[Samba] realmd and net rpc privileges
sequoiamobil at gmx.net
Thu Apr 30 02:05:44 MDT 2015
There is something to add. Listing existing rights (any rights that is,
thus using the current, root, user) fails with the same problem:
# net rpc rights list
Enter root's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
I conclude of that net cannot authenticate at all for this purpose, and
the first step would be to solve that. The question is: How?
Am 29.04.2015 um 14:10 schrieb Sebastian Gabler:
> Am 29.04.2015 um 12:58 schrieb L.P.H. van Belle:
>> so tell us what are your errors?
>> It's hard to help without them.
>> Please post your smb.conf ( sanitized ) and your resolv.conf and
>> hosts file.
>> you can try the command :
>> net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege
>> -U'SAMDOM\administrator' -S servername.fqdn
> I am getting the error listed here:
> # net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege
> Enter SAMDOM\administrator's password:
> Could not connect to server 127.0.0.1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
> resolv.conf is automatically filled by Network Manager here (which
> gets the settings from the DHCP server, which is the DC in my case)
> hosts has no entries besides the localhost defaults for 'lo'
> hostname returns the fqdn DNS resolsution and ntp sync are perefectly
> fine. Domain users can log on, and get homes. (I don't care about that
> too much, but it's nice to see it working.)
> This is the testparm dump, with '#' comments:
> realm = MYDOMAIN.LOCAL # here is the actual realm value
> server string = Samba Server Version %v
> security = ADS
> username map = /etc/samba/user.map
> kerberos method = system keytab
> log file = /var/log/samba/log.%m
> max log size = 50
> load printers = No
> printcap name = /dev/null
> idmap config * : backend = tdb
> map acl inherit = Yes
> cups options = raw
> vfs objects = acl_xattr
> [Acls] # this is my test share
> path = /srv/samba/acls/
> read only = No
> Looking at these, it comes to my attention that there is no idmap on
> that machine (I mean, not as a deamon, not as a command). Could that
> be part of the problem?
> in the -S option above, does servername.fqdn refer to the DC or to the
> local machine?
> Also, was puzzled if the PW to enter is the root PW or the Domain
> Amdin PW. I tried both, always.
More information about the samba