On Wed, Apr 22, 2015 at 11:09 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:> but this should have worked, with the correct pass.. > echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U > Administrator -c 'ls' > >Something almost worked ---- [root at a10 ~]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U Administrator -c 'ls' Enter Administrator's password: Anonymous login successful Domain=[CONPAGO] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7] tree connect failed: NT_STATUS_ACCESS_DENIED [root at a10 ~]#
On Wed, 22 Apr 2015, Mike wrote:> Something almost worked ---- > > [root at a10 ~]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon > -U Administrator -c 'ls' > Enter Administrator's password: > Anonymous login successful > Domain=[CONPAGO] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7] > tree connect failed: NT_STATUS_ACCESS_DENIEDI noticed in your original email you are using rfc2307 extensions, but there is nothing in your config about winbind. AFAIK, "smbd" (the samba file server) does not talk to the DC (the process named "samba") directly, it uses system authentication. So if getent passwd Administrator does not work, you won't be able to log in. If you're using rfc2307 extensions rather than automatic mapping, you will have to give the Administrator account a uid (and probably a gid for it's primary group, as well), if you haven't already.
On 22/04/15 17:25, Sketch wrote:> On Wed, 22 Apr 2015, Mike wrote: > >> Something almost worked ---- >> >> [root at a10 ~]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient >> //localhost/netlogon >> -U Administrator -c 'ls' >> Enter Administrator's password: >> Anonymous login successful >> Domain=[CONPAGO] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7] >> tree connect failed: NT_STATUS_ACCESS_DENIED > > I noticed in your original email you are using rfc2307 extensions, but > there is nothing in your config about winbind. AFAIK, "smbd" (the > samba file server) does not talk to the DC (the process named "samba") > directly, it uses system authentication. So if getent passwd > Administrator does not work, you won't be able to log in. If you're > using rfc2307 extensions rather than automatic mapping, you will have > to give the Administrator account a uid (and probably a gid for it's > primary group, as well), if you haven't already.The OP is trying to authenticate on the samba4 AD DC, out of the box, without any mods, this is the only machine that you are guaranteed to get a response. I also think that he is trying to run the DC on a dhcp client, not a good idea. Rowland