pfsense can block samba net ad permittion (net rpc grant)

doguibnu

Hello @stephenw10 and @johnpoz

I am sorry to late
Here is the [pastebin]command.:
pfsense does not permit that I post the link, still tell me that I flagged as spam......

I made 2 machines again from zero and not works. All steps gone ok. If this step not work, I am unable to do the AD works well.

I am talking to samba group email list, but nothing stay clear to fix this.

Thank you

doguibnu

Above I think it lets post Image!

doguibnu

@doguibnu said in pfsense can block samba net ad permittion (net rpc grant):

Hello @stephenw10 and @johnpoz

I am sorry to late
Here is the
pfsense does not permit that I post the link, still tell me that I flagged as spam......

I made 2 machines again from zero and not works. All steps gone ok. If this step not work, I am unable to do the AD works well.

I am talking to samba group email list, but nothing stay clear to fix this.

Thank you

johnpoz

Going to say this one last time.. This has ZERO to do with pfsense - ZERO!! This as to do with your machine.. Your talking to the localhost machine.. Your not running this command on pfsense.. So how does it have anything to do with pfsense.. It an issue with the machine itself (127.0.01), not pfsense, not the network..

I would will try and fire up a linux machine to simulate what your doing.. But again this has nothing to do with the network or pfsense..

johnpoz

Please describe exactly what you doing, what version of linux? I can try and duplicate your issue.

Your just setting up a domain with samba? What version of samba?

doguibnu

@johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

Going to say this one last time.. This has ZERO to do with pfsense - ZERO!! This as to do with your machine.. Your talking to the localhost machine.. Your not running this command on pfsense.. So how does it have anything to do with pfsense.. It an issue with the machine itself (127.0.01), not pfsense, not the network..

I would will try and fire up a linux machine to simulate what your doing.. But again this has nothing to do with the network or pfsense..

@johnpoz Ok!

Thank you so much and sorry!

johnpoz

Looks like your just trying to give a user some privilege

You have a usermap setup right?

/etc/samba/user.map

This looks like exactly what your running into
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting

doguibnu

@johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

Please describe exactly what you doing, what version of linux? I can try and duplicate your issue.

Your just setting up a domain with samba? What version of samba?

My steps:

A server with Oracle VM 6.1
2 machines created on Oracle VM

Machine one: Opensuse 15.2 as AD-DC - samba-ad-dc installed well, running ok, all samba-ad-dc ports open in public on opensuse firewalld. NTP server ok. All steps from official samba wiki for Domain controller checked.

Machine two: Opensuse 15.2 as Domain Member and file server. Again, all steps from official samba wiki to do Domain Member and File server checked. So in other Windows 10 VM on the same server by RSAT I created Unix Admins Group - GID - add to Domain Admins Member.
BUT, when I try to do the command: net rpc grant - Privileges....... because if commad works without error I can work in windows RSAT side and can connect, make share folders and etc....BUT, after the command its only try to connect 127.0.0.1

and Yes, all steps to fix it I tryed:
in smb.conf: interfaces: lo eth0
dns forwards: IP

in file username.map: Domain\Administrator Domain\administrator

samba version: 4.11

Thanks

doguibnu

@johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

Looks like your just trying to give a user some privilege

Yes, you are right
For user Administratror

You have a usermap setup right?

/etc/samba/user.map

Yes

This looks like exactly what your running into
I did

I delete this part here: you posted one link ref samba member because pfsense tell me is spam, sorry

yes, I follow the site but, not fix

Thank you

johnpoz

I will spin up some VMs tmrw afternoon and try and duplicate.

btw: I moved this thread, it has nothing to do with pfsense.. So moved it to the offtopic section.

edit: Ok have 2 Vms fired up one running ubuntu 18 the other 16.. I had those handy.. Shouldn't really matter to be honest if on same linux as you.. linux is pretty much linux.. Might not get to the samba setup until later.. Need to take a break from the computer to be honest - been working all day, been up since 4am because of line issue.. So I think I am done for the day ;)

I will try and follow the same guide you did. Prob tmrw morning..

edit2: Which specific guide did you follow? I would just run through this
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

so the 18 box will be called dc1, and the member - real creative "member" hehe

Will use mydomain.lan as the domain... Took a quick look thru guide I linked too and looks pretty good...

