Samba 4.0.3 on CentOS 6.3 as PDC.
Rob Verduijn
rob.verduijn at gmail.com
Tue Feb 26 06:45:19 MST 2013
Hi,
the check iptables and check selinux can be done much easier.
setenforce=0
and
service iptables stop
now start samba and see if it works, if it still doesn't it wasn't those two
if it does enable them one at the time and you have your culprit soon enough
btw
'iptables-save'
is much more usefull in hunting down iptables problems, since it
shows all the tables not just the 3 default tables.
Now I think this is a good time to move this thread to the previously
mentioned forum since you are talking about an system administration
issue and not a dev thingy
samba at lists.samba.org
Rob
2013/2/26 Mike Stroven <mike.stroven at visole-energy.com>:
> Hi Thomas,
> Thanks for the reply. I have included all of the output of the suggested diags that you requested, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. (FWIW, it doesn't work with IPTables stopped either.) I have also posted to the samba list server.
>
>> On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote:
>>
>> > I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support.
>> > Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error:
>> > "The RPC server is unavailable". Any pointers?
>> >
>
> On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote:
>> You're likely to get more support on the user's list (samba at lists.samba.org).
>>
>> If you're certain everything is working on the server and the client
>> network config is correct (you have the DC's IP as the primary DNS server),
>> then my first guess would be iptables or selinux. If you need further
>> assistance, output from the following commands would be useful:
>>
>
>
>> # test samba
>
> [root at grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**********' -c ls
> Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3]
> . D 0 Mon Feb 25 09:53:33 2013
> .. D 0 Fri Feb 22 17:09:24 2013
>
> 40757 blocks of size 131072. 20332 blocks available
>
>
>> # test kerberos
>
> [root at grumpy ~]# kinit Administrator at VISOLE-ENERGY.COM
> Password for Administrator at VISOLE-ENERGY.COM:
> Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013
>
>
>> # check iptables
>
> [root at grumpy ~]# iptables -nL
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 /* SSH */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 /* DNS */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 /* HTTP */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 /* NTP */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000 /* Webmin */
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
>> # check selinux
>
> root at grumpy ~]# sestatus
> SELinux status: disabled
>
>
>> # netstat output
>
> [root at grumpy ~]# netstat -anp
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
> tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1114/samba
> tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1114/samba
> tcp 0 0 0.0.0.0:39689 0.0.0.0:* LISTEN 922/rpc.statd
> tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1111/smbd
> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 904/rpcbind
> tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1150/perl
> tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1116/samba
> tcp 0 0 192.168.60.200:53 0.0.0.0:* LISTEN 882/named
> tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 882/named
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1091/sshd
> tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1116/samba
> tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 882/named
> tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1114/samba
> tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1111/smbd
> tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1110/samba
> tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 1114/samba
> tcp 0 48 192.168.60.200:22 192.168.63.102:51832 ESTABLISHED 4081/sshd
> tcp 0 0 :::3269 :::* LISTEN 1114/samba
> tcp 0 0 :::389 :::* LISTEN 1114/samba
> tcp 0 0 :::139 :::* LISTEN 1111/smbd
> tcp 0 0 :::111 :::* LISTEN 904/rpcbind
> tcp 0 0 :::464 :::* LISTEN 1116/samba
> tcp 0 0 :::53012 :::* LISTEN 922/rpc.statd
> tcp 0 0 :::22 :::* LISTEN 1091/sshd
> tcp 0 0 :::88 :::* LISTEN 1116/samba
> tcp 0 0 ::1:953 :::* LISTEN 882/named
> tcp 0 0 :::636 :::* LISTEN 1114/samba
> tcp 0 0 :::445 :::* LISTEN 1111/smbd
> tcp 0 0 :::1024 :::* LISTEN 1110/samba
> tcp 0 0 :::3268 :::* LISTEN 1114/samba
> udp 0 0 192.168.60.200:464 0.0.0.0:* 1116/samba
> udp 0 0 0.0.0.0:464 0.0.0.0:* 1116/samba
> udp 0 0 192.168.60.200:88 0.0.0.0:* 1116/samba
> udp 0 0 0.0.0.0:88 0.0.0.0:* 1116/samba
> udp 0 0 0.0.0.0:750 0.0.0.0:* 861/portreserve
> udp 0 0 0.0.0.0:111 0.0.0.0:* 904/rpcbind
> udp 0 0 192.168.60.200:123 0.0.0.0:* 1138/ntpd
> udp 0 0 127.0.0.1:123 0.0.0.0:* 1138/ntpd
> udp 0 0 0.0.0.0:123 0.0.0.0:* 1138/ntpd
> udp 0 0 192.168.60.200:389 0.0.0.0:* 1115/samba
> udp 0 0 0.0.0.0:389 0.0.0.0:* 1115/samba
> udp 0 0 192.168.60.200:137 0.0.0.0:* 1112/samba
> udp 0 0 192.168.63.255:137 0.0.0.0:* 1112/samba
> udp 0 0 0.0.0.0:137 0.0.0.0:* 1112/samba
> udp 0 0 192.168.60.200:138 0.0.0.0:* 1112/samba
> udp 0 0 192.168.63.255:138 0.0.0.0:* 1112/samba
> udp 0 0 0.0.0.0:138 0.0.0.0:* 1112/samba
> udp 0 0 0.0.0.0:655 0.0.0.0:* 904/rpcbind
> udp 0 0 0.0.0.0:10000 0.0.0.0:* 1150/perl
> udp 0 0 0.0.0.0:44959 0.0.0.0:* 922/rpc.statd
> udp 0 0 0.0.0.0:674 0.0.0.0:* 922/rpc.statd
> udp 0 0 192.168.60.200:53 0.0.0.0:* 882/named
> udp 0 0 127.0.0.1:53 0.0.0.0:* 882/named
> udp 0 0 fe80::389a:99ff:febe:379:464 :::* 1116/samba
> udp 0 0 :::464 :::* 1116/samba
> udp 0 0 fe80::389a:99ff:febe:3797:88 :::* 1116/samba
> udp 0 0 :::88 :::* 1116/samba
> udp 0 0 :::111 :::* 904/rpcbind
> udp 0 0 fe80::389a:99ff:febe:379:123 :::* 1138/ntpd
> udp 0 0 ::1:123 :::* 1138/ntpd
> udp 0 0 :::123 :::* 1138/ntpd
> udp 0 0 fe80::389a:99ff:febe:379:389 :::* 1115/samba
> udp 0 0 :::389 :::* 1115/samba
> udp 0 0 :::655 :::* 904/rpcbind
> udp 0 0 :::53046 :::* 922/rpc.statd
> Active UNIX domain sockets (servers and established)
> Proto RefCnt Flags Type State I-Node PID/Program name Path
> unix 2 [ ACC ] STREAM LISTENING 8689 1110/samba /usr/local/samba/var/run/ncalrpc/np/winreg
> unix 2 [ ] DGRAM 8672 1113/samba /usr/local/samba/private/smbd.tmp/msg/msg.1113
