[Samba] NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)

Themis Hoffmeister Villegas themis.villegas at outlook.com
Thu Nov 7 19:25:46 UTC 2019 

Good afternoon friends

I have a problem with SAMPA
My environment has several branches. And each branch office has an AD Win 2012 Server
And I have in each branch a Centos Server 7.7 with sampa 4.9.1 that only communicates with the matrix server AD. Samba does not communicate with the local AD Server.

Follow my SAMPA setup

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
#--authconfig--start-line--

# Generated by authconfig on 2019/08/16 20:00:43
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

   workgroup = FEMME
   realm = FEMME.BR
   security = ads
   password server = 10.3.24.1
   idmap config * : range = 16777216-33554431
   template shell = /sbin/nologin
   kerberos method = secrets only
   winbind use default domain = yes
   winbind offline logon = false

#--authconfig--end-line--

netbios name = SVFEBELC7PX02
server string = SVFEBELC7PX02 server Proxy Internet
load printers = no
printcap name = /dev/null
#log level = 10
log file = /var/log/samba/log.%m
max log size = 500
idmap config * : backend = tdb
winbind separator = +
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
local master = no
os level = 233
domain master = no
preferred master = no
domain logons = no
wins server = 10.3.24.1
dns proxy = no


Tests



Test wbinfo –u ok

Test wbinfo –g ok

Test wbinfo –u ok

wbinfo -Ptp

checking the NETLOGON for domain[FEMME] dc connection to "SVFEBEW12AD01.femme.br" succeeded

checking the trust secret for domain FEMME via RPC calls succeeded

Ping to winbindd succeeded



Test fail

ntlm_auth --username=user --password=Password

NT_STATUS_ACCESS_DENIED: {Access Denied} A process has requested access to an object but has not been granted those access rights. (0xc0000022)

wbinfo -a sathemis

Enter sathemis's password:

plaintext password authentication failed

Could not authenticate user sathemis with plaintext password

Enter sathemis's password:

challenge/response password authentication failed

wbcAuthenticateUserEx(FEMME+sathemis): error code was NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)

error message was: {Access Denied} A process has requested access to an object but has not been granted those access rights.

Could not authenticate user sathemis with challenge/response

----------------------------------

can anyone help me?

More information about the samba mailing list