[Samba] Samba 4.5 y opensuse42.1
Rowland Penny
rpenny at samba.org
Mon Oct 31 17:06:27 UTC 2016
See inline comments:
On Tue, 25 Oct 2016 16:24:29 -0400
Informatico Neurodesarrollo via samba <samba at lists.samba.org> wrote:
> Hi friends:
> I was installed Samba4 ver 4.5 on openSuSE 42.1 Leap, the smb.conf is:
>
> # Global parameters
> [global]
> netbios name = SERVERDOM
> realm = POLRMVAR.MTZ.SLD.CU
> workgroup = POLRMVAR
> dns forwarder = 10.44.0.5
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc
>
> [netlogon]
> path
> = /usr/local/samba/var/locks/sysvol/polrmvar.mtz.sld.cu/scripts read
> only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [home]
> comment = Directorios Personales
> path = /home/usuarios
> read only = No
>
> Kerberos are work fine
>
> krb5.conf:
>
> [libdefaults]
> default_realm = DOMINIO.MTZ.SLD.CU
> dns_lookup_realm = false
> dns_lookup_kdc = true
> default_ccache_name = KEYRING:persistent:%{uid}
>
>
> When I run this command while config my samba:
>
> #net rpc rights grant 'DOMINIO\Domain Admins'
> SeMachineAccountPrivilege \ SePrintOperatorPrivilege
> SeAddUsersPrivilege SeDiskOperatorPrivilege \
> SeRemoteShutdownPrivilege -UAdministrator
>
> and all work fine.
>
> but when I run this other to check rights:
>
> # net rpc rights list accounts –UAdministrator
> Enter informatico's password:
> Could not connect to server 127.0.0.1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
>
> I don't know where to look?, this is Problem #1
Well, you could try looking at the ouput you are getting, you are using
'-UAdministrator', but is asking you to 'Enter informatico's password:'
Try adding '--password=YOUR_ADMINISTRATORS_PASSWORD' to the end of the
command.
>
> The other:
>
> server:#ldapsearch -x -h servidor -s base -D
> CN=Administrator,CN=Users,CN=DOMINIO,DC=MTZ,DC=SLD,DC=CU -W
> Enter LDAP Password:
> ldap_bind: Strong(er) authentication required (8)
> additional info: BindSimple: Transport encryption required.
>
>
> I was looking around about the problem , I wish improve the security
> on my server, not lack it.
in which case, use ldbsearch with kerberos, if you must use ldapsearch,
you are going to have to use SSL, or add 'ldap server require strong
auth = no' to smb.conf, but this is decreasing security.
Rowland
>
> Any suggestion are welcome.
>
> T.I.A
>
>
More information about the samba
mailing list