Douglas G. Oechsler
2020-Jul-13 12:13 UTC
[Samba] net rpc rights grant fail to connect 127.0.0.1
Hello! I am trying to do the command: *net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U "SAMDOM\administrator"* *could not connect to server 127.0.0.1* *connection failed: NT_STATUS_CONNECTION_REFUSED* All steps from original samba wiki. The distro is Opensuse 15.1 64 bits, on Oracle VM, static IP. I did read several blogs, docs, samba mailing list. Trying many configurations to solve or connect AD-DC. *some steps: ad-dc* in smb.conf: bind interfaces only = yes interfaces = lo eth0 dns forwarder = IP-AD-DC DNS after command *systemctl status samba-ad-dc* jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800684, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: Traceback (most recent call last): jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800882, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 56, in <module> jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800934, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: import dns.resolver jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800972, 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: ModuleNotFoundError: No module named 'dns' jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.818318, 0] ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done) jul 13 08:58:09 dclinux samba[2146]: * dnsupdate_nameupdate_done: Failed DNS update with exit code 1* I am lost and do not know what to do. Please, someone can help me? Thanks so much Douglas
Rowland penny
2020-Jul-13 12:35 UTC
[Samba] net rpc rights grant fail to connect 127.0.0.1
On 13/07/2020 13:13, Douglas G. Oechsler via samba wrote:> Hello! > > I am trying to do the command: > *net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U > "SAMDOM\administrator"* > *could not connect to server 127.0.0.1* > *connection failed: NT_STATUS_CONNECTION_REFUSED* > > All steps from original samba wiki. The distro is Opensuse 15.1 64 bits, on > Oracle VM, static IP. > I did read several blogs, docs, samba mailing list. Trying many > configurations to solve or connect AD-DC. > > *some steps: ad-dc* > in smb.conf: > bind interfaces only = yes > interfaces = lo eth0 > dns forwarder = IP-AD-DC DNS >Did you use the distro packages to provision domain ? If so, you are probably using MIT for the kdc and this is experimental and should not be used in production. Can you post the contents of the following files: /etc/hostname /etc/hosts /etc/resolv.conf /etc/krb5.conf /etc/samba/smb.conf Also, if you are using Bind9, the bind9 conf files. Rowland
L.P.H. van Belle
2020-Jul-13 12:49 UTC
[Samba] net rpc rights grant fail to connect 127.0.0.1
(Ah, just finish my message and Rowland also mosted. Well, see this as extra info ) This "should" not be needed. Run this : https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivileges.sh bash samba-check-SePrivileges.sh And you see all default settings. And you should see: (everyhere) but i picked SeDiskOperatorPrivilege as example SeDiskOperatorPrivilege: BUILTIN\Administrators "DOMAIN\Domain Admins" is by default a member of "BUILTIN\Administrators" So im wondering why you need "SAMDOM\Unix Admins" to SeDiskOperatorPrivilege When you can add "SAMDOM\Unix Admins" to the windows group "DOMAIN\Domain Admins" With the same result in the end. Unix admin having rights like "dom admins" So can you explain it a bit why you want to set it? there might also be a good reason to. But i dont know if thats the case. Also, to the source source of this. "could not connect to server 127.0.0.1 connection failed: NT_STATUS_CONNECTION_REFUSED" I see your running the AD-DC as fileserver. Then you cant use the "net" command. Can you post the output of : /etc/hosts /etc/resolv.conf /etc/krb5.conf /etc/nsswitch.conf /etc/idmapd.conf (if exists) ip a hostname -f hostname -d hostname -s hostname -i hostname -I And offcourse the smb.conf Last the ipnummers of your AD-DC, if i was wrong im my asumption above that this is the AD-DC. That should give us all we need to know. