[Samba] NT_STATUS_CONNECTION_REFUSED, again!!!

Bob of Donelson Trophy bob at donelsontrophy.net
Fri Feb 27 11:00:43 MST 2015


 

Thanks Rowland. 

Being the novice that I am, I thought the line would 'pickup' my DOMAIN
and replace the ${SAMBA_NT_DOMAIN}. So, I just tried the line correctly
and it asked for my Administrator password and subsequently granted
access. At least I know I can go and correct manually, if I need too. 

My /etc/resolv.conf is: 

root at dt01:~# cat /etc/resolv.conf 

search dts***m.dt 

nameserver 192.168.16.51 

The nameserver is resolving to "itself", the DC01. (As you know, this is
created through the script.) 

The "wbinfo -g" says that "Domain Admins" is indeed in the groups. 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-02-27 11:43, Rowland Penny wrote: 

> On 27/02/15 17:28, Bob of Donelson Trophy wrote:
> 
>> I thought I was over this the other day when I got it to work properly on my VM. Now, on an actual PC I am getting: ==========Test kerberos =============================== Lets test some things Testing : kerberos Password for Administrator at DTSHRM.DT: Warning: Your password will expire in 41 days on Fri Apr 10 08:43:58 2015 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator at DTSHRM.DT Valid starting Expires Service principal 27/02/2015 07:45 27/02/2015 17:45 krbtgt/DTSHRM.DT at DTSHRM.DT renew until 28/02/2015 07:45, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 ==========SE Privileges =============================== Enter Administrator's password: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_CONNECTION_REFUSED I snipped some excess<<<<<<<< Enter Administrator's password: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_CONNECTION_REFUSED Enter Administrator's password: Successfully granted rights. Ent
 er
Administrator's password: I snipped some excess<<<<<<<<<<< Enter Administrator's password: Successfully granted rights. ==========Test DNS Records =============================== Testing : dns entries testing of : host -t SRV _ldap._tcp.dtshrm.dt. : ok testing of : host -t SRV _kerberos._udp.dtshrm.dt. : ok testing of : host -t A dtdc01.dtshrm.dt. : ok I snipped the ending<<<<< I have had the chance to try this several times (thanks to backups) and each time a different number of failures and then "Successfully granted rights." Generally there are anywhere from 12 to 17 failures across two attempts (that I paid close attention too, out of five tries.) And, because I have two identical computers (one that will become DC1 and the other DC2) I switched machines, just to make sure it wasn't a hardware issue. It's not! When I run one of the failed script line manually, I get: root at dc01:~# echo ${SAMBA_NT_ADMIN_PASS}| net rpc rights grant "${SAMBA_NT_DOMAIN}Domain Admins"
SeDiskOperatorPrivilege -UAdministrator Enter Administrator's password: Could not connect to server 127.0.0.1 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE That might have failed because . . . . so, I tried this: root at dc01:~# net rpc rights grant "${SAMBA_NT_DOMAIN}Domain Admins" SeDiskOperatorPrivilege -UAdministrator Enter Administrator's password: Failed to grant privileges for Domain Admins (NT_STATUS_NO_SUCH_USER) So, the script is not creating the "Domain Admins"? Confused, for sure!!!!
> 
> Hi Bob, what have you got in /etc/resolv.conf ?
> 
> I also take it that when you ran the lines manually, you replaced the variables with the correct info.
> 
> The script doesn't create Domain Admins, this is done by the provision, run 'wbinfo -g' this should print all your domain groups.
> 
> Rowland
 

Links:
------
[1] http://www.donelsontrophy.com


More information about the samba mailing list