pfsense can block samba net ad permittion (net rpc grant)



  • Hello

    We have ad-dc and ad member file server on oracle vm the both machine. We have pfsense for a long time in our scenario.

    When need right grant privilege (net rpc right grant command)
    and give me error:

    Could not connect to server 127.0.0.1

    I follow the official samba wiki for many times and I do not know what to do more.

    Please, someone Any Ideia?

    Thanks all


  • LAYER 8 Global Moderator

    @pap1984 said in pfsense can block samba net ad permittion (net rpc grant):

    Could not connect to server 127.0.0.1

    That is loopback error - where ever your seeing that error, its trying to connect to itself



  • @johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

    @pap1984 said in pfsense can block samba net ad permittion (net rpc grant):

    Could not connect to server 127.0.0.1

    That is loopback error - where ever your seeing that error, its trying to connect to itself

    Hello!

    I understand that its trying to connect to itself.
    But, Can be a wrong configure in PFsense?

    In my scenario we have pfsense with no dhcp for internal network:

    1 NIC - Wan static Public IP
    2 NIC - Lan (10.x.x.x/24)
    No dhcp

    The both machines AD-DC and AD member file server are on VM - Bridge mode!

    AD-DC - 10.1.1.21
    AD Member - 10.1.1.16

    So, I did follow official samba wiki to make work, but in AD member side for grant rights command:

    net rpc rights grant "MYDOMAIN\Unix Admins" SeDiskOperatorPrivilege -U "MYDOMAIN\administrator"
    Enter MYDOMAIN\administrator's password:
    Could not connect to server 127.0.0.1
    Connection failed: NT_STATUS_CONNECTION_REFUSED
    

    For weeks trying to solve this but, nothing!

    Thank you for attention


  • LAYER 8 Global Moderator

    @doguibnu said in pfsense can block samba net ad permittion (net rpc grant):

    AD-DC - 10.1.1.21
    AD Member - 10.1.1.16

    Pfsense has nothing to do with any conversations those machines would have with each other.. None..

    Pfsense is a router, the only time a device would send it traffic would be to get off the network, talking to a device on your own network has nothing to do with pfsense.

    And it sure having anything with a machine trying to talk to itself, 127.0.0.1

    Could not connect to server 127.0.0.1

    The only way those 2 ips you listed could be on different networks is if you were using /30 or /31 mask.. But you state both those machines on your lan.. With a /24 mask... And again the error your seeing is the trying to talk to itself anyway.

    Not sure what your issue is your seeing, but pfsense has nothing to do with it.



  • Hello @johnpoz

    Right Friend! Thanks to clarify. I just only searching something to solve the problem and AD-DC and AD-Member work fine.

    Thank you so much

    @johnpoz said in pfsense can block samba net ad permittion (net rpc grant):

    Pfsense has nothing to do with any conversations those machines would have with each other.. None..
    Pfsense is a router, the only time a device would send it traffic would be to get off the network, talking to a device on your own network has nothing to do with pfsense.
    And it sure having anything with a machine trying to talk to itself, 127.0.0.1


  • LAYER 8 Global Moderator

    If I had to guess, have you tried changing the \ to /, pretty sure in linux the slash would be forward vs reverse (backwards)..



  • Hello @johnpoz

    I think that I can not change \ to / because I follow the official samba wiki command. And the command is from Linux plataform

    Thanks help and attention


  • LAYER 8 Global Moderator

    What do you mean you can not change its as simple as testing it..

    I have no idea what your trying to do but.. But its common knowledge that \ vs / in domain and user is a problem..



  • I am trying to post the command here since last week for you see what I need to do but, I do not know why, pfsense forum does not permit its tell me is "spam"


  • Netgate Administrator

    Try putting it in a code box. If that still fails try putting in pastebin (or similar) and linking to it.


  • LAYER 8 Global Moderator

    For me to test this, would have to fire up linux AD via samba.. Which I guess could do - but this really has nothing to do with pfsense at all.. And you would prob get better support on samba forums for what your trying to do.


Log in to reply