[Samba] net rpc query

Dave Brain goo at tuxiecomputing.com
Tue Apr 17 11:04:36 GMT 2007


Hi.

I'm using samba-3.0.24 on a gentoo box. The samba machine is
configured as a domain member server within a MS Windows 2003 active
directory. It has been successfully joined to the domain and
everything works, shares, kerberos, ldap.

 However, I cannot get nested groups to work, or more precisely, I
cannot add a local group using net rpc. Here is what I am doing:


gentoo ~ # net rpc group add NewGroup -Umyuser -L -d 3 -I 10.0.0.2

[2007/04/17 11:20:35, 3] param/loadparm.c:lp_load(4945)

  lp_load: refreshing parameters

[2007/04/17 11:20:35, 3] param/loadparm.c:init_globals(1410)

  Initialising global parameters

[2007/04/17 11:20:35, 3] param/params.c:pm_process(572)

  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"

[2007/04/17 11:20:35, 3] param/loadparm.c:do_section(3687)

  Processing section "[global]"

[2007/04/17 11:20:35, 1] param/loadparm.c:lp_do_parameter(3426)

  WARNING: The "printer admin" option is deprecated

[2007/04/17 11:20:35, 2] lib/interface.c:add_interface(81)

  added interface ip=10.0.0.1 bcast=130.88.255.255 nmask=255.255.0.0

[2007/04/17 11:20:35, 2] lib/interface.c:add_interface(81)

  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0

Password:

[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_start_connection(1426)

  Connecting to host=10.0.0.1

[2007/04/17 11:20:42, 3] lib/util_sock.c:open_socket_out(874)

  Connecting to 130.88.88.89 at port 445

[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721)

  Doing spnego session setup (blob length=122)

[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)

  got OID=1 2 840 113554 1 2 2

[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)

  got OID=1 2 840 48018 1 2 2

[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746)

  got OID=1 3 6 1 4 1 311 2 2 10

[2007/04/17 11:20:42, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754)

  got principal=cifs/samba-server at MY.REALM

[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950)

  Got challenge flags:

[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)

  Got NTLMSSP neg_flags=0x60890215

[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972)

  NTLMSSP: Set final flags:

[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)

  Got NTLMSSP neg_flags=0x60080215

[2007/04/17 11:20:42, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)

  NTLMSSP Sign/Seal - Initialising with flags:

[2007/04/17 11:20:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)

  Got NTLMSSP neg_flags=0x60080215

[2007/04/17 11:20:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)

  rpc_pipe_bind: Remote machine 10.0.0.1 pipe \lsarpc fnum 0x72a4 bind
request returned ok.

[2007/04/17 11:20:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)

  rpc_pipe_bind: Remote machine 10.0.0.1 pipe \samr fnum 0x72a5 bind
request returned ok.

add alias failed: NT_STATUS_ACCESS_DENIED

[2007/04/17 11:20:42, 1] utils/net_rpc.c:run_rpc_command(170)

  rpc command function failed! (NT_STATUS_ACCESS_DENIED)

[2007/04/17 11:20:42, 2] utils/net.c:main(988)

  return code = 1

gentoo ~ #



Now, my question relates to the "-U" parameter. Exactly which account is this?
Is it root on the gentoo box?
Is it a domain admin on the windows active directory?
Is it my wbinfo --set-auth-user definition?
Is it some other account?

I have tried all these combinations and I still cannot add a group. I
know the root, domain admin account, wbinfo user passwords and still
this just will not work for me.


Can someone please inform me which account I should be using? As I
have totally run out of ideas.
Thanks
Dave


More information about the samba mailing list