samba - May 2014 - ntlm_auth Access Denied

Hi

I am having problem with ntlm_auth with 2012 AD. Following are my samba
version and the smb.conf file.

I have been testing this all day and always get this. however kinit -V
username can authenticate and verified. anyone has similar issue please
right me in right direction ?

ntlm_auth --request-nt-key --domain=TEST --username=testuser
password:
NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)

samba-winbind-clients-3.6.9-168.el6_5.x86_64
samba-3.6.9-168.el6_5.x86_64
samba-common-3.6.9-168.el6_5.x86_64
samba-winbind-3.6.9-168.el6_5.x86_64


[global]
        workgroup = TEST
        netbios name = testbox1
        netbios aliases = testbox1
        realm = TEST.ABC.COM
        server string = ntlm testing
        printcap name = /etc/printcap
        load printers = no
        cups options = raw
        invalid users = nobody root dummy admin wheel
        log file = /var/log/samba/%m.log
        #log level = 4

        max log size = 50
        security = ads
        password server = testdomain.TEST.COM
        encrypt passwords = yes
        domain master = no
        preferred master = no
        wins server = 130.208.165.55
        dns proxy = no
#       idmap uid = 50001-550000
#       idmap gid = 50001-550000
        client ntlmv2 auth = yes

        #client use spnego = yes
        winbind separator = +
        winbind nested groups = Yes
        winbind enum users=yes
        winbind enum groups=yes
        template shell = /bin/false
        winbind use default domain = no
        restrict anonymous = 2
        client ldap sasl wrapping = sign

does anybody has any clue on this ?


On Mon, May 12, 2014 at 2:37 PM, Khapare Joshi <khapare77 at gmail.com>
wrote:
> Hi
>
> I am having problem with ntlm_auth with 2012 AD. Following are my samba
> version and the smb.conf file.
>
> I have been testing this all day and always get this. however kinit -V
> username can authenticate and verified. anyone has similar issue please
> right me in right direction ?
>
> ntlm_auth --request-nt-key --domain=TEST --username=testuser
> password:
> NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)
>
> samba-winbind-clients-3.6.9-168.el6_5.x86_64
> samba-3.6.9-168.el6_5.x86_64
> samba-common-3.6.9-168.el6_5.x86_64
> samba-winbind-3.6.9-168.el6_5.x86_64
>
>
> [global]
>         workgroup = TEST
>         netbios name = testbox1
>         netbios aliases = testbox1
>         realm = TEST.ABC.COM
>         server string = ntlm testing
>         printcap name = /etc/printcap
>         load printers = no
>         cups options = raw
>         invalid users = nobody root dummy admin wheel
>         log file = /var/log/samba/%m.log
>         #log level = 4
>
>         max log size = 50
>         security = ads
>         password server = testdomain.TEST.COM
>         encrypt passwords = yes
>         domain master = no
>         preferred master = no
>         wins server = 130.208.165.55
>         dns proxy = no
> #       idmap uid = 50001-550000
> #       idmap gid = 50001-550000
>         client ntlmv2 auth = yes
>
>         #client use spnego = yes
>         winbind separator = +
>         winbind nested groups = Yes
>         winbind enum users=yes
>         winbind enum groups=yes
>         template shell = /bin/false
>         winbind use default domain = no
>         restrict anonymous = 2
>         client ldap sasl wrapping = sign
>
>