[Samba] member joined, but...
L.P.H. van Belle
belle at bazuin.nl
Tue Apr 1 09:00:00 MDT 2014
Hai,
I have automated the install of my member server.
Followed the wiki : https://wiki.samba.org/index.php/Samba/Domain_Member
Everything works nicely, but... .. read on.. ;-)
ok, so wiki says: https://wiki.samba.org/index.php/Setup_and_configure_file_shares
and now im at the point : SeDiskOperatorPrivilege
and .. for the DC's installed this worked without problems...
but for the domain member. im getting ...
net rpc rights list accounts -Uadministrator
Enter administrator's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
net -S servername rpc rights list accounts -Uadministrator
Enter administrator's password:
Could not connect to server rtd-mem-001
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
net -S servername.internal.domain.tld rpc rights list accounts -Uadministrator
Enter administrator's password:
Could not connect to server servername.internal.domain.tld
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
and ofcourse setting the Se right didnt work
net rpc rights grant 'MYDOMAIN\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
Enter administrator's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
so..
/etc/hosts ( checked )
/etc/nsswitch.conf ( checked )
/etc/resolv.conf (check)
/var/log/samba/ all logs checked, no errors at all.
kinit Administrator ( checked )
/etc/samba/smb.conf
[global]
workgroup = INTERNAL
security = ADS
realm = INTERNAL.DOMAIN.TLD
idmap config *:backend = tdb
idmap config *:range = 500001-800000
idmap config BAZRTD:backend = ad
idmap config BAZRTD:schema_mode = rfc2307
idmap config BAZRTD:range = 10000-400000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
#winbind enum users = yes
#winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/samba/DOMAIN/%USERNAME%
# For ACL support on member server
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
Anyone an idee?
More information about the samba
mailing list