[Samba] realmd and net rpc privileges
sequoiamobil at gmx.net
Wed Apr 29 06:10:16 MDT 2015
Am 29.04.2015 um 12:58 schrieb L.P.H. van Belle:
> so tell us what are your errors?
> It's hard to help without them.
> Please post your smb.conf ( sanitized ) and your resolv.conf and hosts file.
> you can try the command :
> net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege -U'SAMDOM\administrator' -S servername.fqdn
I am getting the error listed here:
# net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege
Enter SAMDOM\administrator's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
resolv.conf is automatically filled by Network Manager here (which gets
the settings from the DHCP server, which is the DC in my case)
hosts has no entries besides the localhost defaults for 'lo'
hostname returns the fqdn DNS resolsution and ntp sync are perefectly
fine. Domain users can log on, and get homes. (I don't care about that
too much, but it's nice to see it working.)
This is the testparm dump, with '#' comments:
realm = MYDOMAIN.LOCAL # here is the actual realm value
server string = Samba Server Version %v
security = ADS
username map = /etc/samba/user.map
kerberos method = system keytab
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
printcap name = /dev/null
idmap config * : backend = tdb
map acl inherit = Yes
cups options = raw
vfs objects = acl_xattr
[Acls] # this is my test share
path = /srv/samba/acls/
read only = No
Looking at these, it comes to my attention that there is no idmap on
that machine (I mean, not as a deamon, not as a command). Could that be
part of the problem?
in the -S option above, does servername.fqdn refer to the DC or to the
Also, was puzzled if the PW to enter is the root PW or the Domain Amdin
PW. I tried both, always.
More information about the samba