[Samba] "net rpc rights" commands. Connection always fails

Johnson, Eric eric.johnson at imperial.ac.uk
Fri Jul 4 05:17:44 MDT 2014 

Windows 2012 R2 domain at highest level and one rhel6.5 samba server(3.6)
 
Been throwing everything at this for the last few days. I can join to the domain and create ACL enabled shares but this one command I am struggling with.

$ net rpc rights grant 'BES\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
Enter administrator's password:
Could not connect  to server 127.0.0.1
Connection failed: NT code 0xc0000418
$
Typing nonsense into the username and password gives the same result.

Perhaps a hint is when I (foolishly) did
net rpc -S DOMAIN_CONTROLLER rights grant 'BES\user2' SeMachineAccountPrivilege  -Uadministrator
It worked and  user2 was given the privilege ON THE  domain controller.

Originally I was using sssd/ldap/Kerberos and not winbind, but still had the same error, the machine has been wiped and reinstalled several times
I have used a far more basic smb.conf without winbind and vfs/acl, but this is my current one.

*******
[global]
   netbios name = fs6
   workgroup = BES
   security =  ADS
   realm = ebs.private.net
   encrypt passwords = yes
   interfaces = 155.198.41.0/24 127.0.0.1 lo em1 
   bind interfaces only = yes 
   client signing = yes
   client use spnego = yes
   kerberos method = secrets and keytab
   idmap config *:backend = tdb
   idmap config *:range = 70001-80000
   idmap config BES:backend = ad
   idmap config BES:schema_mode = rfc2307
   idmap config BES:range = 500-40000
   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes
   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes

I have even done the command from another linux server into the samba server but it to gives the same error
Could not connect  to server fs6                    <fs6 is the samba server>
Connection failed: NT code 0xc0000418

Netstat  shows entries for 127.0.0.1 associated with 139 and 445. Haven't got the actual output, but I could get it.

I would appreciate it if anyone could give me any tests to check basic functionality. I am thinking that it may be to do with groups, but I would expect different types of errors.
ANY basic tests welcome.

More information about the samba mailing list