[Samba] net rpc rights list - could not connect to server 127.0.0.1

[Òscar Flores]

Hi!

I have some problems with my new member server…



This is my schema:



-Doman Controller name is “DC01” and realm name is “MYDOMAIN.LOCAL” – WORKS!



-Member server 1, name “MEMBER1” – WORKS!

#net rpc rights list accounts –Uadministrator

…

MYDOMAIN\Domain Admins

SeDiskOperatorPrivilege

…



When I run this command… works well and I can administrate my shares with
ACL from another computer with Win7+RSAT



- Member server 2, name “MEMBER2” - FAIL!

# net rpc rights list accounts –Uadministrator

Enter administrator's password:

Could not connect to server 127.0.0.1

The username or password was not correct.

Connection failed: NT_STATUS_LOGON_FAILURE



*The same error appears when I run this command:

# net rpc rights grant 'MYDOMAIN\Domain Admins' SeDiskOperatorPrivilege
-U'MYDOMAIN\administrator'

Enter administrator's password:

Could not connect to server 127.0.0.1

The username or password was not correct.

Connection failed: NT_STATUS_LOGON_FAILURE



I don’t know what happens with MEMBER2 because I followed the same
instructions on both servers (MEMBER1 & MEMBER2)

1- The 3 servers are installed with “Ubuntu 14.04.1 LTS” + “samba
4.1.6”

2- https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

and then…

3-
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Window
s_ACLs

but I stopped in “SeDiskOperatorPrivilege”… L



Any idea? Somebody can help me?

Thanks in advance!

Oscar



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Rowland Penny]

Try adding '-I <AD DC ipaddress>'

Rowland

[Òscar Flores]

But this command returns me the rights list of administrator in AD DC. I
need the "rights list" of administrator in "MEMBER2".

Here some tests:
*From MEMBER2:
#net rpc rights list accounts –Uadministrator Could not connect to server

127.0.0.1 The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

#net rpc rights list accounts –Uadministrator -Smember1 MYDOMAIN \Domain
Admins
SeDiskOperatorPrivilege << WORKS

From MEMBER1:

#net rpc rights list accounts –Uadministrator MYDOMAIN \Domain Admins

SeDiskOperatorPrivilege << WORKS!

# net rpc rights list accounts -Uadministrator -Smember2.mydomain.local
Could not connect to server member2.mydomain.local The username or password

was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

Thanks for your time!
Oscar

-----Mensaje original-----
De: samba-...@lists.samba.org [mailto:samba-...@lists.samba.org] En
nombre de Rowland Penny
Enviado el: jueves, 22 de enero de 2015 15:37
Para: sa...@lists.samba.org
Asunto: Re: [Samba] net rpc rights list - could not connect to server

[Rowland Penny]

Ah yes, see what you mean, must engage brain and read the posts properly
before answering :-)

If one member server works and the other doesn't, it would seem that
there must be something different between the two machines, all I can
suggest at the moment is to compare the relevant files (smb.conf,
krb5.conf, hosts etc) and make sure that they match (where they should).

[Òscar Flores]

I had already checked these files (smb.conf, krb5.conf, hosts) and they
match each other, but the error still appears...
Is there anything else I can check?
Thanks

-----Mensaje original-----
De: samba-...@lists.samba.org [mailto:samba-...@lists.samba.org] En
nombre de Rowland Penny

Enviado el: jueves, 22 de enero de 2015 18:06

[Rowland Penny]

Well, these are the packages I install on Debian wheezy for a member
server: acl attr quota samba samba-vfs-modules samba-common-bin
samba-common samba-libs libwbclient0 samba-dsdb-modules libnss-winbind
smbclient libpam-winbind libsmbclient winbind krb5-config libpam-krb5
krb5-user

and these are the files I alter/check

/etc/hosts

/etc/resolv.conf

/etc/samba/smb.conf

/etc/samba/user.map

/etc/krb5.conf

/etc/nsswitch.conf

user.map contains one line:

!root = DOMAIN\Administrator DOMAIN\administrator Administrator
administrator

Both of the member servers that I can check work, it works on both of my
DC's, so I can only think that it is either something mis-configured or
a version mis-match or something is missing.

[Òscar Flores]

SOLVED!
The solution is here >>
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting

Thank you for your help Rowland!

Oscar

-----Mensaje original-----
De: samba-...@lists.samba.org [mailto:samba-...@lists.samba.org] En
nombre de Rowland Penny

Enviado el: jueves, 22 de enero de 2015 21:16

[Òscar Flores]

SOLVED!
The solution is here >>
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting

Thank you for your help Rowland!

Oscar
-----Mensaje original-----
De: samba-...@lists.samba.org [mailto:samba-...@lists.samba.org] En
nombre de Rowland Penny

Enviado el: jueves, 22 de enero de 2015 21:16

[L.P.H. van Belle]

I have a small correction on this.

>https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting

this user mapping..
!root = SAMDOM\Administrator SAMDOM\administrator Administrator administrator

should really be
this user mapping..
!root = SAMDOM\Administrator SAMDOM\administrator

If gives mixed results in the security tab in windows if you keep also keep :
Administrator administrator in the user mapping file

And if you do want them in,

i suggest to use :

BUILDIN\Administrator BUILDIN\administrator


but imo should not be needed.
and SID SAMDOM\Administrator is not the same as SID BUILDIN\Administrator

Any other toughts about this?

Louis