Manage Shared Folder Permissions from Domain - Error with SeDiskOperatorPrivilege

Hello,

I ingressed my openSUSE into a Windows domain, and everything is working fine (using YAST w SSSD).

So now I want to be able to manage my shares (subfolders) permissions using a DOMAIN/Adm account. To do that, I found out that I need to grant SeDiskOperatorPrivilege to it (right?).
Problem is, with

net rpc rights grant "WINDOMAIN\Administrator" SeDiskOperatorPrivilege -U "WINDOMAIN\Administrador"

I got

Connection failed: NT_STATUS_NO_LOGON_SERVER

I searched for this error, but couldn’t find a solution yet, since most of ppl were saying it was a DNS problem, but I’m into the domain, I can ping other machines by name, my DNS is the DNS server as well and I can even login with domain credentials…

Any help would be apreciated.

Hello and, welcome to this Forum.

The error is indicating that, the ADS Logon Server can not be found.

• Can you login to the Active Directory domain? – <Active Directory support | Security and Hardening Guide | openSUSE Leap 15.5.

BTW, I note that, you’ve been using the archived Leap 15.0 documentation – For Leap 15.3 please use the documentation here – <https://doc.opensuse.org/&gt;.

Hello! Thanks! Gonna use the updated docs.

Yes, I can login with AD credentials:
https://i.postimg.cc/6qHMDdYD/img.jpg

Running “klist” shows a valid ticket as well.

Yes, but, the login indicates an error – “The login directory doesn’t exist” …

• Which is possibly related to the “Active Domain Logon Server not found
  ” error.

Are you certain that, the server’s IP address has been correctly set-up?

• Also the IPv6 address …

I thought this message was caused by not enabling “Create Home Directory” at SSSD settings. It’s Ok to let if off, right?

User Logon Management
https://i.postimg.cc/V6dwtTqr/user-logon.jpg

User Logon Management -> Auth Settings -> SSSD
https://i.postimg.cc/1zRsm44K/user-logon-sssd.jpg

Network Settings
https://i.postimg.cc/yxRzQZr7/network-set.jpg

Checked:

• IPv4 = OK DHCP

• IPv6 = disabled (I don’t use it)

• /etc/resolv.conf =
  search mydomainname.local
  nameserver 192.168.0.232 (that’s my DC/DNS)

• IP addr =
  https://i.postimg.cc/52Y8PNfn/ipaddre.jpg

Where should I check for misconfiguration? Idk where to look other than these…

Thanks.

The machine isn’t a member of a Network Domain – the complete host name, including the Network Domain, isn’t resolvable.

BTW, AFAIK, attempting to use Windows 10 or later without IPv6 isn’t a good idea …

Right… I left Domain, and tried to join again:
https://i.postimg.cc/br2M78mx/dns.jpg
“No DNS domain configured”, but following the docs, I entered my DNS server IP at “Name Server 1” before joining… am i missing something?

It’s because I only have an IPv4 DHCP server…

The Server’s IP address ain’t a Domain.

• The Domain Name Server must have a Domain Name configured pointing to the Domain where the Names are being served.

So, new error

/etc/resolv.conf
search mydomain.local
nameserver 192.168.0.232

users auth
https://i.postimg.cc/NFctTyPV/users-auth.jpg

btw I checked DNS server records and if the machine appeared on DC, just to be sure

SeDiskOperatorPrivilege
https://i.postimg.cc/PqXdV8Xk/connection-refused.jpg

any idea what should I check for?

Nope. Not working.

Reinstalled the system, I did nothing but followed the docs (15.3). Joined domain succefully, IP, DNS server, domain name, domain controller, everything looks fine as far as I can tell, both on openSUSE and DC records.
Can’t login with domain creds, and sure can’t grant permissions.

Since I can’t find a sollution, or if it’s fixable at all, I think I’m done.
Anyway, thanks for helping @dcurtisfra.

@None:

The “NT_STATUS_CONNECTION_REFUSED” error when trying to connect to the Localhost is this Samba error – <https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#The_net_Command_Fails_to_Connect_to_the_127.0.0.1_IP_Address>
[HR][/HR]BTW, is ‘/etc/resolv.conf’ as follows?

 > file /etc/resolv.conf 
/etc/resolv.conf: symbolic link to /var/run/netconfig/resolv.conf
 > cat /etc/resolv.conf 
### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf
### autogenerated by netconfig!
#
# Before you change this file manually, consider to define the
# static DNS configuration using the following variables in the
# /etc/sysconfig/network/config file:
#     NETCONFIG_DNS_STATIC_SEARCHLIST
#     NETCONFIG_DNS_STATIC_SERVERS
#     NETCONFIG_DNS_FORWARDER
# or disable DNS configuration updates via netconfig by setting:
#     NETCONFIG_DNS_POLICY=''
#
# See also the netconfig(8) manual page and other documentation.
#
### Call "netconfig update -f" to force adjusting of /etc/resolv.conf.
search ???.???
nameserver 192.168.178.1
nameserver fd00::??:??:??:??
 > 

The IPv6 Name Server address is being setup by DHCP at boot from the Name Server – it’s not being setup in ‘/etc/sysconfig/network/config’ …

NETCONFIG_DNS_STATIC_SEARCHLIST="???.???"
NETCONFIG_DNS_STATIC_SERVERS="192.168.178.1"

Added the bind as the troubleshoot suggest, now the error is again like this:

Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_NO_LOGON_SERVER

My /etc/resolv.conf
https://i.postimg.cc/MTthmSn8/resolv-conf.jpg

The IPv6 Name Server address is being setup by DHCP at boot from the Name Server – it's not being setup in ‘/etc/sysconfig/network/config’ …

Sorry, what this means? My DHCP server is providing IPv4 only. The /network/config is ok with those lines.

Then, it will not configure an IPv6 address by means of DHCP.
[HR][/HR]There seems to be something basically wrong with the way that the openSUSE system is accessing the Windows Domain.

• Do commands such as “findsmb” and “nmblookup” return sensible results?