samba - Jan 2016 - NT_STATUS_CONNECTION_REFUSED

On 27 January 2016 at 17:40, mathias dufresne <infractory at gmail.com>
wrote:
> Hi,
>
> Samba DC generates a krb5.conf into private directory, where the database
> is hold.
>
> Its content should be that:
> [libdefaults]
>         default_realm = SAMBA.DOMAIN.TLD
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>
> Should only as I get it from a forgotten test platform where I set
> dns_lookup_realm = true
>
> Cheers,
>
> mathias
>
Hi Mathias, this is a member server not a DC.
>
> 2016-01-27 2:03 GMT+01:00 Henry McLaughlin <henry at incred.com.au>:
>
>> On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org>
wrote:
>>
>> > On 26/01/16 20:54, Henry McLaughlin wrote:
>> >
>> >> [root at centos7member ~]# net rpc rights list accounts
>> >> -U'TESTING\administrator'
>> >> Enter TESTING\administrator's password:
>> >> Could not connect to server 127.0.0.1
>> >> Connection failed: NT_STATUS_CONNECTION_REFUSED
>> >> [root at centos7member ~]#
>> >>
>> >>
>> >>
>> > This looks like a dns problem, it is trying to connect to
localhost
>> > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf
>> >
>> > Rowland
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>>
>> [root at centos7pdc ~]# cat /etc/resolv.conf
>> search testing.domain.com.au
>> nameserver 192.168.1.10
>>
>> [root at centos7member ~]# cat /etc/krb5.conf
>> [logging]
>>  default = FILE:/var/log/krb5libs.log
>>  kdc = FILE:/var/log/krb5kdc.log
>>  admin_server = FILE:/var/log/kadmind.log
>>
>> [libdefaults]
>>  dns_lookup_realm = false
>>  ticket_lifetime = 24h
>>  renew_lifetime = 7d
>>  forwardable = true
>>  rdns = false
>> # default_realm = EXAMPLE.COM
>>  default_ccache_name = KEYRING:persistent:%{uid}
>>
>> [realms]
>> # EXAMPLE.COM = {
>> #  kdc = kerberos.example.com
>> #  admin_server = kerberos.example.com
>> # }
>>
>> [domain_realm]
>> # .example.com = EXAMPLE.COM
>> # example.com = EXAMPLE.COM
>>
>>
>> Looks like krb5.conf is unconfigured. Is there a Samba guide as to how
>> this
>> should be configured or a std template?
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

Use the same krb5.conf on members as on DC, no?

