On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote:> On 26/01/16 20:54, Henry McLaughlin wrote: > >> [root at centos7member ~]# net rpc rights list accounts >> -U'TESTING\administrator' >> Enter TESTING\administrator's password: >> Could not connect to server 127.0.0.1 >> Connection failed: NT_STATUS_CONNECTION_REFUSED >> [root at centos7member ~]# >> >> >> > This looks like a dns problem, it is trying to connect to localhost > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >[root at centos7pdc ~]# cat /etc/resolv.conf search testing.domain.com.au nameserver 192.168.1.10 [root at centos7member ~]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM Looks like krb5.conf is unconfigured. Is there a Samba guide as to how this should be configured or a std template?
Hi,
Samba DC generates a krb5.conf into private directory, where the database
is hold.
Its content should be that:
[libdefaults]
default_realm = SAMBA.DOMAIN.TLD
dns_lookup_realm = false
dns_lookup_kdc = true
Should only as I get it from a forgotten test platform where I set
dns_lookup_realm = true
Cheers,
mathias
2016-01-27 2:03 GMT+01:00 Henry McLaughlin <henry at incred.com.au>:
> On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org>
wrote:
>
> > On 26/01/16 20:54, Henry McLaughlin wrote:
> >
> >> [root at centos7member ~]# net rpc rights list accounts
> >> -U'TESTING\administrator'
> >> Enter TESTING\administrator's password:
> >> Could not connect to server 127.0.0.1
> >> Connection failed: NT_STATUS_CONNECTION_REFUSED
> >> [root at centos7member ~]#
> >>
> >>
> >>
> > This looks like a dns problem, it is trying to connect to localhost
> > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf
> >
> > Rowland
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
> [root at centos7pdc ~]# cat /etc/resolv.conf
> search testing.domain.com.au
> nameserver 192.168.1.10
>
> [root at centos7member ~]# cat /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> dns_lookup_realm = false
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> rdns = false
> # default_realm = EXAMPLE.COM
> default_ccache_name = KEYRING:persistent:%{uid}
>
> [realms]
> # EXAMPLE.COM = {
> # kdc = kerberos.example.com
> # admin_server = kerberos.example.com
> # }
>
> [domain_realm]
> # .example.com = EXAMPLE.COM
> # example.com = EXAMPLE.COM
>
>
> Looks like krb5.conf is unconfigured. Is there a Samba guide as to how this
> should be configured or a std template?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 27 January 2016 at 17:40, mathias dufresne <infractory at gmail.com> wrote:> Hi, > > Samba DC generates a krb5.conf into private directory, where the database > is hold. > > Its content should be that: > [libdefaults] > default_realm = SAMBA.DOMAIN.TLD > dns_lookup_realm = false > dns_lookup_kdc = true > > Should only as I get it from a forgotten test platform where I set > dns_lookup_realm = true > > Cheers, > > mathias >Hi Mathias, this is a member server not a DC.> > 2016-01-27 2:03 GMT+01:00 Henry McLaughlin <henry at incred.com.au>: > >> On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote: >> >> > On 26/01/16 20:54, Henry McLaughlin wrote: >> > >> >> [root at centos7member ~]# net rpc rights list accounts >> >> -U'TESTING\administrator' >> >> Enter TESTING\administrator's password: >> >> Could not connect to server 127.0.0.1 >> >> Connection failed: NT_STATUS_CONNECTION_REFUSED >> >> [root at centos7member ~]# >> >> >> >> >> >> >> > This looks like a dns problem, it is trying to connect to localhost >> > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf >> > >> > Rowland >> > >> > >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba >> > >> >> [root at centos7pdc ~]# cat /etc/resolv.conf >> search testing.domain.com.au >> nameserver 192.168.1.10 >> >> [root at centos7member ~]# cat /etc/krb5.conf >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> dns_lookup_realm = false >> ticket_lifetime = 24h >> renew_lifetime = 7d >> forwardable = true >> rdns = false >> # default_realm = EXAMPLE.COM >> default_ccache_name = KEYRING:persistent:%{uid} >> >> [realms] >> # EXAMPLE.COM = { >> # kdc = kerberos.example.com >> # admin_server = kerberos.example.com >> # } >> >> [domain_realm] >> # .example.com = EXAMPLE.COM >> # example.com = EXAMPLE.COM >> >> >> Looks like krb5.conf is unconfigured. Is there a Samba guide as to how >> this >> should be configured or a std template? >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >
