[Samba] net rpc rights list - could not connect to server 127.0.0.1

Òscar Flores oscar.flores at udg.edu
Mon Feb 16 07:37:21 MST 2015 

SOLVED! 
The solution is here >>
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting

Thank you for your help Rowland!

Oscar

-----Mensaje original-----
De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En
nombre de Rowland Penny
Enviado el: jueves, 22 de enero de 2015 21:16
Para: samba at lists.samba.org
Asunto: Re: [Samba] net rpc rights list - could not connect to server
127.0.0.1

On 22/01/15 19:46, Òscar Flores wrote:
> I had already checked these files (smb.conf, krb5.conf, hosts) and 
> they match each other, but the error still appears...
> Is there anything else I can check?
> Thanks
>
> -----Mensaje original-----
> De: samba-bounces at lists.samba.org 
> [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny 
> Enviado el: jueves, 22 de enero de 2015 18:06
> Para: samba at lists.samba.org
> Asunto: Re: [Samba] net rpc rights list - could not connect to server
> 127.0.0.1
>
> On 22/01/15 16:44, Òscar Flores wrote:
>> But this command returns me the rights list of administrator in AD DC.
>> I need the "rights list" of administrator in "MEMBER2".
>>
>> Here some tests:
>> *From MEMBER2:
>> #net rpc rights list accounts –Uadministrator Could not connect to 
>> server
>> 127.0.0.1  The username or password was not correct.
>>    Connection failed: NT_STATUS_LOGON_FAILURE
>>
>> #net rpc rights list accounts –Uadministrator -Smember1 MYDOMAIN 
>> \Domain Admins
>> SeDiskOperatorPrivilege   << WORKS
>>
>>   From MEMBER1:
>> #net rpc rights list accounts –Uadministrator MYDOMAIN \Domain Admins
>> SeDiskOperatorPrivilege   << WORKS!
>>
>> # net rpc rights list accounts -Uadministrator 
>> -Smember2.mydomain.local Could not connect to server 
>> member2.mydomain.local The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>>
>> Thanks for your time!
>> Oscar
>>
>> -----Mensaje original-----
>> De: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny 
>> Enviado el: jueves, 22 de enero de 2015 15:37
>> Para: samba at lists.samba.org
>> Asunto: Re: [Samba] net rpc rights list - could not connect to server
>> 127.0.0.1
>>
>> On 22/01/15 14:12, Òscar Flores wrote:
>>> Hi!
>>>
>>> I have some problems with my new member server

>>>
>>>     
>>>
>>> This is my schema:
>>>
>>>     
>>>
>>> -Doman Controller name is “DC01” and realm name is “MYDOMAIN.LOCAL” 
>>>>> WORKS!
>>>     
>>>
>>> -Member server 1, name “MEMBER1” – WORKS!
>>>
>>> #net rpc rights list accounts –Uadministrator
>>>
>>> 

>>>
>>> MYDOMAIN\Domain Admins
>>>
>>> SeDiskOperatorPrivilege
>>>
>>> 

>>>
>>>     
>>>
>>> When I run this command
 works well and I can administrate my shares 
>>> with ACL from another computer with Win7+RSAT
>>>
>>>     
>>>
>>> - Member server 2, name “MEMBER2” - FAIL!
>>>
>>> # net rpc rights list accounts –Uadministrator
>>>
>>> Enter administrator's password:
>>>
>>> Could not connect to server 127.0.0.1
>>>
>>> The username or password was not correct.
>>>
>>> Connection failed: NT_STATUS_LOGON_FAILURE
>>>
>>>     
>>>
>>> *The same error appears when I run this command:
>>>
>>> # net rpc rights grant 'MYDOMAIN\Domain Admins'
>>> SeDiskOperatorPrivilege -U'MYDOMAIN\administrator'
>>>
>>> Enter administrator's password:
>>>
>>> Could not connect to server 127.0.0.1
>>>
>>> The username or password was not correct.
>>>
>>> Connection failed: NT_STATUS_LOGON_FAILURE
>>>
>>>                    
>>>
>>> I don’t know what happens with MEMBER2 because I followed the same 
>>> instructions on both servers (MEMBER1 & MEMBER2)
>>>
>>> 1-      The 3 servers are installed with  “Ubuntu 14.04.1 LTS” + “samba
>>> 4.1.6”
>>>
>>> 2-      https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>
>>> and then

>>>
>>> 3-
>>> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_wit
>>> h
>>> _
>>> Window
>>> s_ACLs
>>>
>>> but I stopped in “SeDiskOperatorPrivilege”
 L
>>>
>>>     
>>>
>>> Any idea? Somebody can help me?
>>>
>>> Thanks in advance!
>>>
>>> Oscar
>>>
>>>     
>>>
>> Try adding '-I <AD DC ipaddress>'
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> Ah yes, see what you mean, must engage brain and read the posts 
> properly before answering :-)
>
> If one member server works and the other doesn't, it would seem that 
> there must be something different between the two machines, all I can 
> suggest at the moment is to compare the relevant files (smb.conf, 
> krb5.conf, hosts etc) and make sure that they match (where they should).
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Well, these are the packages I install on Debian wheezy for a member
server: acl attr quota samba samba-vfs-modules samba-common-bin samba-common
samba-libs libwbclient0 samba-dsdb-modules libnss-winbind smbclient
libpam-winbind libsmbclient winbind krb5-config libpam-krb5 krb5-user

and these are the files I alter/check

/etc/hosts

/etc/resolv.conf

/etc/samba/smb.conf

/etc/samba/user.map

/etc/krb5.conf

/etc/nsswitch.conf

user.map contains one line:

!root = DOMAIN\Administrator DOMAIN\administrator Administrator
administrator

Both of the member servers that I can check work, it works on both of my
DC's, so I can only think that it is either something mis-configured or a
version mis-match or something is missing.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list