2016-01-27 7:42 GMT+01:00 Henry McLaughlin <henry at incred.com.au>:
> On 27 January 2016 at 17:40, mathias dufresne <infractory at
gmail.com>
> wrote:
>
> > Hi,
> >
> > Samba DC generates a krb5.conf into private directory, where the
database
> > is hold.
> >
> > Its content should be that:
> > [libdefaults]
> >         default_realm = SAMBA.DOMAIN.TLD
> >         dns_lookup_realm = false
> >         dns_lookup_kdc = true
> >
> > Should only as I get it from a forgotten test platform where I set
> > dns_lookup_realm = true
> >
> > Cheers,
> >
> > mathias
> >
>
> Hi Mathias, this is a member server not a DC.
>
> >
> > 2016-01-27 2:03 GMT+01:00 Henry McLaughlin <henry at
incred.com.au>:
> >
> >> On 27 January 2016 at 08:24, Rowland penny <rpenny at
samba.org> wrote:
> >>
> >> > On 26/01/16 20:54, Henry McLaughlin wrote:
> >> >
> >> >> [root at centos7member ~]# net rpc rights list accounts
> >> >> -U'TESTING\administrator'
> >> >> Enter TESTING\administrator's password:
> >> >> Could not connect to server 127.0.0.1
> >> >> Connection failed: NT_STATUS_CONNECTION_REFUSED
> >> >> [root at centos7member ~]#
> >> >>
> >> >>
> >> >>
> >> > This looks like a dns problem, it is trying to connect to
localhost
> >> > instead of your DC, check /etc/resolv.conf and /etc/krb5.conf
> >> >
> >> > Rowland
> >> >
> >> >
> >> > --
> >> > To unsubscribe from this list go to the following URL and
read the
> >> > instructions:  https://lists.samba.org/mailman/options/samba
> >> >
> >>
> >> [root at centos7pdc ~]# cat /etc/resolv.conf
> >> search testing.domain.com.au
> >> nameserver 192.168.1.10
> >>
> >> [root at centos7member ~]# cat /etc/krb5.conf
> >> [logging]
> >>  default = FILE:/var/log/krb5libs.log
> >>  kdc = FILE:/var/log/krb5kdc.log
> >>  admin_server = FILE:/var/log/kadmind.log
> >>
> >> [libdefaults]
> >>  dns_lookup_realm = false
> >>  ticket_lifetime = 24h
> >>  renew_lifetime = 7d
> >>  forwardable = true
> >>  rdns = false
> >> # default_realm = EXAMPLE.COM
> >>  default_ccache_name = KEYRING:persistent:%{uid}
> >>
> >> [realms]
> >> # EXAMPLE.COM = {
> >> #  kdc = kerberos.example.com
> >> #  admin_server = kerberos.example.com
> >> # }
> >>
> >> [domain_realm]
> >> # .example.com = EXAMPLE.COM
> >> # example.com = EXAMPLE.COM
> >>
> >>
> >> Looks like krb5.conf is unconfigured. Is there a Samba guide as to
how
> >> this
> >> should be configured or a std template?
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 27 January 2016 at 18:09, mathias dufresne <infractory at gmail.com>
wrote:
> Use the same krb5.conf on members as on DC, no?
>
> Tried... same error msg.
> 2016-01-27 7:42 GMT+01:00 Henry McLaughlin <henry at incred.com.au>:
>
>> On 27 January 2016 at 17:40, mathias dufresne <infractory at
gmail.com>
>> wrote:
>>
>> > Hi,
>> >
>> > Samba DC generates a krb5.conf into private directory, where the
>> database
>> > is hold.
>> >
>> > Its content should be that:
>> > [libdefaults]
>> >         default_realm = SAMBA.DOMAIN.TLD
>> >         dns_lookup_realm = false
>> >         dns_lookup_kdc = true
>> >
>> > Should only as I get it from a forgotten test platform where I set
>> > dns_lookup_realm = true
>> >
>> > Cheers,
>> >
>> > mathias
>> >
>>
>> Hi Mathias, this is a member server not a DC.
>>
>> >
>> > 2016-01-27 2:03 GMT+01:00 Henry McLaughlin <henry at
incred.com.au>:
>> >
>> >> On 27 January 2016 at 08:24, Rowland penny <rpenny at
samba.org> wrote:
>> >>
>> >> > On 26/01/16 20:54, Henry McLaughlin wrote:
>> >> >
>> >> >> [root at centos7member ~]# net rpc rights list
accounts
>> >> >> -U'TESTING\administrator'
>> >> >> Enter TESTING\administrator's password:
>> >> >> Could not connect to server 127.0.0.1
>> >> >> Connection failed: NT_STATUS_CONNECTION_REFUSED
>> >> >> [root at centos7member ~]#
>> >> >>
>> >> >>
>> >> >>
>> >> > This looks like a dns problem, it is trying to connect to
localhost
>> >> > instead of your DC, check /etc/resolv.conf and
/etc/krb5.conf
>> >> >
>> >> > Rowland
>> >> >
>> >> >
>> >> > --
>> >> > To unsubscribe from this list go to the following URL and
read the
>> >> > instructions: 
https://lists.samba.org/mailman/options/samba
>> >> >
>> >>
>> >> [root at centos7pdc ~]# cat /etc/resolv.conf
>> >> search testing.domain.com.au
>> >> nameserver 192.168.1.10
>> >>
>> >> [root at centos7member ~]# cat /etc/krb5.conf
>> >> [logging]
>> >>  default = FILE:/var/log/krb5libs.log
>> >>  kdc = FILE:/var/log/krb5kdc.log
>> >>  admin_server = FILE:/var/log/kadmind.log
>> >>
>> >> [libdefaults]
>> >>  dns_lookup_realm = false
>> >>  ticket_lifetime = 24h
>> >>  renew_lifetime = 7d
>> >>  forwardable = true
>> >>  rdns = false
>> >> # default_realm = EXAMPLE.COM
>> >>  default_ccache_name = KEYRING:persistent:%{uid}
>> >>
>> >> [realms]
>> >> # EXAMPLE.COM = {
>> >> #  kdc = kerberos.example.com
>> >> #  admin_server = kerberos.example.com
>> >> # }
>> >>
>> >> [domain_realm]
>> >> # .example.com = EXAMPLE.COM
>> >> # example.com = EXAMPLE.COM
>> >>
>> >>
>> >> Looks like krb5.conf is unconfigured. Is there a Samba guide
as to how
>> >> this
>> >> should be configured or a std template?
>> >> --
>> >> To unsubscribe from this list go to the following URL and read
the
>> >> instructions:  https://lists.samba.org/mailman/options/samba
>> >>
>> >
>> >
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>