[Samba] "net rpc" commands don’t work on Samba AD DC
Alnis Morics
alnis.moritz at gmail.com
Mon Feb 6 08:03:27 UTC 2017
>> >On 01/29/2017 18:41, Marc Muehlfeld wrote:
>> >
>> >> Hello Alnis,
>> >>
>> >> Am 29.01.2017 um 17:27 schrieb Alnis Morics via samba:
>> >>> But when I try to grant Domain Admins a SeDiskOperatorPrivilege,
I get
>> >>> this:
>> >>>
>> >>> # net rpc rights grant "RW\Domain Admins" SeDiskOperatorPrivilege -U
>> >>> "RW\administrator"
>> >>> Enter RW\administrator's password:
>> >>> Could not connect to server 127.0.0.1
>> >>> Connection failed: NT_STATUS_UNSUCCESSFUL
>> >>
https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#The_net_Command_Fails_to_Connect_to_the_127.0.0.1_IP_Address
>> >>
>> >>
>> >> Regards,
>> >> Marc
>> >>
>> >Thank you, Marc.
>> >
>> >Yes, I already tried that. The result is:
>> >
>> >net rpc -I 192.168.0.192 rights list -U administrator
>> >Enter administrator's password:
>> >Could not connect to server 192.168.0.192
>> >Connection failed: NT_STATUS_UNSUCCESSFUL
>> >
>> >And, as I told, my smbd is listening on all addresses. And the error
>> >message is a bit different: not NT_STATUS_CONNECTION_REFUSED, as in
that
>> >example, but NT_STATUS_UNSUCCESSFUL -- a generic one.
>> >
>> >Alnis
>>
>>Ok, if I raise the log level to 10, I get 7 more lines at the end:
>>...
>>Could not connect to server 192.168.0.192
>>Connection failed: NT_STATUS_UNSUCCESSFUL
>>failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
>>return code = -1
>>Opening cache file at /usr/local/samba/var/cache/gencache.tdb
>>Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
>>tdb(/usr/local/samba/var/lock/gencache_notrans.tdb):
>>allrecord_mutex_lock() failed: Invalid argument
>>Could not get allrecord lock on gencache_notrans.tdb: Locking error
>>Freeing parametrics:
>>#
>>
>>Alnis
>
>"allrecord_mutex_lock() failed: Invalid argument" looks like a C
interpretator's complaint. I thought maybe there's a conflict between
gcc and Clang of FreeBSD's base system. So I removed gcc and recompiled
Samba. But no, the errors are exactly the same.
>
>I also have another FreeBSD machine (10.3) where some months ago I
built Samba 4.4.5 ADDC, and there "net rpc" commands work.
>
>Alnis
One more try.
I took Samba 4.4.9 tarball, built it, and now "net rpc" commands work as
expected, e.g.:
# net rpc rights list -U administrator
Enter administrator's password:
SeMachineAccountPrivilege Add machines to domain
SeTakeOwnershipPrivilege Take ownership of files or other objects
SeBackupPrivilege Back up files and directories
SeRestorePrivilege Restore files and directories
SeRemoteShutdownPrivilege Force shutdown from a remote system
SePrintOperatorPrivilege Manage printers
SeAddUsersPrivilege Add users and groups to the domain
SeDiskOperatorPrivilege Manage disk shares
SeSecurityPrivilege System security
SeSystemtimePrivilege Set the system clock
SeShutdownPrivilege Shutdown the system
SeDebugPrivilege Debug processes
SeSystemEnvironmentPrivilege Modify system environment
SeSystemProfilePrivilege Profile the system
SeProfileSingleProcessPrivilege Profile one process
SeIncreaseBasePriorityPrivilege Increase base priority
SeLoadDriverPrivilege Load drivers
SeCreatePagefilePrivilege Create page files
SeIncreaseQuotaPrivilege Increase quota
SeChangeNotifyPrivilege Register for change notify
SeUndockPrivilege Undock devices
SeManageVolumePrivilege Manage system volumes
SeImpersonatePrivilege Impersonate users
SeCreateGlobalPrivilege Create global
SeEnableDelegationPrivilege Enable Delegation
Appears that 4.5.X introduce something that FreeBSD doesn't like, but
ok. I now proceeded with 4.4.9 to joining Windows clients and stopped at
another problem, but that's a separate topic.
Alnis
More information about the samba
mailing list