pfsense can block samba net ad permittion (net rpc grant)



  • Hello

    We have ad-dc and ad member file server on oracle vm the both machine. We have pfsense for a long time in our scenario.

    When need right grant privilege (net rpc right grant command)
    and give me error:

    Could not connect to server 127.0.0.1

    I follow the official samba wiki for many times and I do not know what to do more.

    Please, someone Any Ideia?

    Thanks all


  • LAYER 8 Global Moderator

    @pap1984 said in pfsense can block samba net ad permittion (net rpc grant):

    Could not connect to server 127.0.0.1

    That is loopback error - where ever your seeing that error, its trying to connect to itself



  • @johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

    @pap1984 said in pfsense can block samba net ad permittion (net rpc grant):

    Could not connect to server 127.0.0.1

    That is loopback error - where ever your seeing that error, its trying to connect to itself

    Hello!

    I understand that its trying to connect to itself.
    But, Can be a wrong configure in PFsense?

    In my scenario we have pfsense with no dhcp for internal network:

    1 NIC - Wan static Public IP
    2 NIC - Lan (10.x.x.x/24)
    No dhcp

    The both machines AD-DC and AD member file server are on VM - Bridge mode!

    AD-DC - 10.1.1.21
    AD Member - 10.1.1.16

    So, I did follow official samba wiki to make work, but in AD member side for grant rights command:

    net rpc rights grant "MYDOMAIN\Unix Admins" SeDiskOperatorPrivilege -U "MYDOMAIN\administrator"
    Enter MYDOMAIN\administrator's password:
    Could not connect to server 127.0.0.1
    Connection failed: NT_STATUS_CONNECTION_REFUSED
    

    For weeks trying to solve this but, nothing!

    Thank you for attention


  • LAYER 8 Global Moderator

    @doguibnu said in pfsense can block samba net ad permittion (net rpc grant):

    AD-DC - 10.1.1.21
    AD Member - 10.1.1.16

    Pfsense has nothing to do with any conversations those machines would have with each other.. None..

    Pfsense is a router, the only time a device would send it traffic would be to get off the network, talking to a device on your own network has nothing to do with pfsense.

    And it sure having anything with a machine trying to talk to itself, 127.0.0.1

    Could not connect to server 127.0.0.1

    The only way those 2 ips you listed could be on different networks is if you were using /30 or /31 mask.. But you state both those machines on your lan.. With a /24 mask... And again the error your seeing is the trying to talk to itself anyway.

    Not sure what your issue is your seeing, but pfsense has nothing to do with it.



  • Hello @johnpoz

    Right Friend! Thanks to clarify. I just only searching something to solve the problem and AD-DC and AD-Member work fine.

    Thank you so much

    @johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

    Pfsense has nothing to do with any conversations those machines would have with each other.. None..
    Pfsense is a router, the only time a device would send it traffic would be to get off the network, talking to a device on your own network has nothing to do with pfsense.
    And it sure having anything with a machine trying to talk to itself, 127.0.0.1


  • LAYER 8 Global Moderator

    If I had to guess, have you tried changing the \ to /, pretty sure in linux the slash would be forward vs reverse (backwards)..



  • Hello @johnpoz

    I think that I can not change \ to / because I follow the official samba wiki command. And the command is from Linux plataform

    Thanks help and attention


  • LAYER 8 Global Moderator

    What do you mean you can not change its as simple as testing it..

    I have no idea what your trying to do but.. But its common knowledge that \ vs / in domain and user is a problem..



  • I am trying to post the command here since last week for you see what I need to do but, I do not know why, pfsense forum does not permit its tell me is "spam"


  • Netgate Administrator

    Try putting it in a code box. If that still fails try putting in pastebin (or similar) and linking to it.


  • LAYER 8 Global Moderator

    For me to test this, would have to fire up linux AD via samba.. Which I guess could do - but this really has nothing to do with pfsense at all.. And you would prob get better support on samba forums for what your trying to do.



  • Hello @stephenw10 and @johnpoz

    I am sorry to late
    Here is the [pastebin]command.:
    pfsense does not permit that I post the link, still tell me that I flagged as spam......

    I made 2 machines again from zero and not works. All steps gone ok. If this step not work, I am unable to do the AD works well.

