Rowland Penny
2018-Feb-26 09:15 UTC
[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
On Mon, 26 Feb 2018 11:09:55 +0200 Arcadie Cracan <arcadiec at gmail.com> wrote:> Dear Rowland, > > This is the contents of the files: > > /etc/hostname: > lotus > > /etc/hosts: > > /etc/resolv.conf: > > > # > > netstat -tlnp > > /etc/krb5.conf: > > > /etc/samba/smb.conf:Hmm, either something went wrong with your cut & paste or your set up is extremely borked ;-) Want to try again. Rowland
Arcadie Cracan
2018-Feb-26 09:30 UTC
[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
Dear Rowland,
Indeed. Guess my KMail client is playing with me. I disabled HTML formatting.
Here is the info again:
/etc/hostname:
lotus
/etc/hosts:
127.0.0.1 localhost
192.168.1.254 lotus.intra.dam-application.ro lotus
/etc/resolv.conf:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search intra.dam-application.ro
# The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
# netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN
12415/samba
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
1114/postgres
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
12101/named
tcp 0 0 127.0.0.1:5433 0.0.0.0:* LISTEN
1113/postgres
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
1109/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
1186/apache2
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN
12413/samba
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
12411/smbd
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN
12409/samba
tcp 0 0 0.0.0.0:1025 0.0.0.0:* LISTEN
12409/samba
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
780/dovecot
tcp 0 0 0.0.0.0:39747 0.0.0.0:* LISTEN
983/beam.smp
tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN
12413/samba
tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN
12413/samba
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
12413/samba
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN
12409/samba
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
12411/smbd
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
1109/master
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN
752/sshd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
780/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
717/rpcbind
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN
12415/samba
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
1186/apache2
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
1109/master
tcp 0 0 192.168.1.254:53 0.0.0.0:* LISTEN
12101/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
12101/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
725/sshd
tcp6 0 0 :::88 :::* LISTEN
12415/samba
tcp6 0 0 :::25 :::* LISTEN
1109/master
tcp6 0 0 :::636 :::* LISTEN
12413/samba
tcp6 0 0 :::445 :::* LISTEN
12411/smbd
tcp6 0 0 :::1024 :::* LISTEN
12409/samba
tcp6 0 0 :::5280 :::* LISTEN
983/beam.smp
tcp6 0 0 :::1025 :::* LISTEN
12409/samba
tcp6 0 0 :::993 :::* LISTEN
780/dovecot
tcp6 0 0 :::3268 :::* LISTEN
12413/samba
tcp6 0 0 :::3269 :::* LISTEN
12413/samba
tcp6 0 0 :::389 :::* LISTEN
12413/samba
tcp6 0 0 :::5222 :::* LISTEN
983/beam.smp
tcp6 0 0 :::135 :::* LISTEN
12409/samba
tcp6 0 0 :::587 :::* LISTEN
1109/master
tcp6 0 0 :::139 :::* LISTEN
12411/smbd
tcp6 0 0 :::2222 :::* LISTEN
752/sshd
tcp6 0 0 :::143 :::* LISTEN
780/dovecot
tcp6 0 0 :::111 :::* LISTEN
717/rpcbind
tcp6 0 0 :::464 :::* LISTEN
12415/samba
tcp6 0 0 :::465 :::* LISTEN
1109/master
tcp6 0 0 :::4369 :::* LISTEN
1/init
tcp6 0 0 :::5269 :::* LISTEN
983/beam.smp
tcp6 0 0 :::22 :::* LISTEN
725/sshd
/etc/krb5.conf:
[libdefaults]
default_realm = INTRA.DAM-APPLICATION.RO
dns_lookup_realm = false
dns_lookup_kdc = true
/etc/samba/smb.conf:
# Global parameters
[global]
workgroup = DAM
realm = INTRA.DAM-APPLICATION.RO
netbios name = LOTUS
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain INTRA
idmap config INTRA:backend = ad
idmap config INTRA:schema_mode = rfc2307
idmap config INTRA:range = 10000-99999
# Use settings from AD for login shell and home directory
winbind nss info = rfc2307
tls enabled = yes
tls keyfile = tls/lotus.intra.dam-application.ro.key.pem
tls certfile = tls/lotus.intra.dam-application.ro.cert.pem
tls cafile = tls/ca.cert.pem
log level = 3
[netlogon]
path = /var/lib/samba/sysvol/intra.dam-application.ro/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[home]
path = /home/samba
read only = No
[docs]
path = /var/lib/samba/servershares/docs
read only = No
[scan]
path = /var/lib/samba/servershares/scan
read only = No
available = yes
browsable = yes
public = yes
guest ok = yes
create mask = 0666
directory mask = 0777
[tmpshare]
path = /var/lib/samba/servershares/tmpshare
read only = No
[software]
path = /var/lib/samba/servershares/software
read only = No
Kind regards,
Arcadie Cracan
În ziua de luni, 26 februarie 2018, la 11:15:09 EET, Rowland Penny via samba a
scris:> On Mon, 26 Feb 2018 11:09:55 +0200
>
> Arcadie Cracan <arcadiec at gmail.com> wrote:
> > Dear Rowland,
> >
> > This is the contents of the files:
> >
> > /etc/hostname:
> > lotus
> >
> > /etc/hosts:
> >
> > /etc/resolv.conf:
> > #
> >
> > netstat -tlnp
> >
> > /etc/krb5.conf:
>
> > /etc/samba/smb.conf:
> Hmm, either something went wrong with your cut & paste or your set up
> is extremely borked ;-)
>
> Want to try again.
>
> Rowland
Rowland Penny
2018-Feb-26 09:49 UTC
[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
On Mon, 26 Feb 2018 11:30:58 +0200 Arcadie Cracan <arcadiec at gmail.com> wrote:> /etc/samba/smb.conf: > # Global parameters > [global] > workgroup = DAM > realm = INTRA.DAM-APPLICATION.RO > netbios name = LOTUS > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yesEverything above looks okay and it also shows you are using Bind9, so can you post the contents of the various named.conf files.> > # Default idmap config used for BUILTIN and local > accounts/groups idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > # idmap config for domain INTRA > idmap config INTRA:backend = ad > idmap config INTRA:schema_mode = rfc2307 > idmap config INTRA:range = 10000-99999 > > # Use settings from AD for login shell and home directory > winbind nss info = rfc2307You might as well remove the above lines, they do not work on a DC, they never did and anyway 'INTRA' should be 'DAM' if they did work. In fact they may be your problem. Rowland
Maybe Matching Threads
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
- smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"