[Samba] member joined, but...

L.P.H. van Belle belle at bazuin.nl
Tue Apr 1 09:00:00 MDT 2014


Hai, 
 
I have automated the install of my member server. 
Followed the wiki : https://wiki.samba.org/index.php/Samba/Domain_Member 
 
Everything works nicely, but... .. read on..  ;-) 
 
ok, so wiki says: https://wiki.samba.org/index.php/Setup_and_configure_file_shares 
 
and now im at the point : SeDiskOperatorPrivilege 
and .. for the DC's installed this worked without problems... 
 
but for the domain member. im getting ... 
 
net rpc rights list accounts -Uadministrator
Enter administrator's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

net -S servername rpc rights list accounts -Uadministrator
Enter administrator's password:
Could not connect to server rtd-mem-001
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

net -S servername.internal.domain.tld rpc rights list accounts -Uadministrator
Enter administrator's password:
Could not connect to server servername.internal.domain.tld
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

and ofcourse setting the Se right didnt work 
 
net rpc rights grant 'MYDOMAIN\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
Enter administrator's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

 
so.. 
/etc/hosts ( checked ) 
/etc/nsswitch.conf ( checked ) 
/etc/resolv.conf (check) 
/var/log/samba/ all logs checked, no errors at all. 
kinit Administrator  ( checked ) 
 
/etc/samba/smb.conf
 
[global]
 
   workgroup = INTERNAL
   security = ADS
   realm = INTERNAL.DOMAIN.TLD
 
   idmap config *:backend = tdb
   idmap config *:range = 500001-800000
   idmap config BAZRTD:backend = ad
   idmap config BAZRTD:schema_mode = rfc2307
   idmap config BAZRTD:range = 10000-400000
 
   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   #winbind enum users  = yes
   #winbind enum groups = yes
 
   template shell = /bin/bash
   template homedir = /home/samba/DOMAIN/%USERNAME%
 
   # For ACL support on member server
   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes
 
   # disable printing completely
   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes
 
 
 
Anyone an idee? 
 
 
 



More information about the samba mailing list