    I am talking to samba group email list, but nothing stay clear to fix this.

    Thank you



  • Above I think it lets post Image!



  • @doguibnu said in pfsense can block samba net ad permittion (net rpc grant):

    Hello @stephenw10 and @johnpoz

    I am sorry to late
    Here is the Image
    pfsense does not permit that I post the link, still tell me that I flagged as spam......

    I made 2 machines again from zero and not works. All steps gone ok. If this step not work, I am unable to do the AD works well.

    I am talking to samba group email list, but nothing stay clear to fix this.

    Thank you


  • LAYER 8 Global Moderator

    Going to say this one last time.. This has ZERO to do with pfsense - ZERO!! This as to do with your machine.. Your talking to the localhost machine.. Your not running this command on pfsense.. So how does it have anything to do with pfsense.. It an issue with the machine itself (127.0.01), not pfsense, not the network..

    I would will try and fire up a linux machine to simulate what your doing.. But again this has nothing to do with the network or pfsense..


  • LAYER 8 Global Moderator

    Please describe exactly what you doing, what version of linux? I can try and duplicate your issue.

    Your just setting up a domain with samba? What version of samba?



  • @johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

    Going to say this one last time.. This has ZERO to do with pfsense - ZERO!! This as to do with your machine.. Your talking to the localhost machine.. Your not running this command on pfsense.. So how does it have anything to do with pfsense.. It an issue with the machine itself (127.0.01), not pfsense, not the network..

    I would will try and fire up a linux machine to simulate what your doing.. But again this has nothing to do with the network or pfsense..

    @johnpoz Ok!

    Thank you so much and sorry!


  • LAYER 8 Global Moderator

    Looks like your just trying to give a user some privilege

    You have a usermap setup right?

    /etc/samba/user.map

    This looks like exactly what your running into
    https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting



  • @johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

    Please describe exactly what you doing, what version of linux? I can try and duplicate your issue.

    Your just setting up a domain with samba? What version of samba?

    My steps:

    A server with Oracle VM 6.1
    2 machines created on Oracle VM

    Machine one: Opensuse 15.2 as AD-DC - samba-ad-dc installed well, running ok, all samba-ad-dc ports open in public on opensuse firewalld. NTP server ok. All steps from official samba wiki for Domain controller checked.

    Machine two: Opensuse 15.2 as Domain Member and file server. Again, all steps from official samba wiki to do Domain Member and File server checked. So in other Windows 10 VM on the same server by RSAT I created Unix Admins Group - GID - add to Domain Admins Member.
    BUT, when I try to do the command: net rpc grant - Privileges....... because if commad works without error I can work in windows RSAT side and can connect, make share folders and etc....BUT, after the command its only try to connect 127.0.0.1

    and Yes, all steps to fix it I tryed:
    in smb.conf: interfaces: lo eth0
    dns forwards: IP

    in file username.map: Domain\Administrator Domain\administrator

    samba version: 4.11

    Thanks



  • @johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

    Looks like your just trying to give a user some privilege

    Yes, you are right
    For user Administratror

    You have a usermap setup right?

    /etc/samba/user.map

    Yes

    This looks like exactly what your running into
    I did

    I delete this part here: you posted one link ref samba member because pfsense tell me is spam, sorry

    yes, I follow the site but, not fix

    Thank you


  • LAYER 8 Global Moderator

    I will spin up some VMs tmrw afternoon and try and duplicate.

    btw: I moved this thread, it has nothing to do with pfsense.. So moved it to the offtopic section.

    edit: Ok have 2 Vms fired up one running ubuntu 18 the other 16.. I had those handy.. Shouldn't really matter to be honest if on same linux as you.. linux is pretty much linux.. Might not get to the samba setup until later.. Need to take a break from the computer to be honest - been working all day, been up since 4am because of line issue.. So I think I am done for the day ;)

    I will try and follow the same guide you did. Prob tmrw morning..

    edit2: Which specific guide did you follow? I would just run through this
    https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

    so the 18 box will be called dc1, and the member - real creative "member" hehe

    Will use mydomain.lan as the domain... Took a quick look thru guide I linked too and looks pretty good...

    Let you know what I find..


Log in to reply