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Douglas G. Oechsler via samba > Verzonden: maandag 13 juli 2020 14:13 > Aan: samba at lists.samba.org > Onderwerp: [Samba] net rpc rights grant fail to connect 127.0.0.1 > > Hello! > > I am trying to do the command: > *net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U > "SAMDOM\administrator"* > *could not connect to server 127.0.0.1* > *connection failed: NT_STATUS_CONNECTION_REFUSED* > > All steps from original samba wiki. The distro is Opensuse > 15.1 64 bits, on > Oracle VM, static IP. > I did read several blogs, docs, samba mailing list. Trying many > configurations to solve or connect AD-DC. > > *some steps: ad-dc* > in smb.conf: > bind interfaces only = yes > interfaces = lo eth0 > dns forwarder = IP-AD-DC DNS > > after command *systemctl status samba-ad-dc* > > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800684, 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]: > /usr/sbin/samba_dnsupdate: Traceback > (most recent call last): > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800882, 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]: > /usr/sbin/samba_dnsupdate: File > "/usr/sbin/samba_dnsupdate", line 56, in <module> > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800934, 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: > import dns.resolver > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800972, 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: > ModuleNotFoundError: No module named 'dns' > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.818318, 0] > ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done) > jul 13 08:58:09 dclinux samba[2146]: * > dnsupdate_nameupdate_done: Failed > DNS update with exit code 1* > > I am lost and do not know what to do. > > Please, someone can help me? > > Thanks so much > > Douglas > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Douglas G. Oechsler
2020-Jul-13 13:06 UTC
[Samba] net rpc rights grant fail to connect 127.0.0.1
Em seg., 13 de jul. de 2020 ?s 09:36, Rowland penny via samba < samba at lists.samba.org> escreveu:> On 13/07/2020 13:13, Douglas G. Oechsler via samba wrote: > > Hello! > > > > I am trying to do the command: > > *net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U > > "SAMDOM\administrator"* > > *could not connect to server 127.0.0.1* > > *connection failed: NT_STATUS_CONNECTION_REFUSED* > > > > All steps from original samba wiki. The distro is Opensuse 15.1 64 bits, > on > > Oracle VM, static IP. > > I did read several blogs, docs, samba mailing list. Trying many > > configurations to solve or connect AD-DC. > > > > *some steps: ad-dc* > > in smb.conf: > > bind interfaces only = yes > > interfaces = lo eth0 > > dns forwarder = IP-AD-DC DNS > > > Did you use the distro packages to provision domain ? >Yes! I add repo opensuse samba-ad-dc from https://software.opensuse.org/package/samba-ad-dc> If so, you are probably using MIT for the kdc and this is experimental > and should not be used in production. >Oh right!> > Can you post the contents of the following files: >Yes, from ad-dc> > /etc/hostname >dclinux:/etc/samba # hostname dclinux> /etc/hostscat hosts # IP-Address Full-Qualified-Hostname Short-Hostname # 127.0.0.1 localhost 10.1.1.21 DCLINUX.ad.mydomain.br DCLINUX # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 10.1.1.21 install> > /etc/resolv.conf >search ad.mydomain.br nameserver 8.8.8.8 nameserver 200.x.x.x nameserver 200.x.x.x> > /etc/krb5.conf > >[libdefaults] default_realm = AD.MYDOMAIN.BR dns_lookup_realm = false dns_lookup_kdc = true> /etc/samba/smb.conf ># Global parameters [global] dns forwarder = 200.x.x.x 10.1.1.21 bind interfaces only = yes interfaces = lo eth0 netbios name = DCLINUX realm = AD.MYDOMAIN.BR server role = active directory domain controller workgroup = MYDOMAIN idmap_ldb:use rfc2307 = yes [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/ad.mydomain.br/scripts read only = No> Also, if you are using Bind9, the bind9 conf files. > > No, not using Bind9Thank you!> Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >--
Douglas G. Oechsler
2020-Jul-13 14:29 UTC
[Samba] net rpc rights grant fail to connect 127.0.0.1
