Burn Zero
2019-Mar-21 06:51 UTC
[Samba] NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)
Hi,
Software Versions in use:
OS : CentOS Linux release 7.2.1511 (Core)
samba-winbind-modules-4.4.4-9.el7.x86_64
samba-common-libs-4.4.4-9.el7.x86_64
samba-common-tools-4.4.4-9.el7.x86_64
samba-common-4.4.4-9.el7.noarch
samba-winbind-4.4.4-9.el7.x86_64
samba-libs-4.4.4-9.el7.x86_64
samba-winbind-clients-4.4.4-9.el7.x86_64
samba-client-libs-4.4.4-9.el7.x86_64
I am using FreeRADIUS which connects to windows active directory to
authenticate and authorize Wi-Fi users. Recently, I get so many errors in
FreeRADIUS logs such as:
ERROR: (92) ntlm_auth: ERROR: Program returned code (1) and output
'NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)
This error disappears when I re-join the Domain controller ( Windows AD )
using the command:
net ads join -U <account_name>
Below is the smb.conf:
workgroup = DA
realm = <domain name>
security = ads
idmap config * : range = 16777216-33554431
template shell = /bin/false
kerberos method = secrets only
winbind use default domain = true
winbind offline logon = false
#--authconfig--end-line--
; workgroup = SAMBA
; security = user
passdb backend = tdbsam
I know this is minimal information to guess why it actually happened. But I
do not know where to start with.
Any help is much appreciated.
Thank you.
Rowland Penny
2019-Mar-21 08:39 UTC
[Samba] NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022)
On Thu, 21 Mar 2019 12:21:58 +0530 Burn Zero via samba <samba at lists.samba.org> wrote:> Hi, > > Software Versions in use: > > OS : CentOS Linux release 7.2.1511 (Core) > > samba-winbind-modules-4.4.4-9.el7.x86_64 > samba-common-libs-4.4.4-9.el7.x86_64 > samba-common-tools-4.4.4-9.el7.x86_64 > samba-common-4.4.4-9.el7.noarch > samba-winbind-4.4.4-9.el7.x86_64 > samba-libs-4.4.4-9.el7.x86_64 > samba-winbind-clients-4.4.4-9.el7.x86_64 > samba-client-libs-4.4.4-9.el7.x86_64 > > I am using FreeRADIUS which connects to windows active directory to > authenticate and authorize Wi-Fi users. Recently, I get so many > errors in FreeRADIUS logs such as: > > ERROR: (92) ntlm_auth: ERROR: Program returned code (1) and output > 'NT_STATUS_ACCESS_DENIED: Access denied (0xc0000022) > > This error disappears when I re-join the Domain controller ( Windows > AD ) using the command: > > net ads join -U <account_name> > > > Below is the smb.conf: > > workgroup = DA > realm = <domain name> > security = ads > idmap config * : range = 16777216-33554431 > template shell = /bin/false > kerberos method = secrets only > winbind use default domain = true > winbind offline logon = false > > #--authconfig--end-line-- > ; workgroup = SAMBA > ; security = user > > passdb backend = tdbsam > > I know this is minimal information to guess why it actually happened. > But I do not know where to start with. > > Any help is much appreciated. > > Thank you.Try 'yum update' this will get you to Samba 4.8.3 , 4.4.x is EOL. Are you using sssd as well ? If so, then this may have a bearing on your problem, but you will have to ask on the sssd-users mailing list about this, Samba does not support sssd. If you are not using sssd, try reading this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Rowland