[Samba] net rpc rights grant fail to connect 127.0.0.1

L.P.H. van Belle belle at bazuin.nl
Mon Jul 13 12:49:56 UTC 2020 

(Ah, just finish my message and Rowland also mosted. Well, see this as extra info )

This "should" not be needed.  

Run this : 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivileges.sh 
bash samba-check-SePrivileges.sh 
And you see all default settings. 

And you should see: (everyhere) but i picked SeDiskOperatorPrivilege as example

SeDiskOperatorPrivilege:
  BUILTIN\Administrators

"DOMAIN\Domain Admins" is by default a member of "BUILTIN\Administrators" 

So im wondering why you need "SAMDOM\Unix Admins" to SeDiskOperatorPrivilege 
When you can add "SAMDOM\Unix Admins" to the windows group "DOMAIN\Domain Admins"  
With the same result in the end. Unix admin having rights like "dom admins" 


So can you explain it a bit why you want to set it? there might also be a good reason to. 
But i dont know if thats the case. 

Also, to the source source of this. 
"could not connect to server 127.0.0.1 connection failed: NT_STATUS_CONNECTION_REFUSED" 

I see your running the AD-DC as fileserver. 
Then you cant use the "net" command. 

Can you post the output of : 
/etc/hosts
/etc/resolv.conf 
/etc/krb5.conf 
/etc/nsswitch.conf
/etc/idmapd.conf (if exists)
ip a 
hostname -f
hostname -d
hostname -s
hostname -i 
hostname -I

And offcourse the smb.conf 
Last the ipnummers of your AD-DC, if i was wrong im my asumption above that this is the AD-DC. 

That should give us all we need to know. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Douglas G. Oechsler via samba
> Verzonden: maandag 13 juli 2020 14:13
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] net rpc rights grant fail to connect 127.0.0.1
> 
> Hello!
> 
> I am trying to do the command:
> *net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U
> "SAMDOM\administrator"*
> *could not connect to server 127.0.0.1*
> *connection failed: NT_STATUS_CONNECTION_REFUSED*
> 
> All steps from original samba wiki. The distro is Opensuse 
> 15.1 64 bits, on
> Oracle VM, static IP.
> I did read several blogs, docs, samba mailing list. Trying many
> configurations to solve or connect AD-DC.
> 
> *some steps: ad-dc*
> in smb.conf:
> bind interfaces only = yes
> interfaces = lo eth0
>  dns forwarder = IP-AD-DC DNS
> 
> after command *systemctl status samba-ad-dc*
> 
> jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800684,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> jul 13 08:58:09 dclinux samba[2146]:   
> /usr/sbin/samba_dnsupdate: Traceback
> (most recent call last):
> jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800882,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> jul 13 08:58:09 dclinux samba[2146]:   
> /usr/sbin/samba_dnsupdate:   File
> "/usr/sbin/samba_dnsupdate", line 56, in <module>
> jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800934,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> jul 13 08:58:09 dclinux samba[2146]:   /usr/sbin/samba_dnsupdate:
> import dns.resolver
> jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800972,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> jul 13 08:58:09 dclinux samba[2146]:   /usr/sbin/samba_dnsupdate:
> ModuleNotFoundError: No module named 'dns'
> jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.818318,  0]
> ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
> jul 13 08:58:09 dclinux samba[2146]:  * 
> dnsupdate_nameupdate_done: Failed
> DNS update with exit code 1*
> 
> I am lost and do not know what to do.
> 
> Please, someone can help me?
> 
> Thanks so much
> 
> Douglas
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list