Hello LPH Em seg., 13 de jul. de 2020 ?s 09:50, L.P.H. van Belle via samba < samba at lists.samba.org> escreveu:> (Ah, just finish my message and Rowland also mosted. Well, see this as > extra info ) > > This "should" not be needed. > > Run this : > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivileges.sh > bash samba-check-SePrivileges.sh > And you see all default settings. > >the answer: The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE Could not connect to server E-PLANO.ad.mydomain.br Other credential caches present, use -A to destroy all> And you should see: (everyhere) but i picked SeDiskOperatorPrivilege as > example > > SeDiskOperatorPrivilege: > BUILTIN\Administrators > > "DOMAIN\Domain Admins" is by default a member of "BUILTIN\Administrators" > > So im wondering why you need "SAMDOM\Unix Admins" to > SeDiskOperatorPrivilege > When you can add "SAMDOM\Unix Admins" to the windows group "DOMAIN\Domain > Admins" > With the same result in the end. Unix admin having rights like "dom > admins" > > Yes, you are right about observation. I am only follow the samba wiki> > So can you explain it a bit why you want to set it? there might also be a > good reason to. > But i dont know if thats the case. > > You told all> Also, to the source source of this. > "could not connect to server 127.0.0.1 connection failed: > NT_STATUS_CONNECTION_REFUSED" > > I see your running the AD-DC as fileserver. > Then you cant use the "net" command. > > NO! I am trying to do the command from Member AD and after it will be ADfile server *Is the command on the AD-DC server side?*> Can you post the output of : >*From Member AD*> */etc/hosts* >127.0.0.1 localhost 10.1.1.21 E-PLANO.ad.mydomain.br e-plano # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts> */etc/resolv.conf * >search AD.MYDOMAIN.BR nameserver 10.1.1.21 nameserver 200.X.X.X> */etc/krb5.conf * >[libdefaults] default_realm = AD.MYDOMAIN.BR dns_lookup_realm = false dns_lookup_kdc = true> */etc/nsswitch.conf* >#passwd: compat winbind passwd: files winbind #group: compat winbind group: files winbind shadow: compat #hosts: files mdns_minimal [NOTFOUND=return] dns hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files> */etc/idmapd.conf (if exists)* >[General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nobody> *ip a * >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:ad:ab:9c brd ff:ff:ff:ff:ff:ff inet 10.1.1.16/24 brd 10.1.1.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::542f:faae:915d:db4c/64 scope link noprefixroute valid_lft forever preferred_lft forever> *hostname -f*E-PLANO.ad.mydomain.br> > *hostname -d*ad.mydomain.br> *hostname -s*e-plano> *hostname -i *10.1.1.21> > * hostname -I*10.1.1.16> > And offcourse the smb.conf# Global parameters [global] bind interfaces only = Yes dedicated keytab file = /etc/krb5.keytab interfaces = lo eth0 kerberos method = secrets and keytab log file = /var/log/samba/%m.log realm = AD.MYDOMAIN.BR security = ADS template homedir = /home/%U template shell = /bin/bash username map = /etc/samba/etc/user.map winbind refresh tickets = Yes winbind use default domain = Yes workgroup = MYDOMAIN idmap config mydomain:unix_primary_group = yes idmap config mydomain:unix_nss_info = yes idmap config mydomain:range = 10000-999999 idmap config mydomain:schema_mode = rfc2307 idmap config mydomain:backend = ad idmap config * : range = 3000-7999 idmap config * : backend = tdb map acl inherit = Yes vfs objects = acl_xattr [eplano] path = /srv/eplano read only = No> Last the ipnummers of your AD-DC, if i was wrong im my asumption above > that this is the AD-DC. > That should give us all we need to know. > > Greetz, > > Louis > > Thanks attention >Douglas> > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Douglas G. Oechsler via samba > > Verzonden: maandag 13 juli 2020 14:13 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] net rpc rights grant fail to connect 127.0.0.1 > > > > Hello! > > > > I am trying to do the command: > > *net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U > > "SAMDOM\administrator"* > > *could not connect to server 127.0.0.1* > > *connection failed: NT_STATUS_CONNECTION_REFUSED* > > > > All steps from original samba wiki. The distro is Opensuse > > 15.1 64 bits, on > > Oracle VM, static IP. > > I did read several blogs, docs, samba mailing list. Trying many > > configurations to solve or connect AD-DC. > > > > *some steps: ad-dc* > > in smb.conf: > > bind interfaces only = yes > > interfaces = lo eth0 > > dns forwarder = IP-AD-DC DNS > > > > after command *systemctl status samba-ad-dc* > > > > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800684, 0] > > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > > jul 13 08:58:09 dclinux samba[2146]: > > /usr/sbin/samba_dnsupdate: Traceback > > (most recent call last): > > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800882, 0] > > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > > jul 13 08:58:09 dclinux samba[2146]: > > /usr/sbin/samba_dnsupdate: File > > "/usr/sbin/samba_dnsupdate", line 56, in <module> > > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800934, 0] > > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > > jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: > > import dns.resolver > > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800972, 0] > > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > > jul 13 08:58:09 dclinux samba[2146]: /usr/sbin/samba_dnsupdate: > > ModuleNotFoundError: No module named 'dns' > > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.818318, 0] > > ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done) > > jul 13 08:58:09 dclinux samba[2146]: * > > dnsupdate_nameupdate_done: Failed > > DNS update with exit code 1* > > > > I am lost and do not know what to do. > > > > Please, someone can help me? > > > > Thanks so much > > > > Douglas > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Douglas Giovani Oechsler* e-mail: doguibnu at gmail.com <douglasgiovani at oechsler.com.br> *Prudent?polis - PR*
L.P.H. van Belle
2020-Jul-13 14:55 UTC
[Samba] net rpc rights grant fail to connect 127.0.0.1
Ok, im bit confused, sorry,. Ehen i look that the below output, then i see there are multiple things suspecting to go wrong here. ? For example this is a mismatch..? especialy hostname -i & -I? these should be the same or -I should show both. ? Now, if this is the member i would have expected something like this. /etc/hosts 127.0.0.1 localhost 10.1.1.16?????? E-PLANO.ad.mydomain.br e-plano /etc/resolv.conf search AD.MYDOMAIN.BR nameserver 10.1.1.21 for the AD-DC For the member /etc/hosts 127.0.0.1 localhost 10.1.1.21???????some-DCnameHere.ad.mydomain.br some-DCnameHere ?/etc/resolv.conf search AD.MYDOMAIN.BR nameserver 10.1.1.21 nameserver 200.xx.x.x.xx nameserver 8.8.8.8 and in samba smb.conf a forwarder to the internet if internal DNS is used. My advice if this is a fresh domain verify you AD-DC first. i suspect there is more not correct. debugging this and having 2 servers with possible faulty settings is a hard cookie..? Sorry im the bad news bringer.. Greetz, Louis ? ? Van: Douglas G. Oechsler [mailto:doguibnu at gmail.com] Verzonden: maandag 13 juli 2020 16:29 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] net rpc rights grant fail to connect 127.0.0.1 Hello LPH Em seg., 13 de jul. de 2020 ?s 09:50, L.P.H. van Belle via samba <samba at lists.samba.org> escreveu: (Ah, just finish my message and Rowland also mosted. Well, see this as extra info ) This "should" not be needed.? Run this : https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivileges.sh bash samba-check-SePrivileges.sh And you see all default settings. the answer: The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE Could not connect to server E-PLANO.ad.mydomain.br Other credential caches present, use -A to destroy all ? And you should see: (everyhere) but i picked SeDiskOperatorPrivilege as example SeDiskOperatorPrivilege: ? BUILTIN\Administrators "DOMAIN\Domain Admins" is by default a member of "BUILTIN\Administrators" So im wondering why you need "SAMDOM\Unix Admins" to SeDiskOperatorPrivilege When you can add "SAMDOM\Unix Admins" to the windows group "DOMAIN\Domain Admins"? With the same result in the end. Unix admin having rights like "dom admins" Yes, you are right about observation. I am only follow the samba wiki ? So can you explain it a bit why you want to set it? there might also be a good reason to. But i dont know if thats the case. You told all ? Also, to the source source of this. "could not connect to server 127.0.0.1 connection failed: NT_STATUS_CONNECTION_REFUSED" I see your running the AD-DC as fileserver. Then you cant use the "net" command. NO! I am trying to do the command from Member AD and after it will be AD file server Is the command on the AD-DC server side? ? Can you post the output of : From Member AD ? /etc/hosts 127.0.0.1 localhost 10.1.1.21 ? ? ? E-PLANO.ad.mydomain.br e-plano # special IPv6 addresses ::1 ? ? ? ? ? ? localhost ipv6-localhost ipv6-loopback fe00::0 ? ? ? ? ipv6-localnet ff00::0 ? ? ? ? ipv6-mcastprefix ff02::1 ? ? ? ? ipv6-allnodes ff02::2 ? ? ? ? ipv6-allrouters ff02::3 ? ? ? ? ipv6-allhosts ? /etc/resolv.conf search AD.MYDOMAIN.BR nameserver 10.1.1.21 nameserver 200.X.X.X ? /etc/krb5.conf [libdefaults] default_realm = AD.MYDOMAIN.BR dns_lookup_realm = false dns_lookup_kdc = true ? /etc/nsswitch.conf #passwd: compat winbind passwd: files winbind #group: compat winbind group: files winbind shadow: compat #hosts: files mdns_minimal [NOTFOUND=return] dns hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files ? /etc/idmapd.conf (if exists) [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nobody ? ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 ? ? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 ? ? inet MailScanner warning: numerical links are often malicious: 127.0.0.1/8 scope host lo ? ? ? ?valid_lft forever preferred_lft forever ? ? inet6 ::1/128 scope host ? ? ? ?valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 ? ? link/ether 08:00:27:ad:ab:9c brd ff:ff:ff:ff:ff:ff ? ? inet MailScanner warning: numerical links are often malicious: 10.1.1.16/24 brd 10.1.1.255 scope global noprefixroute eth0 ? ? ? ?valid_lft forever preferred_lft forever ? ? inet6 fe80::542f:faae:915d:db4c/64 scope link noprefixroute ? ? ? ?valid_lft forever preferred_lft forever ? hostname -f E-PLANO.ad.mydomain.br hostname -d ad.mydomain.br ? hostname -s e-plano ? hostname -i 10.1.1.21 ? hostname -I 10.1.1.16? And offcourse the smb.conf # Global parameters [global] bind interfaces only = Yes dedicated keytab file = /etc/krb5.keytab interfaces = lo eth0 kerberos method = secrets and keytab log file = /var/log/samba/%m.log realm = AD.MYDOMAIN.BR security = ADS template homedir = /home/%U template shell = /bin/bash username map = /etc/samba/etc/user.map winbind refresh tickets = Yes winbind use default domain = Yes workgroup = MYDOMAIN idmap config mydomain:unix_primary_group = yes idmap config mydomain:unix_nss_info = yes idmap config mydomain:range = 10000-999999 idmap config mydomain:schema_mode = rfc2307 idmap config mydomain:backend = ad idmap config * : range = 3000-7999 idmap config * : backend = tdb map acl inherit = Yes vfs objects = acl_xattr [eplano] path = /srv/eplano read only = No ? Last the ipnummers of your AD-DC, if i was wrong im my asumption above that this is the AD-DC. That should give us all we need to know. Greetz, Louis Thanks attention Douglas ?> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Douglas G. Oechsler via samba > Verzonden: maandag 13 juli 2020 14:13 > Aan: samba at lists.samba.org > Onderwerp: [Samba] net rpc rights grant fail to connect 127.0.0.1 > > Hello! > > I am trying to do the command: > *net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U > "SAMDOM\administrator"* > *could not connect to server 127.0.0.1* > *connection failed: NT_STATUS_CONNECTION_REFUSED* > > All steps from original samba wiki. The distro is Opensuse > 15.1 64 bits, on > Oracle VM, static IP. > I did read several blogs, docs, samba mailing list. Trying many > configurations to solve or connect AD-DC. > > *some steps: ad-dc* > in smb.conf: > bind interfaces only = yes > interfaces = lo eth0 >? dns forwarder = IP-AD-DC DNS > > after command *systemctl status samba-ad-dc* > > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800684,? 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]:? ? > /usr/sbin/samba_dnsupdate: Traceback > (most recent call last): > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800882,? 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]:? ? > /usr/sbin/samba_dnsupdate:? ?File > "/usr/sbin/samba_dnsupdate", line 56, in <module> > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800934,? 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]:? ?/usr/sbin/samba_dnsupdate: > import dns.resolver > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.800972,? 0] > ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > jul 13 08:58:09 dclinux samba[2146]:? ?/usr/sbin/samba_dnsupdate: > ModuleNotFoundError: No module named 'dns' > jul 13 08:58:09 dclinux samba[2146]: [2020/07/13 08:58:09.818318,? 0] > ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done) > jul 13 08:58:09 dclinux samba[2146]:? * > dnsupdate_nameupdate_done: Failed > DNS update with exit code 1* > > I am lost and do not know what to do. > > Please, someone can help me? > > Thanks so much > > Douglas > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba > >-- To unsubscribe from this list go to the following URL and read the instructions:? https://lists.samba.org/mailman/options/samba -- Douglas Giovani Oechsler e-mail: MailScanner heeft een e-mail met mogelijk een poging tot fraude gevonden van "oechsler.com.br" doguibnu at gmail.com Prudent?polis - PR