[Samba] NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)
Themis Hoffmeister Villegas
themis.villegas at outlook.com
Thu Nov 7 19:25:46 UTC 2019
Good afternoon friends
I have a problem with SAMPA
My environment has several branches. And each branch office has an AD Win 2012 Server
And I have in each branch a Centos Server 7.7 with sampa 4.9.1 that only communicates with the matrix server AD. Samba does not communicate with the local AD Server.
Follow my SAMPA setup
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
#--authconfig--start-line--
# Generated by authconfig on 2019/08/16 20:00:43
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = FEMME
realm = FEMME.BR
security = ads
password server = 10.3.24.1
idmap config * : range = 16777216-33554431
template shell = /sbin/nologin
kerberos method = secrets only
winbind use default domain = yes
winbind offline logon = false
#--authconfig--end-line--
netbios name = SVFEBELC7PX02
server string = SVFEBELC7PX02 server Proxy Internet
load printers = no
printcap name = /dev/null
#log level = 10
log file = /var/log/samba/log.%m
max log size = 500
idmap config * : backend = tdb
winbind separator = +
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
local master = no
os level = 233
domain master = no
preferred master = no
domain logons = no
wins server = 10.3.24.1
dns proxy = no
Tests
Test wbinfo –u ok
Test wbinfo –g ok
Test wbinfo –u ok
wbinfo -Ptp
checking the NETLOGON for domain[FEMME] dc connection to "SVFEBEW12AD01.femme.br" succeeded
checking the trust secret for domain FEMME via RPC calls succeeded
Ping to winbindd succeeded
Test fail
ntlm_auth --username=user --password=Password
NT_STATUS_ACCESS_DENIED: {Access Denied} A process has requested access to an object but has not been granted those access rights. (0xc0000022)
wbinfo -a sathemis
Enter sathemis's password:
plaintext password authentication failed
Could not authenticate user sathemis with plaintext password
Enter sathemis's password:
challenge/response password authentication failed
wbcAuthenticateUserEx(FEMME+sathemis): error code was NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)
error message was: {Access Denied} A process has requested access to an object but has not been granted those access rights.
Could not authenticate user sathemis with challenge/response
----------------------------------
can anyone help me?
More information about the samba
mailing list