Am Mittwoch, 29. Juni 2016, 10:56:02 schrieb Rowland penny:> On 29/06/16 10:33, Dr. Harry Knitter wrote: > > I'm setting up a new Samba 4 Domain on a Debian Jessie machine. > > The dc works. > > Now I'm trying to setup a fileserver following the samba wiki. > > winbind is running on both machines, getent and wbinfo show the users and > > groups of the domain. > > > > However, when I try > > net rpc rights list accounts -U"MYDOM\Administrator" > > Enter MYDOM\Administrator's password: > > Could not connect to server 127.0.0.1 > > The username or password was not correct. > > Connection failed: NT_STATUS_LOGON_FAILURE > > > > What's wrong? > > > > > > Greetings > > Harry > > Can you post /etc/resolv.conf and /etc/hosts from the domain member (or > as you call it, 'fileserver) > > RowlandThanks for your quick reply. /etc/resolv.conf points to the dc as a nameserver search mydom.lan nameserver IP.of.my.dc /etc/hosts 127.0.0.1 localhost xxx.xxx.xxx.xxx fs.mydom.lan fs # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters The IPs are correct Harry
On 29/06/16 11:27, Dr. Harry Knitter wrote:> Am Mittwoch, 29. Juni 2016, 10:56:02 schrieb Rowland penny: >> On 29/06/16 10:33, Dr. Harry Knitter wrote: >>> I'm setting up a new Samba 4 Domain on a Debian Jessie machine. >>> The dc works. >>> Now I'm trying to setup a fileserver following the samba wiki. >>> winbind is running on both machines, getent and wbinfo show the users and >>> groups of the domain. >>> >>> However, when I try >>> net rpc rights list accounts -U"MYDOM\Administrator" >>> Enter MYDOM\Administrator's password: >>> Could not connect to server 127.0.0.1 >>> The username or password was not correct. >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> What's wrong? >>> >>> >>> Greetings >>> Harry >> Can you post /etc/resolv.conf and /etc/hosts from the domain member (or >> as you call it, 'fileserver) >> >> Rowland > Thanks for your quick reply. > > /etc/resolv.conf points to the dc as a nameserver > > search mydom.lan > nameserver IP.of.my.dc > > /etc/hosts > 127.0.0.1 localhost > xxx.xxx.xxx.xxx fs.mydom.lan fs > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > The IPs are correct > > Harry > > >Nothing seems wrong there, my setup is similar (dhcp instead of your fixed ip) and when I run your command, I get this: rowland at devstation:~/programming/git/samba-master$ net rpc rights list accounts -U"SAMDOM\Administrator" Enter SAMDOM\Administrator's password: BUILTIN\Print Operators No privileges assigned .......................... ............... .... I take it the fileserver is joined to the domain, so what is in /etc/krb5.conf ? Is a firewall running ? What is in your smb.conf files, on the DC and fileserver ? Rowland
Hai Rowland, his setup is ok. Im guessing this has todo with your dhcp options or resolvconf settings or dhcpclient settings or nsswitch.conf resolv order is changes. Or did you change /etc/hosts.conf to bind,hosts Its one of the above ;-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: woensdag 29 juni 2016 12:40 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Authentication problem > > On 29/06/16 11:27, Dr. Harry Knitter wrote: > > Am Mittwoch, 29. Juni 2016, 10:56:02 schrieb Rowland penny: > >> On 29/06/16 10:33, Dr. Harry Knitter wrote: > >>> I'm setting up a new Samba 4 Domain on a Debian Jessie machine. > >>> The dc works. > >>> Now I'm trying to setup a fileserver following the samba wiki. > >>> winbind is running on both machines, getent and wbinfo show the users > and > >>> groups of the domain. > >>> > >>> However, when I try > >>> net rpc rights list accounts -U"MYDOM\Administrator" > >>> Enter MYDOM\Administrator's password: > >>> Could not connect to server 127.0.0.1 > >>> The username or password was not correct. > >>> Connection failed: NT_STATUS_LOGON_FAILURE > >>> > >>> What's wrong? > >>> > >>> > >>> Greetings > >>> Harry > >> Can you post /etc/resolv.conf and /etc/hosts from the domain member (or > >> as you call it, 'fileserver) > >> > >> Rowland > > Thanks for your quick reply. > > > > /etc/resolv.conf points to the dc as a nameserver > > > > search mydom.lan > > nameserver IP.of.my.dc > > > > /etc/hosts > > 127.0.0.1 localhost > > xxx.xxx.xxx.xxx fs.mydom.lan fs > > > > # The following lines are desirable for IPv6 capable hosts > > ::1 localhost ip6-localhost ip6-loopback > > ff02::1 ip6-allnodes > > ff02::2 ip6-allrouters > > > > The IPs are correct > > > > Harry > > > > > > > > Nothing seems wrong there, my setup is similar (dhcp instead of your > fixed ip) and when I run your command, I get this: > > rowland at devstation:~/programming/git/samba-master$ net rpc rights list > accounts -U"SAMDOM\Administrator" > Enter SAMDOM\Administrator's password: > BUILTIN\Print Operators > No privileges assigned > .......................... > ............... > .... > > I take it the fileserver is joined to the domain, so what is in > /etc/krb5.conf ? > Is a firewall running ? > What is in your smb.conf files, on the DC and