[Samba] getting NT_STATUS_LOGON_FAILURE

L.P.H. van Belle belle at bazuin.nl
Fri Jan 9 06:24:13 MST 2015 

Hai, 

Not entiraly correct.. 

change : 
>dns-nameservers 208.67.222.222 <<<<<< have always struggled 
to  
dns-search dtshrm.lan
dns-nameservers IP_OF_AD_DC

and use : 
net rpc rights grant "YOUR_DOMAINNAME\Domain Admins" SeDiskOperatorPrivilege -UAdministrator  -S NAME_OF_MEMBERSERVER


Hope this helps you on the way, im out of the office now, going on ski holiday.
Back in 9 days. 

Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: bob at donelsontrophy.net 
>[mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson Trophy
>Verzonden: vrijdag 9 januari 2015 14:04
>Aan: SAMBA MailList
>Onderwerp: [Samba] getting NT_STATUS_LOGON_FAILURE
>
> 
>
>I have been having issues with my W7 client "access is denied" to
>changing the security (user permissions) settings and have been posting
>regarding that issue yesterday. 
>
>I have discovered that my "ads join member server" is not completely
>joined (I think.) 
>
>I discovered a post from February 2014, by Louis "[Samba] 
>member joined,
>but . . ." and ran some of his command line test strings and received
>similar results. Did some checking before moving forward: 
>
>root at dtmember01:~# net ads testjoin
>Join is OK <<<<<<<<<<<< OK? Can't change permissions!
>root at dtmember01:~# net rpc rights list
>Enter root's password:
>Could not connect to server 127.0.0.1 <<<<<< why localhost?
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE <<<<<<< look
>root at dtmember01:~# cat /etc/hosts
>127.0.0.1 localhost
>192.168.16.55 dtmember01.dtshrm.lan dtmember01
>
># The following lines are desirable for IPv6 capable hosts
>::1 localhost ip6-localhost ip6-loopback
>ff02::1 ip6-allnodes
>ff02::2 ip6-allrouters
>root at dtmember01:~# cat /etc/network/interfaces
># This file describes the network interfaces available on your system
># and how to activate them. For more information, see interfaces(5).
>
># The loopback network interface
>auto lo
>iface lo inet loopback
>
># The primary network interface
>allow-hotplug eth0
>iface eth0 inet static
>address 192.168.16.55
>netmask 255.255.255.0
>network 192.168.16.0
>broadcast 192.168.16.255
>gateway 192.168.16.106
># dns-* options are implemented by the resolvconf package, if installed
>dns-nameservers 208.67.222.222 <<<<<< have always struggled 
>with correct
>setting here
>dns-search dtshrm.lan 
>
>Do I have anything set incorrectly? 
>
>Then I ran these test string that were listed in the "member 
>joined, but
>. . ." thread. 
>
>root at dtmember01:~# net rpc rights list accounts -UadministratorEnter
>administrator's password:
>Could not connect to server 127.0.0.1
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE <<<<< hum-m-m-m!!
>root at dtmember01:~# net -S dtmember01 rpc rights list account
>-UadministratorEnter administrator's password:
>Could not connect to server dtmember01
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE 
>
>root at dtmember01:~# net -S dtmember01.dtshrm.lan rpc rights 
>list accounts
>-Uadministrator
>Enter administrator's password:
>BUILTINPrint Operators
>No privileges assigned
>
>BUILTINAccount Operators
>No privileges assigned
>
>BUILTINBackup Operators
>No privileges assigned
>
>BUILTINServer Operators
>No privileges assigned
>
>BUILTINAdministrators
>SeMachineAccountPrivilege
>SeTakeOwnershipPrivilege
>SeBackupPrivilege
>SeRestorePrivilege
>SeRemoteShutdownPrivilege
>SePrintOperatorPrivilege
>SeAddUsersPrivilege
>SeDiskOperatorPrivilege <<<<<<<<<<<< hum-m-m
>SeSecurityPrivilege
>SeSystemtimePrivilege
>SeShutdownPrivilege
>SeDebugPrivilege
>SeSystemEnvironmentPrivilege
>SeSystemProfilePrivilege
>SeProfileSingleProcessPrivilege
>SeIncreaseBasePriorityPrivilege
>SeLoadDriverPrivilege
>SeCreatePagefilePrivilege
>SeIncreaseQuotaPrivilege
>SeChangeNotifyPrivilege
>SeUndockPrivilege
>SeManageVolumePrivilege
>SeImpersonatePrivilege
>SeCreateGlobalPrivilege
>SeEnableDelegationPrivilege
>
>Everyone
>No privileges assigned 
>
>root at dtmember01:~# net rpc rights grant 'DTDC01Domain Admins'
>SeDiskOperatorPrivilege -Uadministrator
>Enter administrator's password:
>Failed to grant privileges for DTDC01Domain Admins
>(NT_STATUS_ACCESS_DENIED) 
>
>I tried to sort out the issues Louis was experiencing in his pam setup
>and realized that I had run his script against Debian 7.7.0 (newer than
>that available in February) and wondered if Debian (this version) pam
>files is the cause of the issue I am experiencing. 
>
>Decided to post here and see what anyone thinks? Louis, are you there? 
>-- 
>-------------------------
>
>Bob Wooden of Donelson Trophy
>
>615.885.2846 (main)
>www.donelsontrophy.com [1]
>
>"Everyone deserves an award!!"
> 
>
>Links:
>------
>[1] http://www.donelsontrophy.com
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list