[Samba] NT_STATUS_CONNECTION_REFUSED, again!!!

Bob of Donelson Trophy bob at donelsontrophy.net
Fri Feb 27 10:28:46 MST 2015 

 

I thought I was over this the other day when I got it to work properly
on my VM. 

Now, on an actual PC I am getting: 

==========Test kerberos =============================== 

Lets test some things 

Testing : kerberos 

Password for Administrator at DTSHRM.DT: 

Warning: Your password will expire in 41 days on Fri Apr 10 08:43:58
2015 

Ticket cache: FILE:/tmp/krb5cc_0 

Default principal: Administrator at DTSHRM.DT 

Valid starting Expires Service principal 

27/02/2015 07:45 27/02/2015 17:45 krbtgt/DTSHRM.DT at DTSHRM.DT 

renew until 28/02/2015 07:45, Etype (skey, tkt):
aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 

==========SE Privileges =============================== 

Enter Administrator's password: 

Could not connect to server 127.0.0.1 

Connection failed: NT_STATUS_CONNECTION_REFUSED 

I snipped some excess<<<<<<<< 

Enter Administrator's password: 

Could not connect to server 127.0.0.1 

Connection failed: NT_STATUS_CONNECTION_REFUSED 

Enter Administrator's password: 

Successfully granted rights. 

Enter Administrator's password: 

I snipped some excess<<<<<<<<<<< 

Enter Administrator's password: 

Successfully granted rights. 

==========Test DNS Records =============================== 

Testing : dns entries 

testing of : host -t SRV _ldap._tcp.dtshrm.dt. : ok 

testing of : host -t SRV _kerberos._udp.dtshrm.dt. : ok 

testing of : host -t A dtdc01.dtshrm.dt. : ok 

I snipped the ending<<<<< 

I have had the chance to try this several times (thanks to backups) and
each time a different number of failures and then "Successfully granted
rights." 

Generally there are anywhere from 12 to 17 failures across two attempts
(that I paid close attention too, out of five tries.) 

And, because I have two identical computers (one that will become DC1
and the other DC2) I switched machines, just to make sure it wasn't a
hardware 

issue. It's not! 

When I run one of the failed script line manually, I get: 

root at dc01:~# echo ${SAMBA_NT_ADMIN_PASS}| net rpc rights grant
"${SAMBA_NT_DOMAIN}Domain Admins" SeDiskOperatorPrivilege
-UAdministrator 

Enter Administrator's password: 

Could not connect to server 127.0.0.1 

The username or password was not correct. 

Connection failed: NT_STATUS_LOGON_FAILURE 

That might have failed because . . . . so, I tried this: 

root at dc01:~# net rpc rights grant "${SAMBA_NT_DOMAIN}Domain Admins"
SeDiskOperatorPrivilege -UAdministrator 

Enter Administrator's password: 

Failed to grant privileges for Domain Admins (NT_STATUS_NO_SUCH_USER) 

So, the script is not creating the "Domain Admins"? Confused, for
sure!!!! 

-- 

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"
 

Links:
------
[1] http://www.donelsontrophy.com

More information about the samba mailing list