[root at centos7member ~]# net rpc rights list accounts -U'TESTING\administrator' Enter TESTING\administrator's password: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_CONNECTION_REFUSED [root at centos7member ~]# [root at centos7member ~]# cat /etc/samba/smb.conf [global] netbios name = centos7member security = ADS workgroup = TESTING realm = TESTING.DOMAIN.COM.AU log file = /var/log/samba/%m.log log level = 1 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes # Important: The ranges of the default (*) idmap config # and the domain(s) must not overlap! # Default idmap config used for BUILTIN and local accounts/groups idmap config *:backend = tdb idmap config *:range = 2000-9999 # idmap config for domain TESTING idmap config TESTING:backend = rid idmap config TESTING:range = 10000-99999 # Use template settings for login shell and home directory winbind nss info = template template shell = /sbin/bash template homedir = /home/%U vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes username map = /etc/samba/user.map [root at centos7member ~]# [root at centos7member ~]# cat /etc/samba/user.map !root = TESTING\Administrator TESTING\administrator [root at centos7member ~]# [root at centos7member ~]# getent passwd administrator administrator:*:10500:10513:Administrator:/home/administrator:/sbin/bash [root at centos7member ~]# [root at centos7member ~]# net ads leave -U'TESTING\administrator' Enter TESTING\administrator's password: Deleted account for 'CENTOS7MEMBER' in realm 'TESTING.DOMAIN.COM.AU' [root at centos7member ~]# net ads join -U'TESTING\administrator' Enter TESTING\administrator's password: Using short domain name -- TESTING Joined 'CENTOS7MEMBER' to dns domain 'testing.domain.com.au' [root at centos7member ~]# net ads testjoin Join is OK [root at centos7member ~]#
On 26/01/16 20:54, Henry McLaughlin wrote:> [root at centos7member ~]# net rpc rights list accounts > -U'TESTING\administrator' > Enter TESTING\administrator's password: > Could not connect to server 127.0.0.1 > Connection failed: NT_STATUS_CONNECTION_REFUSED > [root at centos7member ~]# > >This looks like a dns problem, it is trying to connect to localhost instead of your DC, check /etc/resolv.conf and /etc/krb5.conf Rowland
On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote:> On 26/01/16 20:54, Henry McLaughlin wrote: > >> [root at centos7member ~]# net rpc rights list accounts >> -U'TESTING\administrator' >> Enter TESTING\administrator's password: >> Could not connect to server 127.0.0.1 >> Connection failed: NT_STATUS_CONNECTION_REFUSED >> [root at centos7member ~]# >> >> >> > This looks like a dns problem, it is trying to connect to localhost > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >[root at centos7pdc ~]# cat /etc/resolv.conf search testing.domain.com.au nameserver 192.168.1.10 [root at centos7member ~]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM Looks like krb5.conf is unconfigured. Is there a Samba guide as to how this should be configured or a std template?