[Samba] NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)

Themis Hoffmeister Villegas themis.villegas at outlook.com
Fri Nov 8 01:01:38 UTC 2019


the solution is to use sssd ???
De: Themis Hoffmeister Villegas <themis.villegas at outlook.com>
Enviado: quinta-feira, 7 de novembro de 2019 16:25
Para: samba at lists.samba.org <samba at lists.samba.org>
Assunto: NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)

Good afternoon friends

I have a problem with SAMPA
My environment has several branches. And each branch office has an AD Win 2012 Server
And I have in each branch a Centos Server 7.7 with sampa 4.9.1 that only communicates with the matrix server AD. Samba does not communicate with the local AD Server.

Follow my SAMPA setup

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.


# Generated by authconfig on 2019/08/16 20:00:43
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

   workgroup = FEMME
   realm = FEMME.BR
   security = ads
   password server =
   idmap config * : range = 16777216-33554431
   template shell = /sbin/nologin
   kerberos method = secrets only
   winbind use default domain = yes
   winbind offline logon = false


netbios name = SVFEBELC7PX02
server string = SVFEBELC7PX02 server Proxy Internet
load printers = no
printcap name = /dev/null
#log level = 10
log file = /var/log/samba/log.%m
max log size = 500
idmap config * : backend = tdb
winbind separator = +
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
local master = no
os level = 233
domain master = no
preferred master = no
domain logons = no
wins server =
dns proxy = no


Test wbinfo –u ok

Test wbinfo –g ok

Test wbinfo –u ok

wbinfo -Ptp

checking the NETLOGON for domain[FEMME] dc connection to "SVFEBEW12AD01.femme.br" succeeded

checking the trust secret for domain FEMME via RPC calls succeeded

Ping to winbindd succeeded

Test fail

ntlm_auth --username=user --password=Password

NT_STATUS_ACCESS_DENIED: {Access Denied} A process has requested access to an object but has not been granted those access rights. (0xc0000022)

wbinfo -a sathemis

Enter sathemis's password:

plaintext password authentication failed

Could not authenticate user sathemis with plaintext password

Enter sathemis's password:

challenge/response password authentication failed

wbcAuthenticateUserEx(FEMME+sathemis): error code was NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)

error message was: {Access Denied} A process has requested access to an object but has not been granted those access rights.

Could not authenticate user sathemis with challenge/response


can anyone help me?

More information about the samba mailing list