samba - Apr 2015 - Cannot authenticate the administrator account

On 22/04/15 17:25, Sketch wrote:
> On Wed, 22 Apr 2015, Mike wrote:
>
>> Something almost worked ----
>>
>> [root at a10 ~]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient 
>> //localhost/netlogon
>> -U Administrator -c 'ls'
>> Enter Administrator's password:
>> Anonymous login successful
>> Domain=[CONPAGO] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7]
>> tree connect failed: NT_STATUS_ACCESS_DENIED
>
> I noticed in your original email you are using rfc2307 extensions, but 
> there is nothing in your config about winbind.  AFAIK, "smbd"
(the
> samba file server) does not talk to the DC (the process named
"samba")
> directly, it uses system authentication.  So if getent passwd 
> Administrator does not work, you won't be able to log in. If you're
> using rfc2307 extensions rather than automatic mapping, you will have 
> to give the Administrator account a uid (and probably a gid for it's 
> primary group, as well), if you haven't already.
The OP is trying to authenticate on the samba4 AD DC, out of the box, 
without any mods, this is the only machine that you are guaranteed to 
get a response.

I also think that he is trying to run the DC on a dhcp client, not a 
good idea.

Rowland

Uggh, this is killing me.
/etc/resolv.conf:
search conpago.mwllc.info
nameserver 10.10.1.225


and the failures continue:


[root at a10 ~]# smbclient -L localhost -U%
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
[root at a10 ~]#  smbclient //localhost/netlogon -UAdministrator -c 'ls'
Enter Administrator's password:
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
[root at a10 ~]#

Somehow /var/run/samba got erased......I don't know how or why.
Recreated /var/run/samba and now:
 smbclient -L localhost -U%
Domain=[CONPAGO] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7]

        Sharename       Type      Comment
        ---------       ----      -------
        netlogon        Disk
        sysvol          Disk
        IPC$            IPC       IPC Service (Samba
4.1.17-SerNet-RedHat-11.el7)
Domain=[CONPAGO] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------


But same failure here:

 smbclient //localhost/netlogon -UAdministrator -c 'ls'
Enter Administrator's password:
session setup failed: NT_STATUS_LOGON_FAILURE
[root at a10 run]#