[Samba] net rpc rights list - could not connect to server 127.0.0.1

Rowland Penny rowlandpenny at googlemail.com
Thu Jan 22 13:15:53 MST 2015


On 22/01/15 19:46, Òscar Flores wrote:
> I had already checked these files (smb.conf, krb5.conf, hosts) and they
> match each other, but the error still appears...
> Is there anything else I can check?
> Thanks
>
> -----Mensaje original-----
> De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En
> nombre de Rowland Penny
> Enviado el: jueves, 22 de enero de 2015 18:06
> Para: samba at lists.samba.org
> Asunto: Re: [Samba] net rpc rights list - could not connect to server
> 127.0.0.1
>
> On 22/01/15 16:44, Òscar Flores wrote:
>> But this command returns me the rights list of administrator in AD DC.
>> I need the "rights list" of administrator in "MEMBER2".
>>
>> Here some tests:
>> *From MEMBER2:
>> #net rpc rights list accounts –Uadministrator Could not connect to
>> server
>> 127.0.0.1  The username or password was not correct.
>>    Connection failed: NT_STATUS_LOGON_FAILURE
>>
>> #net rpc rights list accounts –Uadministrator -Smember1 MYDOMAIN
>> \Domain Admins
>> SeDiskOperatorPrivilege   << WORKS
>>
>>   From MEMBER1:
>> #net rpc rights list accounts –Uadministrator MYDOMAIN \Domain Admins
>> SeDiskOperatorPrivilege   << WORKS!
>>
>> # net rpc rights list accounts -Uadministrator
>> -Smember2.mydomain.local Could not connect to server
>> member2.mydomain.local The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>>
>> Thanks for your time!
>> Oscar
>>
>> -----Mensaje original-----
>> De: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny
>> Enviado el: jueves, 22 de enero de 2015 15:37
>> Para: samba at lists.samba.org
>> Asunto: Re: [Samba] net rpc rights list - could not connect to server
>> 127.0.0.1
>>
>> On 22/01/15 14:12, Òscar Flores wrote:
>>> Hi!
>>>
>>> I have some problems with my new member server…
>>>
>>>     
>>>
>>> This is my schema:
>>>
>>>     
>>>
>>> -Doman Controller name is “DC01” and realm name is “MYDOMAIN.LOCAL” –
>> WORKS!
>>>     
>>>
>>> -Member server 1, name “MEMBER1” – WORKS!
>>>
>>> #net rpc rights list accounts –Uadministrator
>>>
>>>>>>
>>> MYDOMAIN\Domain Admins
>>>
>>> SeDiskOperatorPrivilege
>>>
>>>>>>
>>>     
>>>
>>> When I run this command… works well and I can administrate my shares
>>> with ACL from another computer with Win7+RSAT
>>>
>>>     
>>>
>>> - Member server 2, name “MEMBER2” - FAIL!
>>>
>>> # net rpc rights list accounts –Uadministrator
>>>
>>> Enter administrator's password:
>>>
>>> Could not connect to server 127.0.0.1
>>>
>>> The username or password was not correct.
>>>
>>> Connection failed: NT_STATUS_LOGON_FAILURE
>>>
>>>     
>>>
>>> *The same error appears when I run this command:
>>>
>>> # net rpc rights grant 'MYDOMAIN\Domain Admins'
>>> SeDiskOperatorPrivilege -U'MYDOMAIN\administrator'
>>>
>>> Enter administrator's password:
>>>
>>> Could not connect to server 127.0.0.1
>>>
>>> The username or password was not correct.
>>>
>>> Connection failed: NT_STATUS_LOGON_FAILURE
>>>
>>>                    
>>>
>>> I don’t know what happens with MEMBER2 because I followed the same
>>> instructions on both servers (MEMBER1 & MEMBER2)
>>>
>>> 1-      The 3 servers are installed with  “Ubuntu 14.04.1 LTS” + “samba
>>> 4.1.6”
>>>
>>> 2-      https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>
>>> and then…
>>>
>>> 3-
>>> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with
>>> _
>>> Window
>>> s_ACLs
>>>
>>> but I stopped in “SeDiskOperatorPrivilege”… L
>>>
>>>     
>>>
>>> Any idea? Somebody can help me?
>>>
>>> Thanks in advance!
>>>
>>> Oscar
>>>
>>>     
>>>
>> Try adding '-I <AD DC ipaddress>'
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> Ah yes, see what you mean, must engage brain and read the posts properly
> before answering :-)
>
> If one member server works and the other doesn't, it would seem that there
> must be something different between the two machines, all I can suggest at
> the moment is to compare the relevant files (smb.conf, krb5.conf, hosts etc)
> and make sure that they match (where they should).
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Well, these are the packages I install on Debian wheezy for a member 
server: acl attr quota samba samba-vfs-modules samba-common-bin 
samba-common samba-libs libwbclient0 samba-dsdb-modules libnss-winbind 
smbclient libpam-winbind libsmbclient winbind krb5-config libpam-krb5 
krb5-user

and these are the files I alter/check

/etc/hosts

/etc/resolv.conf

/etc/samba/smb.conf

/etc/samba/user.map

/etc/krb5.conf

/etc/nsswitch.conf

user.map contains one line:

!root = DOMAIN\Administrator DOMAIN\administrator Administrator 
administrator

Both of the member servers that I can check work, it works on both of my 
DC's, so I can only think that it is either something mis-configured or 
a version mis-match or something is missing.

Rowland


More information about the samba mailing list