Kiran Patil
2014-Sep-30 15:40 UTC
[Samba] fillup_password_policy fails with NT_STATUS_ACCESS_DENIED, samba 3.4.3
Hi, I'm getting below error with "fillup_password_policy" while authenticating users from default domain. [2014/09/30 03:15:26, 10] rpc_client/cli_pipe.c:1432(rpc_api_pipe_got_pdu) rpc_api_pipe: host dev003.namdev.myserv.net returned 16 bytes. [2014/09/30 03:15:26, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_QueryDomainInfo: struct samr_QueryDomainInfo out: struct samr_QueryDomainInfo info : * info : NULL result : NT_STATUS_ACCESS_DENIED [2014/09/30 03:15:26, 10] winbindd/winbindd_cache.c:492(refresh_sequence_number) refresh_sequence_number: NAMDEV time ok [2014/09/30 03:15:26, 10] winbindd/winbindd_cache.c:537(refresh_sequence_number) refresh_sequence_number: NAMDEV seq number is now 100149701 [2014/09/30 03:15:26, 10] winbindd/winbindd_pam.c:1713(winbindd_dual_pam_auth) Failed to get password policies for domain NAMDEV: NT_STATUS_ACCESS_DENIED [2014/09/30 03:15:26, 2] winbindd/winbindd_pam.c:1733(winbindd_dual_pam_auth) Plain-text authentication for user namdev\user74 returned NT_STATUS_ACCESS_DENIED (PAM: 4) Is there way to workaround to not fetch password policies? if not, what could be the corresponding setting on AD side which can be tweaked to resolved access denied issue? Appreciate any help in this regard. Let me know if require more information. Thanks, -Kiran
Kiran Patil
2014-Oct-01 13:59 UTC
[Samba] fillup_password_policy fails with NT_STATUS_ACCESS_DENIED, samba 3.4.3
Anyone? Also if someone could point way to get further logging. Got above logs with below settings added to global section in smb.conf. log file = /var/log/samba/%m.log log level = 10 max log size = 0 Thanks, -Kiran On Tue, Sep 30, 2014 at 11:40 AM, Kiran Patil <kiran.dpatil at gmail.com> wrote:> Hi, > > I'm getting below error with "fillup_password_policy" while authenticating > users from default domain. > > > [2014/09/30 03:15:26, 10] rpc_client/cli_pipe.c:1432(rpc_api_pipe_got_pdu) > rpc_api_pipe: host dev003.namdev.myserv.net returned 16 bytes. > [2014/09/30 03:15:26, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_QueryDomainInfo: struct samr_QueryDomainInfo > out: struct samr_QueryDomainInfo > info : * > info : NULL > result : NT_STATUS_ACCESS_DENIED > [2014/09/30 03:15:26, 10] > winbindd/winbindd_cache.c:492(refresh_sequence_number) > refresh_sequence_number: NAMDEV time ok > [2014/09/30 03:15:26, 10] > winbindd/winbindd_cache.c:537(refresh_sequence_number) > refresh_sequence_number: NAMDEV seq number is now 100149701 > [2014/09/30 03:15:26, 10] > winbindd/winbindd_pam.c:1713(winbindd_dual_pam_auth) > Failed to get password policies for domain NAMDEV: > NT_STATUS_ACCESS_DENIED > [2014/09/30 03:15:26, 2] > winbindd/winbindd_pam.c:1733(winbindd_dual_pam_auth) > Plain-text authentication for user namdev\user74 returned > NT_STATUS_ACCESS_DENIED (PAM: 4) > > Is there way to workaround to not fetch password policies? if not, what > could be the corresponding setting on AD side which can be tweaked to > resolved access denied issue? > > Appreciate any help in this regard. Let me know if require more > information. > > Thanks, > -Kiran >