Paul Griffith
2006-Jul-25 16:11 UTC
[Samba] rpc command function failed! (NT_STATUS_ACCESS_DENIED) trying to grant privileges - 3.0.23a
Greetings, I am in the process of testing Samba 3.0.23a with our own passdb plugin. As part of mytesting I am trying to join the domin so here are the steps I take... 1 - get local sid /usr/local/samba/bin/net getlocalsid SID for domain JAZZY is: S-1-5-21-1016995387-3159270912-1426853295 2 - create group mappings [paulg@jazzy ~]$ /usr/local/samba/bin/net groupmap list Domain Users (S-1-5-21-1016995387-3159270912-1426853295-513) -> users Domain Admins (S-1-5-21-1016995387-3159270912-1426853295-512) -> tech Domain Guests (S-1-5-21-1016995387-3159270912-1426853295-514) -> nobody [paulg@jazzy ~]$ 3 - Assign privileges to tech group so they can join machines to the domain. net -d 3 -S JAZZY rpc rights grant 'JAZZY\tech' SeMachineAccountPrivilege [paulg@jazzy sbin]$ /usr/local/samba/bin/net -d 3 -S JAZZY rpc rights grant 'JAZZY\tech' SeMachineAccountPrivilege [2006/07/25 11:37:50, 3] param/loadparm.c:lp_load(4945) lp_load: refreshing parameters [2006/07/25 11:37:50, 3] param/loadparm.c:init_globals(1410) Initialising global parameters [2006/07/25 11:37:50, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" [2006/07/25 11:37:50, 3] param/loadparm.c:do_section(3687) Processing section "[global]" [2006/07/25 11:37:50, 1] param/loadparm.c:lp_do_parameter(3426) WARNING: The "printer admin" option is deprecated [2006/07/25 11:37:50, 2] lib/interface.c:add_interface(81) added interface ip=130.xx.xx.xx bcast=130.xx.xx.xx nmask=255.255.255.0 [2006/07/25 11:37:50, 3] libsmb/namequery.c:resolve_lmhosts(939) resolve_lmhosts: Attempting lmhosts lookup for name JAZZY<0x20> [2006/07/25 11:37:50, 3] libsmb/namequery.c:resolve_wins(836) resolve_wins: Attempting wins lookup for name JAZZY<0x20> [2006/07/25 11:37:50, 3] libsmb/namequery.c:resolve_wins(875) resolve_wins: using WINS server 130.xx.xx.xx and tag '*' [2006/07/25 11:37:50, 2] libsmb/namequery.c:name_query(577) Got a positive name query response from 130.xx.xx.xx ( 130.xx.xx.xx ) Password: [2006/07/25 11:38:00, 3] libsmb/cliconnect.c:cli_start_connection(1417) Connecting to host=JAZZY [2006/07/25 11:38:00, 3] lib/util_sock.c:open_socket_out(874) Connecting to 130.xx.xx.xx at port 445 [2006/07/25 11:38:00, 3] libsmb/cliconnect.c:cli_session_setup_spnego(723) Doing spnego session setup (blob length=58) [2006/07/25 11:38:00, 3] libsmb/cliconnect.c:cli_session_setup_spnego(748) got OID=1 3 6 1 4 1 311 2 2 10 [2006/07/25 11:38:00, 3] libsmb/cliconnect.c:cli_session_setup_spnego(757) got principal=NONE [2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(941) Got challenge flags: [2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60890215 [2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(963) NTLMSSP: Set final flags: [2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080215 [2006/07/25 11:38:00, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/07/25 11:38:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080215 [2006/07/25 11:38:00, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine JAZZY pipe \lsarpc fnum 0x7622 bind request returned ok. [2006/07/25 11:38:00, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine JAZZY pipe \lsarpc fnum 0x7623 bind request returned ok. [2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 Failed to grant privileges for JAZZY\tech (NT_STATUS_ACCESS_DENIED) [2006/07/25 11:38:00, 1] utils/net_rpc.c:run_rpc_command(170) rpc command function failed! (NT_STATUS_ACCESS_DENIED) [2006/07/25 11:38:00, 2] utils/net.c:main(988) return code = 1 ----- What could be causing this error? The only thing that catches my eyes is the following.... [2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2006/07/25 11:38:00, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 Anyone have any pointers ? Thanks Paul
Gerald (Jerry) Carter
2006-Jul-25 17:38 UTC
[Samba] rpc command function failed! (NT_STATUS_ACCESS_DENIED) trying to grant privileges - 3.0.23a
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Griffith wrote:> Greetings, > > I am in the process of testing Samba 3.0.23a with our own passdb > plugin....> $ net -d 3 -S JAZZY rpc rights grant 'JAZZY\tech' > SeMachineAccountPrivilege...> Failed to grant privileges for JAZZY\tech (NT_STATUS_ACCESS_DENIED) > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > return code = 1 > ----- > > What could be causing this error? The only thing that > catches my eyes is the following.......> lsa_io_sec_qos: length c does not match size 8I think you need to look at the server logs and not the client logs to debug this. I'm pretty sure this error message is not the problem though. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFExlbnIR7qMdg1EfYRAkSMAJ9J4mTuaZ2UUJTVHoNloYX8ENEkggCg0Oa8 2chmrdstEM+3YhqQplJMINo=TrK+ -----END PGP SIGNATURE-----
Apparently Analagous Threads
- group mapping on a member server - winbindd and solaris 10
- Member server - group and user mapping with winbind
- NT_STATUS_ACCESS_DENIED on a directory I have permission to access
- Call timed out: server did not respond...
- SAMBA ADS integration - windows user account rights