[Samba] getting NT_STATUS_LOGON_FAILURE
Rowland Penny
rowlandpenny at googlemail.com
Fri Jan 9 06:12:29 MST 2015
On 09/01/15 13:04, Bob of Donelson Trophy wrote:
>
>
> I have been having issues with my W7 client "access is denied" to
> changing the security (user permissions) settings and have been posting
> regarding that issue yesterday.
>
> I have discovered that my "ads join member server" is not completely
> joined (I think.)
>
> I discovered a post from February 2014, by Louis "[Samba] member joined,
> but . . ." and ran some of his command line test strings and received
> similar results. Did some checking before moving forward:
>
> root at dtmember01:~# net ads testjoin
> Join is OK <<<<<<<<<<<< OK? Can't change permissions!
> root at dtmember01:~# net rpc rights list
> Enter root's password:
> Could not connect to server 127.0.0.1 <<<<<< why localhost?
Hi, you can stop panicking :-)
You are getting 'localhost' because you are running the command on,
well, localhost :-D
Try adding '-I address of target server' to the command.
Rowland
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE <<<<<<< look
> root at dtmember01:~# cat /etc/hosts
> 127.0.0.1 localhost
> 192.168.16.55 dtmember01.dtshrm.lan dtmember01
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> root at dtmember01:~# cat /etc/network/interfaces
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> allow-hotplug eth0
> iface eth0 inet static
> address 192.168.16.55
> netmask 255.255.255.0
> network 192.168.16.0
> broadcast 192.168.16.255
> gateway 192.168.16.106
> # dns-* options are implemented by the resolvconf package, if installed
> dns-nameservers 208.67.222.222 <<<<<< have always struggled with correct
> setting here
> dns-search dtshrm.lan
>
> Do I have anything set incorrectly?
>
> Then I ran these test string that were listed in the "member joined, but
> . . ." thread.
>
> root at dtmember01:~# net rpc rights list accounts -UadministratorEnter
> administrator's password:
> Could not connect to server 127.0.0.1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE <<<<< hum-m-m-m!!
> root at dtmember01:~# net -S dtmember01 rpc rights list account
> -UadministratorEnter administrator's password:
> Could not connect to server dtmember01
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
>
> root at dtmember01:~# net -S dtmember01.dtshrm.lan rpc rights list accounts
> -Uadministrator
> Enter administrator's password:
> BUILTINPrint Operators
> No privileges assigned
>
> BUILTINAccount Operators
> No privileges assigned
>
> BUILTINBackup Operators
> No privileges assigned
>
> BUILTINServer Operators
> No privileges assigned
>
> BUILTINAdministrators
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege <<<<<<<<<<<< hum-m-m
> SeSecurityPrivilege
> SeSystemtimePrivilege
> SeShutdownPrivilege
> SeDebugPrivilege
> SeSystemEnvironmentPrivilege
> SeSystemProfilePrivilege
> SeProfileSingleProcessPrivilege
> SeIncreaseBasePriorityPrivilege
> SeLoadDriverPrivilege
> SeCreatePagefilePrivilege
> SeIncreaseQuotaPrivilege
> SeChangeNotifyPrivilege
> SeUndockPrivilege
> SeManageVolumePrivilege
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege
>
> Everyone
> No privileges assigned
>
> root at dtmember01:~# net rpc rights grant 'DTDC01Domain Admins'
> SeDiskOperatorPrivilege -Uadministrator
> Enter administrator's password:
> Failed to grant privileges for DTDC01Domain Admins
> (NT_STATUS_ACCESS_DENIED)
>
> I tried to sort out the issues Louis was experiencing in his pam setup
> and realized that I had run his script against Debian 7.7.0 (newer than
> that available in February) and wondered if Debian (this version) pam
> files is the cause of the issue I am experiencing.
>
> Decided to post here and see what anyone thinks? Louis, are you there?
More information about the samba
mailing list