thr3ads.net - samba - [Samba] SePrintOperatorPrivilege NT_STATUS_LOGON

If this information is useful, please help other people find it:
Share via:

calm.job89448 at fastmail.com

2024-Jun-05 10:46 UTC

[Samba] SePrintOperatorPrivilege NT_STATUS_LOGON_FAILURE

Hi everyone,

I seem to have come to a dead end, so here I am, turning to you, asking for your
expertise. :)

Whenever I try

net rpc rights grant 'MYDOMAIN\grp_it_members' SePrintOperatorPrivilege
-U'MYDOMAIN\admin'

I get this error:

Password for [MYDOMAIN\admin]:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

Password is correct, I tried other users as well, with the same result.
Here's the relevant part of the smb.conf:

[global]
security = ADS
workgroup = MYDOMAIN
realm = MYDOMAIN.WORK
server role = member server
log file = /var/log/samba/%m.log
bind interfaces only = yes
# Please substitute your own physical cards here:
interfaces = lo ens18

# Enable Group Policy application in winbind,
apply group policies = yes

# winbind config:
winbind use default domain = yes

# The following options are only useful for testing. Comment out in production.
# winbind enum users = yes  
# winbind enum groups = yes

# Map Administrator to root
username map = /etc/samba/user.map
min domain uid = 0

# Kerberos
winbind refresh tickets = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab


I found this in the Samba-Wiki:
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
and made sure user.map and smb.conf are correct.

Joining worked fine, I can ping the DC browse users and groups ... only this
doesn't work.

Any ideas?!

Thanks so much in advance,
 khalid

Rowland Penny

2024-Jun-05 13:54 UTC

head link

[Samba] SePrintOperatorPrivilege NT_STATUS_LOGON_FAILURE

On Wed, 05 Jun 2024 12:46:11 +0200
Khalid via samba <samba at lists.samba.org> wrote:
> Hi everyone,
> 
> I seem to have come to a dead end, so here I am, turning to you,
> asking for your expertise. :)
> 
> Whenever I try
> 
> net rpc rights grant 'MYDOMAIN\grp_it_members'
> SePrintOperatorPrivilege -U'MYDOMAIN\admin'
> 
> I get this error:
> 
> Password for [MYDOMAIN\admin]:
> Could not connect to server 127.0.0.1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
Are you doing this as 'root' or with sudo ?

Rowland

samba - Jun 2024 - SePrintOperatorPrivilege NT_STATUS_LOGON_FAILURE

[Samba] SePrintOperatorPrivilege NT_STATUS_LOGON_FAILURE

[Samba] SePrintOperatorPrivilege NT_STATUS_LOGON_FAILURE