pfsense can block samba net ad permittion (net rpc grant)
-
Wowww, so your weekend was "fun"
Yes, I follow the link you posted about AD (I do not know why cannot reply your post that have links, all the time pfsense forum does not make me submit reply).
The command:
samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo eth0" --option="bind interfaces only=yes"dc
SAMBA_INTERNALI would you like to tell that Ubuntu 18 use netplan and not resolv.conf. Studying about in my tests after provision and nslookup command it does not sees the nameserver and yes 127.0.0.53. Some blogs tell to install resolvconf package and configure how "old" kind. Others tells to configure the nem /etc/netplan/something.yaml file insert:
nameservers:
addreesses: [10.x.x.x,8.8.8.8]but for me, it does works trying to do in ubuntu.
Since the starting AD configuration my distro was Opensuse 15.2. In opensuse ADDC side you need to delete samba package and install samba-ad-dc. Only to tell you.
Thanks attention and help
-
ubuntu 18 out of the box uses netplan, you have to jump through some hoops to have it use resolv.
yeah I know how to run the provision command ;)
Not sure I would use the word fun to describe it ;) hehehe - would of been much happier playing with setting up a samba AD to be honest..
-
sorry, here I want to write:
but for me, it does works trying to do in ubuntu.It does not works
about "fun" word I believe you heheheheh
-
I understand that its trying to connect to itself.
But, Can be a wrong configure in PFsense? -
@tppoews said in pfsense can block samba net ad permittion (net rpc grant):
Can be a wrong configure in PFsense?
NO!
Its not pfsense, how can the router have anything to do with the machine talking to itself! That would be like saying you can not touch your noise with your own finger... But not your fault, the tooth fairy is stopping you from doing it.
I forgot all about this.. But this has never nor has it anything to do with pfsense.. Talking to loopback is yourself! If you can not talk to yourself its something wrong on the box!! Not the gateway that routes traffic to the internet for you..
I already linked to the solution to his exact problem
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
SeDiskOperatorPrivilege can't be set -
I Believe that can be wrong configuration in PFsense, yes. This last week I was trying to do one samba share folder with Opensuse server, and this machine it is on the same network that Pfsense. Only windows 10, 7 can connect the share folder. Other Linux Machines, give me error screen access. So, I get an old machine, download pfsense, install and made other network to test it. The Linux systems and windows can access the opensuse share folder without problems or errors. Me and my work mate starting configuration a new Pfsense from zero. We hope that it is done for production area in little time. We have VPLS in our scenario (I am not vpls knowledgeable). Need attention to put it in production
After all, so I will try to do again AD......... I REALLY hope win this
Thank you
Douglas
-
No, Just No...
I give up... You might as well think the great pumpkin is at fault..
Why are you posting here? Whatever you dealing with clearly has zero to do with this OP question.. Or anything to do with pfsense at all.. Sorry but devices on the same network talking to each other have zero to do with pfsense - zero!
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
-
This post is deleted! -
This post is deleted! -
@johnpoz
Hello!I would like to tell you that is right about:
"Sorry but devices on the same network talking to each other have zero to do with pfsense - zero!"The problem is: the machines are on virtualbox. To solve the problem with samba share folders connection, needed to do the command at samba server side:
sudo adduser $USER vboxsfreboot the server and ok! Work
Testing
pictureMaybe this solution can fix the AD machines because I did try on virtualbox.
Thanks
