[Samba] Samba 4.5 y opensuse42.1

Mon Oct 31 17:06:27 UTC 2016

See inline comments:

On Tue, 25 Oct 2016 16:24:29 -0400
Informatico Neurodesarrollo via samba <samba at lists.samba.org> wrote:

> Hi friends:
> I was installed Samba4 ver 4.5 on openSuSE 42.1 Leap, the smb.conf is:
> 
> # Global parameters
> [global]
>      netbios name = SERVERDOM
>      realm = POLRMVAR.MTZ.SLD.CU
>      workgroup = POLRMVAR
>      dns forwarder = 10.44.0.5
>      server role = active directory domain controller
>      server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc
> 
> [netlogon]
>      path
> = /usr/local/samba/var/locks/sysvol/polrmvar.mtz.sld.cu/scripts read
> only = No
> 
> [sysvol]
>      path = /usr/local/samba/var/locks/sysvol
>      read only = No
> 
> [home]
>      comment = Directorios Personales
>      path = /home/usuarios
>      read only = No
> 
> Kerberos are work fine
> 
> krb5.conf:
> 
> [libdefaults]
>      default_realm = DOMINIO.MTZ.SLD.CU
>      dns_lookup_realm = false
>      dns_lookup_kdc = true
>      default_ccache_name = KEYRING:persistent:%{uid}
> 
> 
> When I run this command while config my samba:
> 
> #net rpc rights grant 'DOMINIO\Domain Admins'
> SeMachineAccountPrivilege \ SePrintOperatorPrivilege
> SeAddUsersPrivilege SeDiskOperatorPrivilege \
> SeRemoteShutdownPrivilege -UAdministrator
> 
> and all work fine.
> 
> but when I run this other to check rights:
> 
> # net rpc rights list accounts –UAdministrator
> Enter informatico's password:
> Could not connect to server 127.0.0.1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
> 
> I don't know where to look?, this is Problem #1

Well, you could try looking at the ouput you are getting, you are using
'-UAdministrator', but is asking you to 'Enter informatico's password:'

Try adding '--password=YOUR_ADMINISTRATORS_PASSWORD' to the end of the
command.

> 
> The other:
> 
> server:#ldapsearch -x -h servidor -s base -D 
> CN=Administrator,CN=Users,CN=DOMINIO,DC=MTZ,DC=SLD,DC=CU -W
> Enter LDAP Password:
> ldap_bind: Strong(er) authentication required (8)
>      additional info: BindSimple: Transport encryption required.
> 
> 
> I was looking around about the problem , I wish improve the security
> on my server, not lack it.

in which case, use ldbsearch with kerberos, if you must use ldapsearch,
you are going to have to use SSL, or add 'ldap server require strong
auth = no' to smb.conf, but this is decreasing security.

Rowland
> 
> Any suggestion are welcome.
> 
> T.I.A
> 
> 