And please also do check hostname -s hostname -d hostname -f if you see somewhere 127.0.0.1 or incorrect hostname. Check /etc/hosts Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mathias dufresne > Verzonden: woensdag 27 januari 2016 7:40 > Aan: Henry McLaughlin > CC: samba > Onderwerp: Re: [Samba] NT_STATUS_CONNECTION_REFUSED > > Hi, > > Samba DC generates a krb5.conf into private directory, where the database > is hold. > > Its content should be that: > [libdefaults] > default_realm = SAMBA.DOMAIN.TLD > dns_lookup_realm = false > dns_lookup_kdc = true > > Should only as I get it from a forgotten test platform where I set > dns_lookup_realm = true > > Cheers, > > mathias > > 2016-01-27 2:03 GMT+01:00 Henry McLaughlin <henry at incred.com.au>: > > > On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote: > > > > > On 26/01/16 20:54, Henry McLaughlin wrote: > > > > > >> [root at centos7member ~]# net rpc rights list accounts > > >> -U'TESTING\administrator' > > >> Enter TESTING\administrator's password: > > >> Could not connect to server 127.0.0.1 > > >> Connection failed: NT_STATUS_CONNECTION_REFUSED > > >> [root at centos7member ~]# > > >> > > >> > > >> > > > This looks like a dns problem, it is trying to connect to localhost > > > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf > > > > > > Rowland > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > [root at centos7pdc ~]# cat /etc/resolv.conf > > search testing.domain.com.au > > nameserver 192.168.1.10 > > > > [root at centos7member ~]# cat /etc/krb5.conf > > [logging] > > default = FILE:/var/log/krb5libs.log > > kdc = FILE:/var/log/krb5kdc.log > > admin_server = FILE:/var/log/kadmind.log > > > > [libdefaults] > > dns_lookup_realm = false > > ticket_lifetime = 24h > > renew_lifetime = 7d > > forwardable = true > > rdns = false > > # default_realm = EXAMPLE.COM > > default_ccache_name = KEYRING:persistent:%{uid} > > > > [realms] > > # EXAMPLE.COM = { > > # kdc = kerberos.example.com > > # admin_server = kerberos.example.com > > # } > > > > [domain_realm] > > # .example.com = EXAMPLE.COM > > # example.com = EXAMPLE.COM > > > > > > Looks like krb5.conf is unconfigured. Is there a Samba guide as to how > this > > should be configured or a std template? > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 27/01/16 01:03, Henry McLaughlin wrote:> On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote: > >> On 26/01/16 20:54, Henry McLaughlin wrote: >> >>> [root at centos7member ~]# net rpc rights list accounts >>> -U'TESTING\administrator' >>> Enter TESTING\administrator's password: >>> Could not connect to server 127.0.0.1 >>> Connection failed: NT_STATUS_CONNECTION_REFUSED >>> [root at centos7member ~]# >>> >>> >>> >> This looks like a dns problem, it is trying to connect to localhost >> instead of your DC, check /etc/resolv.conf and /etc/krb5.conf >> >> Rowland >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > [root at centos7pdc ~]# cat /etc/resolv.conf > search testing.domain.com.au > nameserver 192.168.1.10 > > [root at centos7member ~]# cat /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > dns_lookup_realm = false > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > rdns = false > # default_realm = EXAMPLE.COM > default_ccache_name = KEYRING:persistent:%{uid} > > [realms] > # EXAMPLE.COM = { > # kdc = kerberos.example.com > # admin_server = kerberos.example.com > # } > > [domain_realm] > # .example.com = EXAMPLE.COM > # example.com = EXAMPLE.COM > > > Looks like krb5.conf is unconfigured. Is there a Samba guide as to how this > should be configured or a std template?OK, I missed this before: you have in smb.conf: username map = /etc/samba/user.map with the corresponding user.map !root = TESTING\Administrator TESTING\administrator you also posted: [root at centos7member ~]# getent passwd administrator administrator:*:10500:10513:Administrator:/home/administrator:/sbin/bash You are mapping Administrator to root, but have also given Administrator a uidNumber attribute (10500) I would suggest that you remove the uidNumber attribute (and any other rfc2307 attributes) from Administrators AD object and depend on the mapping instead. I am unsure if this will fix your problem, but it is a good place to start. Rowland
