Rowland Penny
2018-Feb-26 09:15 UTC
[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
On Mon, 26 Feb 2018 11:09:55 +0200 Arcadie Cracan <arcadiec at gmail.com> wrote:> Dear Rowland, > > This is the contents of the files: > > /etc/hostname: > lotus > > /etc/hosts: > > /etc/resolv.conf: > > > # > > netstat -tlnp > > /etc/krb5.conf: > > > /etc/samba/smb.conf:Hmm, either something went wrong with your cut & paste or your set up is extremely borked ;-) Want to try again. Rowland
Arcadie Cracan
2018-Feb-26 09:30 UTC
[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
Dear Rowland, Indeed. Guess my KMail client is playing with me. I disabled HTML formatting. Here is the info again: /etc/hostname: lotus /etc/hosts: 127.0.0.1 localhost 192.168.1.254 lotus.intra.dam-application.ro lotus /etc/resolv.conf: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 search intra.dam-application.ro # The following lines are desirable for IPv6 capable hosts #::1 localhost ip6-localhost ip6-loopback #ff02::1 ip6-allnodes #ff02::2 ip6-allrouters # netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 12415/samba tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1114/postgres tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 12101/named tcp 0 0 127.0.0.1:5433 0.0.0.0:* LISTEN 1113/postgres tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1109/master tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1186/apache2 tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 12413/samba tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 12411/smbd tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 12409/samba tcp 0 0 0.0.0.0:1025 0.0.0.0:* LISTEN 12409/samba tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 780/dovecot tcp 0 0 0.0.0.0:39747 0.0.0.0:* LISTEN 983/beam.smp tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 12413/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 12413/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 12413/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 12409/samba tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 12411/smbd tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1109/master tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 752/sshd tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 780/dovecot tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 717/rpcbind tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 12415/samba tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1186/apache2 tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1109/master tcp 0 0 192.168.1.254:53 0.0.0.0:* LISTEN 12101/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 12101/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 725/sshd tcp6 0 0 :::88 :::* LISTEN 12415/samba tcp6 0 0 :::25 :::* LISTEN 1109/master tcp6 0 0 :::636 :::* LISTEN 12413/samba tcp6 0 0 :::445 :::* LISTEN 12411/smbd tcp6 0 0 :::1024 :::* LISTEN 12409/samba tcp6 0 0 :::5280 :::* LISTEN 983/beam.smp tcp6 0 0 :::1025 :::* LISTEN 12409/samba tcp6 0 0 :::993 :::* LISTEN 780/dovecot tcp6 0 0 :::3268 :::* LISTEN 12413/samba tcp6 0 0 :::3269 :::* LISTEN 12413/samba tcp6 0 0 :::389 :::* LISTEN 12413/samba tcp6 0 0 :::5222 :::* LISTEN 983/beam.smp tcp6 0 0 :::135 :::* LISTEN 12409/samba tcp6 0 0 :::587 :::* LISTEN 1109/master tcp6 0 0 :::139 :::* LISTEN 12411/smbd tcp6 0 0 :::2222 :::* LISTEN 752/sshd tcp6 0 0 :::143 :::* LISTEN 780/dovecot tcp6 0 0 :::111 :::* LISTEN 717/rpcbind tcp6 0 0 :::464 :::* LISTEN 12415/samba tcp6 0 0 :::465 :::* LISTEN 1109/master tcp6 0 0 :::4369 :::* LISTEN 1/init tcp6 0 0 :::5269 :::* LISTEN 983/beam.smp tcp6 0 0 :::22 :::* LISTEN 725/sshd /etc/krb5.conf: [libdefaults] default_realm = INTRA.DAM-APPLICATION.RO dns_lookup_realm = false dns_lookup_kdc = true /etc/samba/smb.conf: # Global parameters [global] workgroup = DAM realm = INTRA.DAM-APPLICATION.RO netbios name = LOTUS server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes # Default idmap config used for BUILTIN and local accounts/groups idmap config *:backend = tdb idmap config *:range = 2000-9999 # idmap config for domain INTRA idmap config INTRA:backend = ad idmap config INTRA:schema_mode = rfc2307 idmap config INTRA:range = 10000-99999 # Use settings from AD for login shell and home directory winbind nss info = rfc2307 tls enabled = yes tls keyfile = tls/lotus.intra.dam-application.ro.key.pem tls certfile = tls/lotus.intra.dam-application.ro.cert.pem tls cafile = tls/ca.cert.pem log level = 3 [netlogon] path = /var/lib/samba/sysvol/intra.dam-application.ro/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [home] path = /home/samba read only = No [docs] path = /var/lib/samba/servershares/docs read only = No [scan] path = /var/lib/samba/servershares/scan read only = No available = yes browsable = yes public = yes guest ok = yes create mask = 0666 directory mask = 0777 [tmpshare] path = /var/lib/samba/servershares/tmpshare read only = No [software] path = /var/lib/samba/servershares/software read only = No Kind regards, Arcadie Cracan În ziua de luni, 26 februarie 2018, la 11:15:09 EET, Rowland Penny via samba a scris:> On Mon, 26 Feb 2018 11:09:55 +0200 > > Arcadie Cracan <arcadiec at gmail.com> wrote: > > Dear Rowland, > > > > This is the contents of the files: > > > > /etc/hostname: > > lotus > > > > /etc/hosts: > > > > /etc/resolv.conf: > > # > > > > netstat -tlnp > > > > /etc/krb5.conf: > > > /etc/samba/smb.conf: > Hmm, either something went wrong with your cut & paste or your set up > is extremely borked ;-) > > Want to try again. > > Rowland
Rowland Penny
2018-Feb-26 09:49 UTC
[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
On Mon, 26 Feb 2018 11:30:58 +0200 Arcadie Cracan <arcadiec at gmail.com> wrote:> /etc/samba/smb.conf: > # Global parameters > [global] > workgroup = DAM > realm = INTRA.DAM-APPLICATION.RO > netbios name = LOTUS > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yesEverything above looks okay and it also shows you are using Bind9, so can you post the contents of the various named.conf files.> > # Default idmap config used for BUILTIN and local > accounts/groups idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > # idmap config for domain INTRA > idmap config INTRA:backend = ad > idmap config INTRA:schema_mode = rfc2307 > idmap config INTRA:range = 10000-99999 > > # Use settings from AD for login shell and home directory > winbind nss info = rfc2307You might as well remove the above lines, they do not work on a DC, they never did and anyway 'INTRA' should be 'DAM' if they did work. In fact they may be your problem. Rowland
Possibly Parallel Threads
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"