samba - Mar 2019 - NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)

Hi,

Software Versions in use:

OS : CentOS Linux release 7.2.1511 (Core)

samba-winbind-modules-4.4.4-9.el7.x86_64
samba-common-libs-4.4.4-9.el7.x86_64
samba-common-tools-4.4.4-9.el7.x86_64
samba-common-4.4.4-9.el7.noarch
samba-winbind-4.4.4-9.el7.x86_64
samba-libs-4.4.4-9.el7.x86_64
samba-winbind-clients-4.4.4-9.el7.x86_64
samba-client-libs-4.4.4-9.el7.x86_64

I am using FreeRADIUS which connects to windows active directory to
authenticate and authorize Wi-Fi users. Recently, I get so many errors in
FreeRADIUS logs such as:

ERROR: (92) ntlm_auth: ERROR: Program returned code (1) and output
'NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)

This error disappears when I re-join the Domain controller ( Windows AD )
using the command:

net ads join -U <account_name>


Below is the smb.conf:

   workgroup = DA
   realm = <domain name>
   security = ads
   idmap config * : range = 16777216-33554431
   template shell = /bin/false
   kerberos method = secrets only
   winbind use default domain = true
   winbind offline logon = false

#--authconfig--end-line--
;    workgroup = SAMBA
;    security = user

    passdb backend = tdbsam

I know this is minimal information to guess why it actually happened. But I
do not know where to start with.

Any help is much appreciated.

Thank you.

On Thu, 21 Mar 2019 12:21:58 +0530
Burn Zero via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> Software Versions in use:
> 
> OS : CentOS Linux release 7.2.1511 (Core)
> 
> samba-winbind-modules-4.4.4-9.el7.x86_64
> samba-common-libs-4.4.4-9.el7.x86_64
> samba-common-tools-4.4.4-9.el7.x86_64
> samba-common-4.4.4-9.el7.noarch
> samba-winbind-4.4.4-9.el7.x86_64
> samba-libs-4.4.4-9.el7.x86_64
> samba-winbind-clients-4.4.4-9.el7.x86_64
> samba-client-libs-4.4.4-9.el7.x86_64
> 
> I am using FreeRADIUS which connects to windows active directory to
> authenticate and authorize Wi-Fi users. Recently, I get so many
> errors in FreeRADIUS logs such as:
> 
> ERROR: (92) ntlm_auth: ERROR: Program returned code (1) and output
> 'NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)
> 
> This error disappears when I re-join the Domain controller ( Windows
> AD ) using the command:
> 
> net ads join -U <account_name>
> 
> 
> Below is the smb.conf:
> 
>    workgroup = DA
>    realm = <domain name>
>    security = ads
>    idmap config * : range = 16777216-33554431
>    template shell = /bin/false
>    kerberos method = secrets only
>    winbind use default domain = true
>    winbind offline logon = false
> 
> #--authconfig--end-line--
> ;    workgroup = SAMBA
> ;    security = user
> 
>     passdb backend = tdbsam
> 
> I know this is minimal information to guess why it actually happened.
> But I do not know where to start with.
> 
> Any help is much appreciated.
> 
> Thank you.
Try 'yum update' this will get you to Samba 4.8.3 , 4.4.x is EOL.

Are you using sssd as well ?
If so, then this may have a bearing on your problem, but you will have
to ask on the sssd-users mailing list about this, Samba does not
support sssd.
If you are not using sssd, try reading this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland