[Samba] realmd and net rpc privileges

Sebastian Gabler sequoiamobil at gmx.net
Wed Apr 29 06:10:16 MDT 2015 

Am 29.04.2015 um 12:58 schrieb L.P.H. van Belle:
> so tell us what are your errors?
>
> It's hard to help without them.
> Please post your smb.conf ( sanitized ) and your resolv.conf and hosts file.
> and..
> you can try the command :
> net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege -U'SAMDOM\administrator' -S servername.fqdn
>
> greetz,
>
> Louis
I am getting the error listed here: 
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting:

# net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege 
-U'SAMDOM\administrator'
Enter SAMDOM\administrator's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

resolv.conf is automatically filled by Network Manager here (which gets 
the settings from the DHCP server, which is the DC in my case)
hosts has no entries besides the localhost defaults for 'lo'
hostname returns the fqdn DNS resolsution and ntp sync are perefectly 
fine. Domain users can log on, and get homes. (I don't care about that 
too much, but it's nice to see it working.)

This is the testparm dump, with '#' comments:

[global]
         realm = MYDOMAIN.LOCAL # here is the actual realm value
         server string = Samba Server Version %v
         security = ADS
         username map = /etc/samba/user.map
         kerberos method = system keytab
         log file = /var/log/samba/log.%m
         max log size = 50
         load printers = No
         printcap name = /dev/null
         idmap config * : backend = tdb
         map acl inherit = Yes
         cups options = raw
         vfs objects = acl_xattr

[Acls] # this is my test share
         path = /srv/samba/acls/
         read only = No
Looking at these, it comes to my attention that there is no idmap on 
that machine (I mean, not as a deamon, not as a command). Could that be 
part of the problem?
in the -S option above, does servername.fqdn refer to the DC or to the 
local machine?
Also,  was puzzled if the PW to enter is the root PW or the Domain Amdin 
PW. I tried both, always.

Best,
Sebastian

More information about the samba mailing list