fileserver ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 29/06/16 12:48, L.P.H. van Belle wrote:> Hai Rowland, his setup is ok. > > Im guessing this has todo with your dhcp options or resolvconf settings or dhcpclient settings or nsswitch.conf resolv order is changes. > Or did you change /etc/hosts.conf to bind,hosts > > Its one of the above ;-) > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny >> Verzonden: woensdag 29 juni 2016 12:40 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Authentication problem >> >> On 29/06/16 11:27, Dr. Harry Knitter wrote: >>> Am Mittwoch, 29. Juni 2016, 10:56:02 schrieb Rowland penny: >>>> On 29/06/16 10:33, Dr. Harry Knitter wrote: >>>>> I'm setting up a new Samba 4 Domain on a Debian Jessie machine. >>>>> The dc works. >>>>> Now I'm trying to setup a fileserver following the samba wiki. >>>>> winbind is running on both machines, getent and wbinfo show the users >> and >>>>> groups of the domain. >>>>> >>>>> However, when I try >>>>> net rpc rights list accounts -U"MYDOM\Administrator" >>>>> Enter MYDOM\Administrator's password: >>>>> Could not connect to server 127.0.0.1 >>>>> The username or password was not correct. >>>>> Connection failed: NT_STATUS_LOGON_FAILURE >>>>> >>>>> What's wrong? >>>>> >>>>> >>>>> Greetings >>>>> Harry >>>> Can you post /etc/resolv.conf and /etc/hosts from the domain member (or >>>> as you call it, 'fileserver) >>>> >>>> Rowland >>> Thanks for your quick reply. >>> >>> /etc/resolv.conf points to the dc as a nameserver >>> >>> search mydom.lan >>> nameserver IP.of.my.dc >>> >>> /etc/hosts >>> 127.0.0.1 localhost >>> xxx.xxx.xxx.xxx fs.mydom.lan fs >>> >>> # The following lines are desirable for IPv6 capable hosts >>> ::1 localhost ip6-localhost ip6-loopback >>> ff02::1 ip6-allnodes >>> ff02::2 ip6-allrouters >>> >>> The IPs are correct >>> >>> Harry >>> >>> >>> >> Nothing seems wrong there, my setup is similar (dhcp instead of your >> fixed ip) and when I run your command, I get this: >> >> rowland at devstation:~/programming/git/samba-master$ net rpc rights list >> accounts -U"SAMDOM\Administrator" >> Enter SAMDOM\Administrator's password: >> BUILTIN\Print Operators >> No privileges assigned >> .......................... >> ............... >> .... >> >> I take it the fileserver is joined to the domain, so what is in >> /etc/krb5.conf ? >> Is a firewall running ? >> What is in your smb.conf files, on the DC and fileserver ? >> >> Rowland >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >Cannot agree with you Louis, AD relies on DNS and as such, the net command should be able to find the DC by dns. My /etc/resolv.conf searches the domain and uses the DCs as nameservers, all there is in /etc/hosts (apart from ipv6 lines) is 127.0.0.1 localhost When I run the same command as the OP (just changing the domain) it works for me. I would still be interested in seeing the info I last asked for. Rowland
Ok, but you changed your hosts file :-p You removed 127.0.1.1 .. .. So now then, whats wrong here...>/etc/resolv.conf points to the dc as a nameserver > >search mydom.lan >nameserver IP.of.my.dc > >/etc/hosts >127.0.0.1 localhost >xxx.xxx.xxx.xxx fs.mydom.lan fs > ># The following lines are desirable for IPv6 capable hosts >::1 localhost ip6-localhost ip6-loopback >ff02::1 ip6-allnodes >ff02::2 ip6-allroutersNothing in my opinion. So a new big mistry.. Why does : net rpc rights list accounts -U"MYDOM\Administrator" work with dhcp and a /etc/hosts with only 127.0.0.1 in it. and why does a server with static ip errors net rpc rights list accounts -U"MYDOM\Administrator" Enter MYDOM\Administrator's password: Could not connect to server 127.0.0.1 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE While net rpc rights list accounts -U"MYDOM\Administrator" -S ADDC.MYDOMAIN.TLD work. A ping ADDC.MYDOMAIN.TLD works also. And a correct krb5.conf. cat /etc/krb5.conf [libdefaults] default_realm = ROTTERDAM.BAZUIN.NL dns_lookup_kdc = true and kinit Administrator works also.. Rowland can you show me your /etc/dhcp/dhclient.conf, and the result of the dhcp client. /var/lib/dhcp/dhclient.leases Can you try this again and add this to your hosts file.># The following lines are desirable for IPv6 capable hosts >::1 localhost ip6-localhost ip6-loopback >ff02::1 ip6-allnodes >ff02::2 ip6-allroutersAnd try it again also, lets see what happens.. I dont now whats the difference here. You know my setup but i have/had the same as the topic starter. Greetz, Louis> -----Oorspronkelijk bericht----- > > Cannot agree with you Louis, AD relies on DNS and as such, the net > command should be able to find the DC by dns. > > My /etc/resolv.conf searches the domain and uses the DCs as nameservers, > all there is in /etc/hosts (apart from ipv6 lines) is > > 127.0.0.1 localhost > > When I run the same command as the OP (just changing the domain) it > works for me. I would still be interested in seeing the info I last > asked for. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba