[Samba] samba, sssd, Active Directory, NT_STATUS_NO_LOGON_SERVERS, NT_STATUS_ACCESS_DENIED

Bob Tanner tanner at real-time.com
Sun Apr 23 21:59:08 UTC 2017

> Now go and ask your question on the sssd-users mailing list, this
> has nothing to do with Samba.

Thank you for the response.

Why do you say this has nothing to do with samba?

The samba logs indicate the problem is with samba.
The sssd logs show everything working except for samba.

I changed my smb.conf to default setting and setting that should not be there (as explained in your previous email) but that did not resolve anything.

When max debug on for sssd I do not see samba even using sssd for authentication information.

Maybe a permissions problem on the AD DC? Although I can auth via ssh?

[2017/04/23 16:38:33.202569,  0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine DC-1.CORP.CELADONSYSTEMS.COM. Error was : NT_STATUS_ACCESS_DENIED.

Can you recommend web links on confirming permissions are appropriate on the AD DC?

Maybe switching back to winbind is the right choice? Setting up sssd is just a lot easier.

Bob Tanner <tanner at real-time.com>                                 | Phone : 952-943-8700
http://www.real-time.com, Linux, OSX, VMware, Windows | Fax      : 952-943-8500
Key fingerprint = 9906 320A 8BB6 64AD 96A7  7785 CBFB 10BF 568B F98C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 266 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20170423/61674a1a/signature.sig>

More information about the samba mailing list