[Samba] realmd and net rpc privileges
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 30 02:15:45 MDT 2015
Did you adjust your smb.conf already, so can you post your smb.conf again.
and content of /etc/samba/user.map
>Van: sequoiamobil at gmx.net
>[mailto:samba-bounces at lists.samba.org] Namens Sebastian Gabler
>Verzonden: donderdag 30 april 2015 10:06
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] realmd and net rpc privileges
>There is something to add. Listing existing rights (any rights
>thus using the current, root, user) fails with the same problem:
># net rpc rights list
>Enter root's password:
>Could not connect to server 127.0.0.1
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE
>I conclude of that net cannot authenticate at all for this
>the first step would be to solve that. The question is: How?
>Am 29.04.2015 um 14:10 schrieb Sebastian Gabler:
>> Am 29.04.2015 um 12:58 schrieb L.P.H. van Belle:
>>> so tell us what are your errors?
>>> It's hard to help without them.
>>> Please post your smb.conf ( sanitized ) and your resolv.conf and
>>> hosts file.
>>> you can try the command :
>>> net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege
>>> -U'SAMDOM\administrator' -S servername.fqdn
>> I am getting the error listed here:
>> # net rpc rights grant 'SAMDOM\Domain Admins'
>> Enter SAMDOM\administrator's password:
>> Could not connect to server 127.0.0.1
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>> resolv.conf is automatically filled by Network Manager here (which
>> gets the settings from the DHCP server, which is the DC in my case)
>> hosts has no entries besides the localhost defaults for 'lo'
>> hostname returns the fqdn DNS resolsution and ntp sync are
>> fine. Domain users can log on, and get homes. (I don't care
>> too much, but it's nice to see it working.)
>> This is the testparm dump, with '#' comments:
>> realm = MYDOMAIN.LOCAL # here is the actual realm value
>> server string = Samba Server Version %v
>> security = ADS
>> username map = /etc/samba/user.map
>> kerberos method = system keytab
>> log file = /var/log/samba/log.%m
>> max log size = 50
>> load printers = No
>> printcap name = /dev/null
>> idmap config * : backend = tdb
>> map acl inherit = Yes
>> cups options = raw
>> vfs objects = acl_xattr
>> [Acls] # this is my test share
>> path = /srv/samba/acls/
>> read only = No
>> Looking at these, it comes to my attention that there is no idmap on
>> that machine (I mean, not as a deamon, not as a command). Could that
>> be part of the problem?
>> in the -S option above, does servername.fqdn refer to the DC
>or to the
>> local machine?
>> Also, was puzzled if the PW to enter is the root PW or the Domain
>> Amdin PW. I tried both, always.
>To unsubscribe from this list go to the following URL and read the
More information about the samba