On 27 January 2016 at 20:27, Rowland penny <rpenny at samba.org> wrote:> On 27/01/16 01:03, Henry McLaughlin wrote: > >> On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote: >> >> On 26/01/16 20:54, Henry McLaughlin wrote: >>> >>> [root at centos7member ~]# net rpc rights list accounts >>>> -U'TESTING\administrator' >>>> Enter TESTING\administrator's password: >>>> Could not connect to server 127.0.0.1 >>>> Connection failed: NT_STATUS_CONNECTION_REFUSED >>>> [root at centos7member ~]# >>>> >>>> >>>> >>>> This looks like a dns problem, it is trying to connect to localhost >>> instead of your DC, check /etc/resolv.conf and /etc/krb5.conf >>> >>> Rowland >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> [root at centos7pdc ~]# cat /etc/resolv.conf >> search testing.domain.com.au >> nameserver 192.168.1.10 >> >> [root at centos7member ~]# cat /etc/krb5.conf >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> dns_lookup_realm = false >> ticket_lifetime = 24h >> renew_lifetime = 7d >> forwardable = true >> rdns = false >> # default_realm = EXAMPLE.COM >> default_ccache_name = KEYRING:persistent:%{uid} >> >> [realms] >> # EXAMPLE.COM = { >> # kdc = kerberos.example.com >> # admin_server = kerberos.example.com >> # } >> >> [domain_realm] >> # .example.com = EXAMPLE.COM >> # example.com = EXAMPLE.COM >> >> >> Looks like krb5.conf is unconfigured. Is there a Samba guide as to how >> this >> should be configured or a std template? >> > > OK, I missed this before: > > you have in smb.conf: > > username map = /etc/samba/user.map > > with the corresponding user.map > > !root = TESTING\Administrator TESTING\administrator > > you also posted: > > [root at centos7member ~]# getent passwd administrator > administrator:*:10500:10513:Administrator:/home/administrator:/sbin/bash > > You are mapping Administrator to root, but have also given Administrator a > uidNumber attribute (10500) > > I would suggest that you remove the uidNumber attribute (and any other > rfc2307 attributes) from Administrators AD object and depend on the mapping > instead. I am unsure if this will fix your problem, but it is a good place > to start. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Hi Rowland, I understood that idmap rid did not need me to assign UIDs & GIDs in ADUC as these were auto calculated based upon the sid. Accordingly I have assigned NO unix attributes in ADUC.
On 27 January 2016 at 20:16, L.P.H. van Belle <belle at bazuin.nl> wrote:> And please also do check > > hostname -s > hostname -d > hostname -f > > if you see somewhere 127.0.0.1 or incorrect hostname. > Check /etc/hosts > > Greetz, > > Louis > > All resolving correctly...> > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mathias > dufresne > > Verzonden: woensdag 27 januari 2016 7:40 > > Aan: Henry McLaughlin > > CC: samba > > Onderwerp: Re: [Samba] NT_STATUS_CONNECTION_REFUSED > > > > Hi, > > > > Samba DC generates a krb5.conf into private directory, where the database > > is hold. > > > > Its content should be that: > > [libdefaults] > > default_realm = SAMBA.DOMAIN.TLD > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > > Should only as I get it from a forgotten test platform where I set > > dns_lookup_realm = true > > > > Cheers, > > > > mathias > > > > 2016-01-27 2:03 GMT+01:00 Henry McLaughlin <henry at incred.com.au>: > > > > > On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote: > > > > > > > On 26/01/16 20:54, Henry McLaughlin wrote: > > > > > > > >> [root at centos7member ~]# net rpc rights list accounts > > > >> -U'TESTING\administrator' > > > >> Enter TESTING\administrator's password: > > > >> Could not connect to server 127.0.0.1 > > > >> Connection failed: NT_STATUS_CONNECTION_REFUSED > > > >> [root at centos7member ~]# > > > >> > > > >> > > > >> > > > > This looks like a dns problem, it is trying to connect to localhost > > > > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf > > > > > > > > Rowland > > > > > > > > > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > [root at centos7pdc ~]# cat /etc/resolv.conf > > > search testing.domain.com.au > > > nameserver 192.168.1.10 > > > > > > [root at centos7member ~]# cat /etc/krb5.conf > > > [logging] > > > default = FILE:/var/log/krb5libs.log > > > kdc = FILE:/var/log/krb5kdc.log > > > admin_server = FILE:/var/log/kadmind.log > > > > > > [libdefaults] > > > dns_lookup_realm = false > > > ticket_lifetime = 24h > > > renew_lifetime = 7d > > > forwardable = true > > > rdns = false > > > # default_realm = EXAMPLE.COM > > > default_ccache_name = KEYRING:persistent:%{uid} > > > > > > [realms] > > > # EXAMPLE.COM = { > > > # kdc = kerberos.example.com > > > # admin_server = kerberos.example.com > > > # } > > > > > > [domain_realm] > > > # .example.com = EXAMPLE.COM > > > # example.com = EXAMPLE.COM > > > > > > > > > Looks like krb5.conf is unconfigured. Is there a Samba guide as to how > > this > > > should be configured or a std template? > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >