[root at centos7member ~]# net rpc rights list accounts
-U'TESTING\administrator'
Enter TESTING\administrator's password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED
[root at centos7member ~]#
[root at centos7member ~]# cat /etc/samba/smb.conf
[global]
netbios name = centos7member
security = ADS
workgroup = TESTING
realm = TESTING.DOMAIN.COM.AU
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
# Important: The ranges of the default (*) idmap config
# and the domain(s) must not overlap!
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain TESTING
idmap config TESTING:backend = rid
idmap config TESTING:range = 10000-99999
# Use template settings for login shell and home directory
winbind nss info = template
template shell = /sbin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
username map = /etc/samba/user.map
[root at centos7member ~]#
[root at centos7member ~]# cat /etc/samba/user.map
!root = TESTING\Administrator TESTING\administrator
[root at centos7member ~]#
[root at centos7member ~]# getent passwd administrator
administrator:*:10500:10513:Administrator:/home/administrator:/sbin/bash
[root at centos7member ~]#
[root at centos7member ~]# net ads leave -U'TESTING\administrator'
Enter TESTING\administrator's password:
Deleted account for 'CENTOS7MEMBER' in realm
'TESTING.DOMAIN.COM.AU'
[root at centos7member ~]# net ads join -U'TESTING\administrator'
Enter TESTING\administrator's password:
Using short domain name -- TESTING
Joined 'CENTOS7MEMBER' to dns domain 'testing.domain.com.au'
[root at centos7member ~]# net ads testjoin
Join is OK
[root at centos7member ~]#
On 26/01/16 20:54, Henry McLaughlin wrote:> [root at centos7member ~]# net rpc rights list accounts > -U'TESTING\administrator' > Enter TESTING\administrator's password: > Could not connect to server 127.0.0.1 > Connection failed: NT_STATUS_CONNECTION_REFUSED > [root at centos7member ~]# > >This looks like a dns problem, it is trying to connect to localhost instead of your DC, check /etc/resolv.conf and /etc/krb5.conf Rowland
On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote:> On 26/01/16 20:54, Henry McLaughlin wrote: > >> [root at centos7member ~]# net rpc rights list accounts >> -U'TESTING\administrator' >> Enter TESTING\administrator's password: >> Could not connect to server 127.0.0.1 >> Connection failed: NT_STATUS_CONNECTION_REFUSED >> [root at centos7member ~]# >> >> >> > This looks like a dns problem, it is trying to connect to localhost > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >[root at centos7pdc ~]# cat /etc/resolv.conf search testing.domain.com.au nameserver 192.168.1.10 [root at centos7member ~]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM Looks like krb5.conf is unconfigured. Is there a Samba guide as to how this should be configured or a std template?