[Samba] Authentication problem

L.P.H. van Belle belle at bazuin.nl
Wed Jun 29 12:55:51 UTC 2016


Ok, but you changed your hosts file :-p
You removed 127.0.1.1  ..  ..  


So now then, whats wrong here...

>/etc/resolv.conf points to the dc as a nameserver
>
>search mydom.lan
>nameserver IP.of.my.dc
>
>/etc/hosts
>127.0.0.1	localhost
>xxx.xxx.xxx.xxx	fs.mydom.lan	fs
>
># The following lines are desirable for IPv6 capable hosts
>::1     localhost ip6-localhost ip6-loopback
>ff02::1 ip6-allnodes
>ff02::2 ip6-allrouters

Nothing in my opinion. 

So a new big mistry.. 

Why does : 
net rpc rights list accounts -U"MYDOM\Administrator" 
work with dhcp and a /etc/hosts  with only 127.0.0.1 in it. 

and why does a server with static ip errors 
net rpc rights list accounts -U"MYDOM\Administrator"
Enter MYDOM\Administrator's password:
Could not connect to server 127.0.0.1 The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

While net rpc rights list accounts -U"MYDOM\Administrator" -S ADDC.MYDOMAIN.TLD work. 

A ping ADDC.MYDOMAIN.TLD works also. 
And a correct krb5.conf. 

cat /etc/krb5.conf
[libdefaults]
    default_realm = ROTTERDAM.BAZUIN.NL
    dns_lookup_kdc = true

and kinit Administrator
works also.. 


Rowland can you show me your  /etc/dhcp/dhclient.conf,
and the result of the dhcp client. /var/lib/dhcp/dhclient.leases

Can you try this again and add this to your hosts file. 
># The following lines are desirable for IPv6 capable hosts
>::1     localhost ip6-localhost ip6-loopback
>ff02::1 ip6-allnodes
>ff02::2 ip6-allrouters

And try it again also, lets see what happens.. 
I dont now whats the difference here. You know my setup but i have/had the same as the topic starter. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> 
> Cannot agree with you Louis, AD relies on DNS and as such, the net
> command should be able to find the DC by dns.
> 
> My /etc/resolv.conf searches the domain and uses the DCs as nameservers,
> all there is in /etc/hosts (apart from ipv6 lines) is
> 
> 127.0.0.1    localhost
> 
> When I run the same command as the OP (just changing the domain) it
> works for me. I would still be interested in seeing the info I last
> asked for.
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list