[Samba] rpc command function failed! (NT_STATUS_ACCESS_DENIED) trying to grant privileges - 3.0.23a

Paul Griffith paulg at cs.yorku.ca
Tue Jul 25 16:11:27 GMT 2006


Greetings,

I am in the process of testing Samba 3.0.23a with our own passdb
plugin. As part of mytesting I am trying to join the domin so here are
the steps I take...


1 - get local sid
/usr/local/samba/bin/net getlocalsid
SID for domain JAZZY is: S-1-5-21-1016995387-3159270912-1426853295

2 - create group mappings
[paulg at jazzy ~]$ /usr/local/samba/bin/net groupmap list
Domain Users (S-1-5-21-1016995387-3159270912-1426853295-513) -> users
Domain Admins (S-1-5-21-1016995387-3159270912-1426853295-512) -> tech
Domain Guests (S-1-5-21-1016995387-3159270912-1426853295-514) -> nobody
[paulg at jazzy ~]$ 


3 - Assign  privileges to tech group so they can join machines to the
domain.

net -d 3 -S JAZZY rpc rights grant 'JAZZY\tech' SeMachineAccountPrivilege

[paulg at jazzy sbin]$ /usr/local/samba/bin/net -d 3 -S JAZZY rpc rights grant 'JAZZY\tech' SeMachineAccountPrivilege


[2006/07/25 11:37:50, 3] param/loadparm.c:lp_load(4945)
  lp_load: refreshing parameters
[2006/07/25 11:37:50, 3] param/loadparm.c:init_globals(1410)
  Initialising global parameters
[2006/07/25 11:37:50, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file
  "/usr/local/samba/lib/smb.conf"
[2006/07/25 11:37:50, 3] param/loadparm.c:do_section(3687)
  Processing section "[global]"
[2006/07/25 11:37:50, 1] param/loadparm.c:lp_do_parameter(3426)
  WARNING: The "printer admin" option is deprecated
[2006/07/25 11:37:50, 2] lib/interface.c:add_interface(81)
  added interface ip=130.xx.xx.xx bcast=130.xx.xx.xx
  nmask=255.255.255.0
[2006/07/25 11:37:50, 3] libsmb/namequery.c:resolve_lmhosts(939)
  resolve_lmhosts: Attempting lmhosts lookup for name JAZZY<0x20>
[2006/07/25 11:37:50, 3] libsmb/namequery.c:resolve_wins(836)
  resolve_wins: Attempting wins lookup for name JAZZY<0x20>
[2006/07/25 11:37:50, 3] libsmb/namequery.c:resolve_wins(875)
  resolve_wins: using WINS server 130.xx.xx.xx and tag '*'
[2006/07/25 11:37:50, 2] libsmb/namequery.c:name_query(577)
  Got a positive name query response from 130.xx.xx.xx ( 130.xx.xx.xx
  )
Password:
[2006/07/25 11:38:00, 3]
libsmb/cliconnect.c:cli_start_connection(1417)
  Connecting to host=JAZZY
[2006/07/25 11:38:00, 3] lib/util_sock.c:open_socket_out(874)
  Connecting to 130.xx.xx.xx at port 445
[2006/07/25 11:38:00, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(723)
  Doing spnego session setup (blob length=58)
[2006/07/25 11:38:00, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(748)
  got OID=1 3 6 1 4 1 311 2 2 10
[2006/07/25 11:38:00, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(757)
  got principal=NONE
[2006/07/25 11:38:00, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(941)
  Got challenge flags:
[2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60890215
[2006/07/25 11:38:00, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(963)
  NTLMSSP: Set final flags:
[2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
[2006/07/25 11:38:00, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
[2006/07/25 11:38:00, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine JAZZY pipe \lsarpc fnum 0x7622 bind
  request returned ok.
[2006/07/25 11:38:00, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine JAZZY pipe \lsarpc fnum 0x7623 bind
  request returned ok.
[2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
[2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
Failed to grant privileges for JAZZY\tech (NT_STATUS_ACCESS_DENIED)
[2006/07/25 11:38:00, 1] utils/net_rpc.c:run_rpc_command(170)
  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2006/07/25 11:38:00, 2] utils/net.c:main(988)
  return code = 1
-----

What could be causing this error? The only thing that catches my eyes
is the following....

[2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
[2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8

Anyone have any pointers ?

Thanks
Paul




More information about the samba mailing list