[Samba] realmd and net rpc privileges

L.P.H. van Belle belle at bazuin.nl
Thu Apr 30 02:15:45 MDT 2015

Did you adjust your smb.conf already, so can you post your smb.conf again. 
and content of  /etc/samba/user.map  



>-----Oorspronkelijk bericht-----
>Van: sequoiamobil at gmx.net 
>[mailto:samba-bounces at lists.samba.org] Namens Sebastian Gabler
>Verzonden: donderdag 30 april 2015 10:06
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] realmd and net rpc privileges
>There is something to add. Listing existing rights (any rights 
>that is, 
>thus using the current, root, user) fails with the same problem:
># net rpc rights list
>Enter root's password:
>Could not connect to server
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE
>I conclude of that net cannot authenticate at all for this 
>purpose, and 
>the first step would be to solve that. The question is: How?
>Am 29.04.2015 um 14:10 schrieb Sebastian Gabler:
>> Am 29.04.2015 um 12:58 schrieb L.P.H. van Belle:
>>> so tell us what are your errors?
>>> It's hard to help without them.
>>> Please post your smb.conf ( sanitized ) and your resolv.conf and 
>>> hosts file.
>>> and..
>>> you can try the command :
>>> net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege 
>>> -U'SAMDOM\administrator' -S servername.fqdn
>>> greetz,
>>> Louis
>> I am getting the error listed here: 
>> https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting:
>> # net rpc rights grant 'SAMDOM\Domain Admins' 
>> -U'SAMDOM\administrator'
>> Enter SAMDOM\administrator's password:
>> Could not connect to server
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>> resolv.conf is automatically filled by Network Manager here (which 
>> gets the settings from the DHCP server, which is the DC in my case)
>> hosts has no entries besides the localhost defaults for 'lo'
>> hostname returns the fqdn DNS resolsution and ntp sync are 
>> fine. Domain users can log on, and get homes. (I don't care 
>about that 
>> too much, but it's nice to see it working.)
>> This is the testparm dump, with '#' comments:
>> [global]
>>         realm = MYDOMAIN.LOCAL # here is the actual realm value
>>         server string = Samba Server Version %v
>>         security = ADS
>>         username map = /etc/samba/user.map
>>         kerberos method = system keytab
>>         log file = /var/log/samba/log.%m
>>         max log size = 50
>>         load printers = No
>>         printcap name = /dev/null
>>         idmap config * : backend = tdb
>>         map acl inherit = Yes
>>         cups options = raw
>>         vfs objects = acl_xattr
>> [Acls] # this is my test share
>>         path = /srv/samba/acls/
>>         read only = No
>> Looking at these, it comes to my attention that there is no idmap on 
>> that machine (I mean, not as a deamon, not as a command). Could that 
>> be part of the problem?
>> in the -S option above, does servername.fqdn refer to the DC 
>or to the 
>> local machine?
>> Also,  was puzzled if the PW to enter is the root PW or the Domain 
>> Amdin PW. I tried both, always.
>> Best,
>> Sebastian
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list