On 22/04/15 17:25, Sketch wrote:> On Wed, 22 Apr 2015, Mike wrote:
>
>> Something almost worked ----
>>
>> [root at a10 ~]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient
>> //localhost/netlogon
>> -U Administrator -c 'ls'
>> Enter Administrator's password:
>> Anonymous login successful
>> Domain=[CONPAGO] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7]
>> tree connect failed: NT_STATUS_ACCESS_DENIED
>
> I noticed in your original email you are using rfc2307 extensions, but
> there is nothing in your config about winbind. AFAIK, "smbd"
(the
> samba file server) does not talk to the DC (the process named
"samba")
> directly, it uses system authentication. So if getent passwd
> Administrator does not work, you won't be able to log in. If you're
> using rfc2307 extensions rather than automatic mapping, you will have
> to give the Administrator account a uid (and probably a gid for it's
> primary group, as well), if you haven't already.
The OP is trying to authenticate on the samba4 AD DC, out of the box,
without any mods, this is the only machine that you are guaranteed to
get a response.
I also think that he is trying to run the DC on a dhcp client, not a
good idea.
Rowland