[Samba] NT_STATUS_ACCESS_DENIED (0xc0000022, authoritative=0)

Rowland penny rpenny at samba.org
Fri Nov 8 09:16:44 UTC 2019

On 08/11/2019 01:01, Themis Hoffmeister Villegas via samba wrote:
> No
> the solution is to use sssd ???

No, I asked because your smb.conf only has these idmap config lines:

idmap config * : backend = tdb
idmap config * : range = 16777216-33554431

This generally means that sssd is being used and you cannot use sssd 
with Samba >= 4.8.0

I would also expect lines like these (at least):

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config FEMME : backend = rid
idmap config FEMME : range = 10000-999999

I would also remove the 'password server' line and allow Samba to find 
the best DC for you. I take it the 'matrix server' is the DC with the 
PDC Emulator role, but as you are possibly using 'sites' (and if you 
aren't, it sounds like you should), then each Samba domain member should 
use the local DC.


More information about the samba mailing list