> unix 2 [ ] DGRAM 8674 1114/samba /usr/local/samba/private/smbd.tmp/msg/msg.1114
> unix 2 [ ] DGRAM 8691 1115/samba /usr/local/samba/private/smbd.tmp/msg/msg.1115
> unix 2 [ ] DGRAM 8710 1116/samba /usr/local/samba/private/smbd.tmp/msg/msg.1116
> unix 2 [ ] DGRAM 8717 1117/samba /usr/local/samba/private/smbd.tmp/msg/msg.1117
> unix 2 [ ACC ] STREAM LISTENING 8878 1114/samba /usr/local/samba/private/ldapi
> unix 2 [ ACC ] STREAM LISTENING 8880 1114/samba /usr/local/samba/private/ldap_priv/ldapi
> unix 2 [ ] DGRAM 8719 1118/samba /usr/local/samba/private/smbd.tmp/msg/msg.1118
> unix 2 [ ACC ] STREAM LISTENING 8756 1118/samba /usr/local/samba/var/run/winbindd/pipe
> unix 2 [ ACC ] STREAM LISTENING 8758 1118/samba /usr/local/samba/var/lib/winbindd_privileged/pipe
> unix 2 [ ] DGRAM 8652 1109/samba /usr/local/samba/private/smbd.tmp/msg/msg.1109
> unix 2 [ ] DGRAM 8752 1119/samba /usr/local/samba/private/smbd.tmp/msg/msg.1119
> unix 2 [ ACC ] STREAM LISTENING 8509 1059/dbus-daemon /var/run/dbus/system_bus_socket
> unix 2 [ ACC ] STREAM LISTENING 8754 1119/samba /usr/local/samba/var/lib/ntp_signd/socket
> unix 2 [ ] DGRAM 8760 1120/samba /usr/local/samba/private/smbd.tmp/msg/msg.1120
> unix 2 [ ] DGRAM 8763 1121/samba /usr/local/samba/private/smbd.tmp/msg/msg.1121
> unix 2 [ ] DGRAM 9055 1118/samba /usr/local/samba/private/smbd.tmp/msg/msg.1118.28
> unix 2 [ ACC ] STREAM LISTENING 8676 1110/samba /usr/local/samba/var/run/ncalrpc/np/srvsvc
> unix 2 [ ACC ] STREAM LISTENING 8678 1110/samba /usr/local/samba/var/run/ncalrpc/DEFAULT
> unix 2 [ ] DGRAM 8657 1110/samba /usr/local/samba/private/smbd.tmp/msg/msg.1110
> unix 2 [ ] DGRAM 7754 861/portreserve /var/run/portreserve/socket
> unix 2 [ ACC ] STREAM LISTENING 6569 1/init @/com/ubuntu/upstart
> unix 9 [ ] DGRAM 7785 868/rsyslogd /dev/log
> unix 2 [ ] DGRAM 6706 319/udevd @/org/kernel/udev/udevd
> unix 2 [ ] DGRAM 8648 1107/samba /usr/local/samba/private/smbd.tmp/msg/msg.0
> unix 2 [ ] DGRAM 8659 1112/samba /usr/local/samba/private/smbd.tmp/msg/msg.1112
> unix 2 [ ACC ] STREAM LISTENING 7969 904/rpcbind /var/run/rpcbind.sock
> unix 2 [ ] DGRAM 63732 4081/sshd
> unix 2 [ ] DGRAM 9193 1150/perl
> unix 3 [ ] STREAM CONNECTED 9054 1118/samba /usr/local/samba/var/lib/winbindd_privileged/pipe
> unix 3 [ ] STREAM CONNECTED 9053 1111/smbd
> unix 2 [ ] DGRAM 9012 1138/ntpd
> unix 2 [ ] DGRAM 8771 1111/smbd
> unix 2 [ ] DGRAM 8625 1099/crond
> unix 3 [ ] STREAM CONNECTED 8521 1059/dbus-daemon /var/run/dbus/system_bus_socket
> unix 3 [ ] STREAM CONNECTED 8520 1/init
> unix 3 [ ] STREAM CONNECTED 8514 1059/dbus-daemon
> unix 3 [ ] STREAM CONNECTED 8513 1059/dbus-daemon
> unix 3 [ ] STREAM CONNECTED 8419 1031/rpc.idmapd
> unix 3 [ ] STREAM CONNECTED 8418 1031/rpc.idmapd
> unix 2 [ ] DGRAM 8056 922/rpc.statd
> unix 2 [ ] DGRAM 7811 882/named
> unix 3 [ ] STREAM CONNECTED 7722 842/audispd
> unix 3 [ ] STREAM CONNECTED 7721 843/sedispatch
> unix 3 [ ] STREAM CONNECTED 7712 840/auditd
> unix 3 [ ] STREAM CONNECTED 7711 842/audispd
> unix 3 [ ] DGRAM 6724 319/udevd
> unix 3 [ ] DGRAM 6723 319/udevd
>>
>
>
More information about the samba-technical
mailing list