I'm using centos 5.2 up-to-date with its latest samba 3.0.28-1.el5_2.1 running a Samba PDC with OpenLDAP as backend. Everything else works fine but somehow this command *(net rpc shutdown -t 10 -U root -S xp1 -d 1)* doesn't work and return this with debug level 1 [2008/07/05 19:30:11, 1] utils/net_rpc.c:rpc_init_shutdown_internals(5206) Shutdown of remote machine failed! [2008/07/05 19:30:11, 1] utils/net_rpc.c:run_rpc_command(170) rpc command function failed! (NT_STATUS_ACCESS_DENIED) [2008/07/05 19:30:11, 1] utils/net_rpc.c:rpc_shutdown(5303) initshutdown pipe failed, trying winreg pipe Shutdown of remote machine failed result was: WERR_ACCESS_DENIED [2008/07/05 19:30:11, 1] utils/net_rpc.c:run_rpc_command(170) rpc command function failed! (NT_STATUS_ACCESS_DENIED) I use the same setup on ubuntu 7.10 with its latest Samba 3.0.26 and this command works fine there. Any idea on what is wrong and how to fix it? Thuan Tran.
I seems to find out the problem by running the command "net rpc user info root" on my ubuntu box it returns *Domain Users Domain Admins * on my centos 5.2 box it only returns *Domain Users * I have checked the ldap tree on the centos box, user root is indeed in group 512 or "Domain Admins". Trying smbldap-usermod -G +512 root also says so. Using the command "net rap groupmember add 512 root" doesn't do anything. Or is it "net rap groupmember add "Domain Admins" root"? I tried both as I don't know for sure which is right and still no *Domain Admins *when calling "net rpc user info root". Creating a new user and add him to group 512 also yield the same result, no *Domain Admins *when calling "net rpc user info root". Any idea on what I did wrong or is it a well known problem as when I search for this *"net rpc shutdown" WERR_ACCESS_DENIED* on google it returns quite a few hits? I did find a workaround but it's far from elegant as I have to change "Force shutdown from a remote system" policy on every client machine. Please some expert shed some light on this. I'm new to Linux and even more new to Samba and LDAP. I'm desperated for knowledge on this problem. Thuan Tran P.S.: I changed my email address.