[Samba] realmd and net rpc privileges

[a b]

Hi, too!

Am 01.05.2015 um 11:32 schrieb L.P.H. van Belle:
> Hai,
>
>> thus, the password of SAMDOM\Administrator is the
>> mapped (root) pw.
> No, not correct.
> root has its password.
> Administrator has it own password, even when mapped these are different.
> these users just share the same uid 0 !
Don't know. A minimal install of Samba, sssd on OEL7 doesn't include or 
require krb5-workstation (which is how you get kinit), see at the end of 
this post. I understand Administrator is a built-in account. I have 
never created it, let alone assigned a PW. All I did which can figure is 
related is assigning sambapasswd root, and the bespoke user.map. Remains 
anemophily for the creation of the Administrator PW ;-)
>
> test with kinit Administrator at YOUR.REALM.TLD
>
>
> and have a look here.
>
> http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/
This site treats a lot of problems I never had. And I don't see any 
aspects that directly would contribute to this topic, sorry.
>
> make sure your /etc/hosts does NOT contain something like :
>
> 127.0.0.1 dc1.server.tld dc1
Not sure what this is aiming at.
> but
> 127.0.0.1 localhost localhost.localdomain
> and only the real server ip with hostname in hosts
The error was against the lo ip. Why would an entry to eth0 change 
anything here?
>
> as extra info :
> Avoid a lot of the problems can be resolved by adding this section (in addition to disabling automatic-install) in /etc/realmd.conf:
>
> [my.domain.fqdn.here]
I don't understand the meaning of that syntax. Rest, see above comment.
>   fully-qualified-names = no
>
> Then I do:
>   kinit myuser at MY.DOMAIN.FQDN.HERE
>
> and:
>   realm join my.domain.fqdn.here
>
>
> optional if you cant join install package : packagekit
>
>
> and this all said, if all of above works, and you did join the AD and your resolving is correct,
> then net rpc rights list
> should work fine.
> if not, wel, then i dont know., i dont use sssd and realmd.
To begin with, I am seeing my problem through realmd, exclusively. Maybe 
you should try realm. I learned if you follow the HowTos that include a 
manual setup of authconfig and sssd are tedious, and don't work 
smoothly. The method I learned later and used now for joiningt the 
domain is much easier, and most of the above is probably redundant, if 
not harmful. In a nutshell, once you installed the required packages for 
realmd and sssd, you can sync the member server to the right ntp, set up 
DNS (in my case done by DHCP), and discover/join the domain. The scripts 
that come with realmd set up the sssd.conf and configure/start sss 
deamon. These are main functions of realmd. However, there seems to be a 
gap when using Samba vs. the traditional methods that use winbind, and 
that's why I am here. Winbindd and SSSD are mutually exclusive, as the 
RHEL7 manual explains.

Best,

Sebastian