[Samba] samba, sssd, Active Directory, NT_STATUS_NO_LOGON_SERVERS, NT_STATUS_ACCESS_DENIED
Rowland Penny
rpenny at samba.org
Sat Apr 22 07:06:27 UTC 2017
On Fri, 21 Apr 2017 23:44:26 +0000
Bob Tanner via samba <samba at lists.samba.org> wrote:
> Environment
> ==========================================================================
> ubuntu 16.04
> samba 4.3.11+dfsg-0ubuntu0.16.04.6
> sssd 1.13.4-1ubuntu1.2
> Windows Server 2008 R2
>
> At site1 the above works. My ubuntu server running samba+sssd can
> authenticate to the Windows Server 2008 R2 for services like ssh and
> samba.
>
> At site2 the same setup as site1 I can authenticate with services
> like ssh but samba authentication fails with
> NT_STATUS_NO_LOGON_SERVERS, and/or NT_STATUS_ACCESS_DENIED errors.
>
If all the default settings and settings that shouldn't be there
because you are using sssd are removed, your [global] part should look
like this:
[global]
workgroup = CORP
realm = CORP.CELADONSYSTEMS.COM
server string = samba-2
security = ADS
kerberos method = secrets and keytab
logging = file at 5
log file = /var/log/samba/%m.log
log level = 5
max xmit = 16384
logon script = %U.bat
restrict anonymous = 2
load printers = no
If winbind is installed and running, stop it and remove it, even if it
isn't running, remove it.
You may have to re-install sssd, winbind and sssd interfere with each
other.
Now go and ask your question on the sssd-users mailing list, this
has nothing to do with Samba.
If you want to use winbind instead of sssd, remove sssd and then read
this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Rowland
More information about the samba
mailing list