
Load smb config files from /etc/samba/smb.conf
WARNING: The "printer admin" option is deprecated
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
	unix charset = LOCALE
	workgroup = CPE
	netbios name = CPE-PDC
	server string = Samba PDC
	passdb backend = ldapsam:ldap://ldap.cpe.it
	username map = /etc/samba/smbusers
	log level = 1
	syslog = 0
	log file = /var/log/samba/%m
	max log size = 50
	smb ports = 137 138 139 445
	name resolve order = wins bcast hosts
	time server = Yes
	printcap name = cups
	add user script = /usr/sbin/smbldap-useradd -m "%u"
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
	add machine script = /usr/sbin/smbldap-useradd -w "%u"
	logon script = scripts\logon.bat
	logon path = \\%L\profiles\%U
	logon drive = H:
	logon home = \\%L\%U
	domain logons = Yes
	os level = 65
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap admin dn = cn=admin,dc=cpe,dc=it
	ldap delete dn = Yes
	ldap group suffix = ou=Groups
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Computers
	ldap passwd sync = Yes
	ldap suffix = dc=cpe,dc=it
	ldap user suffix = ou=Users
	idmap backend = ldap:ldap://ldap.cpe.it
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	printer admin = Administrator
	map acl inherit = Yes

[netlogon]
	comment = Network Logon Service
	path = /home/dati/samba/netlogon/
	browseable = No
	locking = No
	share modes = No

[profiles]
	path = /home/dati/samba/profiles
	valid users = %U
	admin users = "@Domain Admins"
	read only = No
	guest ok = Yes
	profile acls = Yes
	case sensitive = No
	preserve case = No
	short preserve case = No
	hide files = /desktop.ini/ntuser.ini/NTUSER.*/
	browseable = No
	csc policy = disable

[homes]
	comment = Cartella Personale
	valid users = %S
	read only = No
	hide files = /.bash*/.profile/
	browseable = No





any hints?



thanks
Nicola



> 
> 
> 
> -----Original Message-----
> From: samba-bounces+eric.robinson=psmnv.com at lists.samba.org
> [mailto:samba-bounces+eric.robinson=psmnv.com at lists.samba.org] On Behalf
> Of Mailing List SVR
> Sent: Wednesday, December 03, 2008 2:07 AM
> To: Samba List
> Subject: [Samba] NT_STATUS_ACCESS_DENIED
> 
> Hi all,
> 
> I have a samba PDC (with ldap), all ok for several months since today
> users experience very slow login, in my log I have :
> 
> [2008/12/03 11:00:18, 0]
> auth/auth_util.c:create_builtin_administrators(792)
>   create_builtin_administrators: Failed to create Administrators
> [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_users(758)
>   create_builtin_users: Failed to create Users
> 
> net sam createbuiltingroup Users
> 
> give 
> 
> NT_STATUS_ACCESS_DENIED
> 
> and 
> 
> wbinfo -g
> Error looking up domain groups
> 
> 
> until yesterday all was ok, what can be the origin of this problems? I
> think isn't a configuration issue, I repeat myself the same
> configuration is working since several months,
> 
> a google search give several results with similar problems but seems
> none is able to solve
> 
> thanks for your help,
> 
> regards
> Nicola
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 
> Disclaimer - December 3, 2008 
> This email and any files transmitted with it are confidential and intended solely for Mailing List SVR,Samba List. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although  has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. 
> This disclaimer was added by Policy Patrol: http://www.policypatrol.com/

More information about the samba mailing list