[Samba] NT_STATUS_ACCESS_DENIED
Mailing List SVR
lists at svrinformatica.it
Thu Dec 4 14:55:53 GMT 2008
Il giorno mer, 03/12/2008 alle 10.27 -0800, Robinson, Eric ha scritto:
> What does 'net ads testjoin' say? Sounds like the trust is broken.
> Whevever we've seen those errors, we've fixed them by remove and
> rejoining the computer to the domain.
>
> --
> Eric Robinson
on the samba domain controller I run:
net ads testjoin
[2008/12/04 15:49:47, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
Join to domain is not valid: No logon servers
but strangely now all seems to work,
testparm
Load smb config files from /etc/samba/smb.conf
WARNING: The "printer admin" option is deprecated
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
unix charset = LOCALE
workgroup = CPE
netbios name = CPE-PDC
server string = Samba PDC
passdb backend = ldapsam:ldap://ldap.cpe.it
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=cpe,dc=it
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=cpe,dc=it
ldap user suffix = ou=Users
idmap backend = ldap:ldap://ldap.cpe.it
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = Administrator
map acl inherit = Yes
[netlogon]
comment = Network Logon Service
path = /home/dati/samba/netlogon/
browseable = No
locking = No
share modes = No
[profiles]
path = /home/dati/samba/profiles
valid users = %U
admin users = "@Domain Admins"
read only = No
guest ok = Yes
profile acls = Yes
case sensitive = No
preserve case = No
short preserve case = No
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
browseable = No
csc policy = disable
[homes]
comment = Cartella Personale
valid users = %S
read only = No
hide files = /.bash*/.profile/
browseable = No
any hints?
thanks
Nicola
>
>
>
> -----Original Message-----
> From: samba-bounces+eric.robinson=psmnv.com at lists.samba.org
> [mailto:samba-bounces+eric.robinson=psmnv.com at lists.samba.org] On Behalf
> Of Mailing List SVR
> Sent: Wednesday, December 03, 2008 2:07 AM
> To: Samba List
> Subject: [Samba] NT_STATUS_ACCESS_DENIED
>
> Hi all,
>
> I have a samba PDC (with ldap), all ok for several months since today
> users experience very slow login, in my log I have :
>
> [2008/12/03 11:00:18, 0]
> auth/auth_util.c:create_builtin_administrators(792)
> create_builtin_administrators: Failed to create Administrators
> [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_users(758)
> create_builtin_users: Failed to create Users
>
> net sam createbuiltingroup Users
>
> give
>
> NT_STATUS_ACCESS_DENIED
>
> and
>
> wbinfo -g
> Error looking up domain groups
>
>
> until yesterday all was ok, what can be the origin of this problems? I
> think isn't a configuration issue, I repeat myself the same
> configuration is working since several months,
>
> a google search give several results with similar problems but seems
> none is able to solve
>
> thanks for your help,
>
> regards
> Nicola
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> Disclaimer - December 3, 2008
> This email and any files transmitted with it are confidential and intended solely for Mailing List SVR,Samba List. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
> This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
More information about the samba
mailing list