Let you know what I find..

doguibnu

@johnpoz

Hello!

I want answer you but pfsense forum all time tell me when click in submit:
Post content was flagged as spam by Akismet.com

I cannot do my answer correctly

Is there other option to answer?

Thanks

johnpoz

Post them on pastebin or something. I got side tracked with honey-do list on saturday.. Had to redo all the sand between my bricks in the front walk ;) turned into a whole day thing..

And I ran into issues with the promotion setup.. Getting some errors, and with the honey-do list didn't get a chance to get back to it.

What specific guide did you follow?

doguibnu

Wowww, so your weekend was "fun"

Yes, I follow the link you posted about AD (I do not know why cannot reply your post that have links, all the time pfsense forum does not make me submit reply).

The command:
samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo eth0" --option="bind interfaces only=yes"

dc
SAMBA_INTERNAL

I would you like to tell that Ubuntu 18 use netplan and not resolv.conf. Studying about in my tests after provision and nslookup command it does not sees the nameserver and yes 127.0.0.53. Some blogs tell to install resolvconf package and configure how "old" kind. Others tells to configure the nem /etc/netplan/something.yaml file insert:

nameservers:
addreesses: [10.x.x.x,8.8.8.8]

but for me, it does works trying to do in ubuntu.

Since the starting AD configuration my distro was Opensuse 15.2. In opensuse ADDC side you need to delete samba package and install samba-ad-dc. Only to tell you.

Thanks attention and help

johnpoz

ubuntu 18 out of the box uses netplan, you have to jump through some hoops to have it use resolv.

yeah I know how to run the provision command ;)

Not sure I would use the word fun to describe it ;) hehehe - would of been much happier playing with setting up a samba AD to be honest..

doguibnu

@johnpoz

sorry, here I want to write:
but for me, it does works trying to do in ubuntu.

It does not works

about "fun" word I believe you heheheheh

tppoews

I understand that its trying to connect to itself.
But, Can be a wrong configure in PFsense?

johnpoz

@tppoews said in pfsense can block samba net ad permittion (net rpc grant):

Can be a wrong configure in PFsense?

NO!

Its not pfsense, how can the router have anything to do with the machine talking to itself! That would be like saying you can not touch your noise with your own finger... But not your fault, the tooth fairy is stopping you from doing it.

I forgot all about this.. But this has never nor has it anything to do with pfsense.. Talking to loopback is yourself! If you can not talk to yourself its something wrong on the box!! Not the gateway that routes traffic to the internet for you..

I already linked to the solution to his exact problem
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
SeDiskOperatorPrivilege can't be set

doguibnu

@tppoews and @johnpoz

I Believe that can be wrong configuration in PFsense, yes. This last week I was trying to do one samba share folder with Opensuse server, and this machine it is on the same network that Pfsense. Only windows 10, 7 can connect the share folder. Other Linux Machines, give me error screen access. So, I get an old machine, download pfsense, install and made other network to test it. The Linux systems and windows can access the opensuse share folder without problems or errors. Me and my work mate starting configuration a new Pfsense from zero. We hope that it is done for production area in little time. We have VPLS in our scenario (I am not vpls knowledgeable). Need attention to put it in production

After all, so I will try to do again AD......... I REALLY hope win this

Thank you

Douglas

johnpoz

No, Just No...

I give up... You might as well think the great pumpkin is at fault..

Why are you posting here? Whatever you dealing with clearly has zero to do with this OP question.. Or anything to do with pfsense at all.. Sorry but devices on the same network talking to each other have zero to do with pfsense - zero!

doguibnu

@johnpoz

Right, ok!
I am sorry

Thanks!