[Samba] "net rpc" commands don’t work on Samba AD DC

Alnis Morics alnis.moritz at gmail.com
Mon Feb 6 08:03:27 UTC 2017

 >> >On 01/29/2017 18:41, Marc Muehlfeld wrote:
 >> >
 >> >> Hello Alnis,
 >> >>
 >> >> Am 29.01.2017 um 17:27 schrieb Alnis Morics via samba:
 >> >>> But when I try to grant Domain Admins a SeDiskOperatorPrivilege, 
I get
 >> >>> this:
 >> >>>
 >> >>> # net rpc rights grant "RW\Domain Admins" SeDiskOperatorPrivilege -U
 >> >>> "RW\administrator"
 >> >>> Enter RW\administrator's password:
 >> >>> Could not connect to server
 >> >>> Connection failed: NT_STATUS_UNSUCCESSFUL
 >> >> 
 >> >>
 >> >>
 >> >> Regards,
 >> >> Marc
 >> >>
 >> >Thank you, Marc.
 >> >
 >> >Yes, I already tried that. The result is:
 >> >
 >> >net rpc -I rights list -U administrator
 >> >Enter administrator's password:
 >> >Could not connect to server
 >> >Connection failed: NT_STATUS_UNSUCCESSFUL
 >> >
 >> >And, as I told, my smbd is listening on all addresses. And the error
 >> >message is a bit different: not NT_STATUS_CONNECTION_REFUSED, as in 
 >> >example, but NT_STATUS_UNSUCCESSFUL -- a generic one.
 >> >
 >> >Alnis
 >>Ok, if I raise the log level to 10, I get 7 more lines at the end:
 >>Could not connect to server
 >>Connection failed: NT_STATUS_UNSUCCESSFUL
 >>failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
 >>return code = -1
 >>Opening cache file at /usr/local/samba/var/cache/gencache.tdb
 >>Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
 >>allrecord_mutex_lock() failed: Invalid argument
 >>Could not get allrecord lock on gencache_notrans.tdb: Locking error
 >>Freeing parametrics:
 >"allrecord_mutex_lock() failed: Invalid argument" looks like a C 
interpretator's complaint. I thought maybe there's a conflict between 
gcc and Clang of FreeBSD's base system. So I removed gcc and recompiled 
Samba. But no, the errors are exactly the same.
 >I also have another FreeBSD machine (10.3) where some months ago I 
built Samba 4.4.5 ADDC, and there "net rpc" commands work.

One more try.
I took Samba 4.4.9 tarball, built it, and now "net rpc" commands work as 
expected, e.g.:

# net rpc rights list -U administrator
Enter administrator's password:
      SeMachineAccountPrivilege  Add machines to domain
       SeTakeOwnershipPrivilege  Take ownership of files or other objects
              SeBackupPrivilege  Back up files and directories
             SeRestorePrivilege  Restore files and directories
      SeRemoteShutdownPrivilege  Force shutdown from a remote system
       SePrintOperatorPrivilege  Manage printers
            SeAddUsersPrivilege  Add users and groups to the domain
        SeDiskOperatorPrivilege  Manage disk shares
            SeSecurityPrivilege  System security
          SeSystemtimePrivilege  Set the system clock
            SeShutdownPrivilege  Shutdown the system
               SeDebugPrivilege  Debug processes
   SeSystemEnvironmentPrivilege  Modify system environment
       SeSystemProfilePrivilege  Profile the system
SeProfileSingleProcessPrivilege  Profile one process
SeIncreaseBasePriorityPrivilege  Increase base priority
          SeLoadDriverPrivilege  Load drivers
      SeCreatePagefilePrivilege  Create page files
       SeIncreaseQuotaPrivilege  Increase quota
        SeChangeNotifyPrivilege  Register for change notify
              SeUndockPrivilege  Undock devices
        SeManageVolumePrivilege  Manage system volumes
         SeImpersonatePrivilege  Impersonate users
        SeCreateGlobalPrivilege  Create global
    SeEnableDelegationPrivilege  Enable Delegation

Appears that 4.5.X introduce something that FreeBSD doesn't like, but 
ok. I now proceeded with 4.4.9 to joining Windows clients and stopped at 
another problem, but that's a separate topic.


More information about the samba mailing list