[Samba] samba, sssd, Active Directory, NT_STATUS_NO_LOGON_SERVERS, NT_STATUS_ACCESS_DENIED

Rowland Penny rpenny at samba.org
Sat Apr 22 07:06:27 UTC 2017

On Fri, 21 Apr 2017 23:44:26 +0000
Bob Tanner via samba <samba at lists.samba.org> wrote:

> Environment
> ==========================================================================
> ubuntu 16.04
> samba 4.3.11+dfsg-0ubuntu0.16.04.6
> sssd 1.13.4-1ubuntu1.2
> Windows Server 2008 R2
> At site1 the above works. My ubuntu server running samba+sssd can
> authenticate to the Windows Server 2008 R2 for services like ssh and
> samba.
> At site2 the same setup as site1 I can authenticate with services
> like ssh but samba authentication fails with

If all the default settings and settings that shouldn't be there
because you are using sssd are removed, your [global] part should look
like this:

    workgroup = CORP
    server string = samba-2
    security = ADS
    kerberos method = secrets and keytab

    logging = file at 5
    log file = /var/log/samba/%m.log
    log level = 5

    max xmit = 16384
    logon script = %U.bat
    restrict anonymous = 2
    load printers = no

If winbind is installed and running, stop it and remove it, even if it
isn't running, remove it.

You may have to re-install sssd, winbind and sssd interfere with each

Now go and ask your question on the sssd-users mailing list, this
has nothing to do with Samba.

If you want to use winbind instead of sssd, remove sssd and then read



More information about the samba mailing list