pfsense can block samba net ad permittion (net rpc grant)

johnpoz

What do you mean you can not change its as simple as testing it..

I have no idea what your trying to do but.. But its common knowledge that \ vs / in domain and user is a problem..

doguibnu

I am trying to post the command here since last week for you see what I need to do but, I do not know why, pfsense forum does not permit its tell me is "spam"

stephenw10

Try putting it in a code box. If that still fails try putting in pastebin (or similar) and linking to it.

johnpoz

For me to test this, would have to fire up linux AD via samba.. Which I guess could do - but this really has nothing to do with pfsense at all.. And you would prob get better support on samba forums for what your trying to do.

doguibnu

Hello @stephenw10 and @johnpoz

I am sorry to late
Here is the [pastebin]command.:
pfsense does not permit that I post the link, still tell me that I flagged as spam......

I made 2 machines again from zero and not works. All steps gone ok. If this step not work, I am unable to do the AD works well.

I am talking to samba group email list, but nothing stay clear to fix this.

Thank you

doguibnu

Above I think it lets post Image!

doguibnu

@doguibnu said in pfsense can block samba net ad permittion (net rpc grant):

Hello @stephenw10 and @johnpoz

I am sorry to late
Here is the
pfsense does not permit that I post the link, still tell me that I flagged as spam......

I made 2 machines again from zero and not works. All steps gone ok. If this step not work, I am unable to do the AD works well.

I am talking to samba group email list, but nothing stay clear to fix this.

Thank you

johnpoz

Going to say this one last time.. This has ZERO to do with pfsense - ZERO!! This as to do with your machine.. Your talking to the localhost machine.. Your not running this command on pfsense.. So how does it have anything to do with pfsense.. It an issue with the machine itself (127.0.01), not pfsense, not the network..

I would will try and fire up a linux machine to simulate what your doing.. But again this has nothing to do with the network or pfsense..

johnpoz

Please describe exactly what you doing, what version of linux? I can try and duplicate your issue.

Your just setting up a domain with samba? What version of samba?

doguibnu

@johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

Going to say this one last time.. This has ZERO to do with pfsense - ZERO!! This as to do with your machine.. Your talking to the localhost machine.. Your not running this command on pfsense.. So how does it have anything to do with pfsense.. It an issue with the machine itself (127.0.01), not pfsense, not the network..

I would will try and fire up a linux machine to simulate what your doing.. But again this has nothing to do with the network or pfsense..

@johnpoz Ok!

Thank you so much and sorry!

johnpoz

Looks like your just trying to give a user some privilege

You have a usermap setup right?

/etc/samba/user.map

This looks like exactly what your running into
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting

doguibnu

@johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

Please describe exactly what you doing, what version of linux? I can try and duplicate your issue.

Your just setting up a domain with samba? What version of samba?

My steps:

A server with Oracle VM 6.1
2 machines created on Oracle VM

Machine one: Opensuse 15.2 as AD-DC - samba-ad-dc installed well, running ok, all samba-ad-dc ports open in public on opensuse firewalld. NTP server ok. All steps from official samba wiki for Domain controller checked.

Machine two: Opensuse 15.2 as Domain Member and file server. Again, all steps from official samba wiki to do Domain Member and File server checked. So in other Windows 10 VM on the same server by RSAT I created Unix Admins Group - GID - add to Domain Admins Member.
BUT, when I try to do the command: net rpc grant - Privileges....... because if commad works without error I can work in windows RSAT side and can connect, make share folders and etc....BUT, after the command its only try to connect 127.0.0.1

and Yes, all steps to fix it I tryed:
in smb.conf: interfaces: lo eth0
dns forwards: IP

in file username.map: Domain\Administrator Domain\administrator

samba version: 4.11

Thanks

doguibnu

@johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

Looks like your just trying to give a user some privilege

Yes, you are right
For user Administratror

You have a usermap setup right?

/etc/samba/user.map

Yes

This looks like exactly what your running into
I did

I delete this part here: you posted one link ref samba member because pfsense tell me is spam, sorry

yes, I follow the site but, not fix

Thank you

johnpoz

I will spin up some VMs tmrw afternoon and try and duplicate.

btw: I moved this thread, it has nothing to do with pfsense.. So moved it to the offtopic section.

edit: Ok have 2 Vms fired up one running ubuntu 18 the other 16.. I had those handy.. Shouldn't really matter to be honest if on same linux as you.. linux is pretty much linux.. Might not get to the samba setup until later.. Need to take a break from the computer to be honest - been working all day, been up since 4am because of line issue.. So I think I am done for the day ;)

I will try and follow the same guide you did. Prob tmrw morning..

edit2: Which specific guide did you follow? I would just run through this
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

so the 18 box will be called dc1, and the member - real creative "member" hehe

Will use mydomain.lan as the domain... Took a quick look thru guide I linked too and looks pretty good...

Let you know what I find..

doguibnu

@johnpoz

Hello!

I want answer you but pfsense forum all time tell me when click in submit:
Post content was flagged as spam by Akismet.com

I cannot do my answer correctly

Is there other option to answer?

Thanks

johnpoz

Post them on pastebin or something. I got side tracked with honey-do list on saturday.. Had to redo all the sand between my bricks in the front walk ;) turned into a whole day thing..

And I ran into issues with the promotion setup.. Getting some errors, and with the honey-do list didn't get a chance to get back to it.

What specific guide did you follow?

doguibnu

Wowww, so your weekend was "fun"

Yes, I follow the link you posted about AD (I do not know why cannot reply your post that have links, all the time pfsense forum does not make me submit reply).

The command:
samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo eth0" --option="bind interfaces only=yes"

dc
SAMBA_INTERNAL

I would you like to tell that Ubuntu 18 use netplan and not resolv.conf. Studying about in my tests after provision and nslookup command it does not sees the nameserver and yes 127.0.0.53. Some blogs tell to install resolvconf package and configure how "old" kind. Others tells to configure the nem /etc/netplan/something.yaml file insert:

nameservers:
addreesses: [10.x.x.x,8.8.8.8]

but for me, it does works trying to do in ubuntu.

Since the starting AD configuration my distro was Opensuse 15.2. In opensuse ADDC side you need to delete samba package and install samba-ad-dc. Only to tell you.

Thanks attention and help

johnpoz

ubuntu 18 out of the box uses netplan, you have to jump through some hoops to have it use resolv.

yeah I know how to run the provision command ;)

Not sure I would use the word fun to describe it ;) hehehe - would of been much happier playing with setting up a samba AD to be honest..

doguibnu

@johnpoz

sorry, here I want to write:
but for me, it does works trying to do in ubuntu.

It does not works

about "fun" word I believe you heheheheh

tppoews

I understand that its trying to connect to itself.
But, Can be a wrong configure in PFsense?