[Samba] The RPC server is unavailable
Daniel Müller
mueller at tropenklinik.de
Sun Jan 30 02:42:23 MST 2011
TRy my thread for help, the last from october:[Samba] WG: HOWTO samba4
centos5.5 named dnsupdate drbd simple failover
Your password problem should be solved by:
"Password Policy Settings!!
Along with Samba4 the Password Policy you can only set from console, with
'net pwsettings ' command.
net pwsettings –help:
usage: (show | set <options>)
options:
-h, --help show this help message and exit
-H H LDB URL for database or target server
--quiet Be quiet
--complexity=COMPLEXITY
The password complexity (on | off | default).
Default
is 'on'
--history-length=HISTORY_LENGTH
The password history length (<integer> | default).
Default is 24.
--min-pwd-length=MIN_PWD_LENGTH
The minimum password length (<integer> | default).
Default is 7.
--min-pwd-age=MIN_PWD_AGE
The minimum password age (<integer in days> |
default). Default is 1.
--max-pwd-age=MAX_PWD_AGE
The maximum password age (<integer in days> |
default). Default is 43.
Samba Common Options:
-s FILE, --configfile=FILE
Configuration file
-d DEBUGLEVEL, --debuglevel=DEBUGLEVEL
debug level
--option=OPTION set smb.conf option from command line
--realm=REALM set the realm name
Credentials Options:
--simple-bind-dn=DN
DN to use for a simple bind
--password=PASSWORD
Password
-U USERNAME, --username=USERNAME
Username
-W WORKGROUP, --workgroup=WORKGROUP
Workgroup
-N, --no-pass Don't ask for a password
-k KERBEROS, --kerberos=KERBEROS
Use Kerberos
Version Options:
--version Display version number
So I set my Password Policy:
net pwsettings set –--complexity=off
net pwsettings set ---max-pwd-age=60 #<---60 Days
net pwsettings set –min-pwd-length=5"
Goud luck
Daniel
On Mon, 24 Jan 2011 15:20:18 -0500, Scott Carradice <jscottc at gmail.com>
wrote:
> I have used the Samba4 Howto as a guide.
>
> I am using OpenSuse 11.3 and the Samba version is:
> 4.0.0alpha15-GIT-61f7d7c.
>
> Everything was working as intended after installation.
>
> I did a fresh install on another computer of Windows 7.
> Joined my freshly made domain.
> Installed the remote administration tools.
> Created three users for testing with the remote admin tool - "Active
> Directory Users and Computers"
>
> All users log in fine.
>
> I install OpenSuse 11.3 on another computer and during install I select
the
> Windows Active Directory for user information. This works and my three
> users can sign in on the OpenSuse machine. I noticed that the computer
was
> not set up in Bind like my Windows 7 machine was automatically.
>
> First Question: Is the best way to correct this to Stop bind, enter
> machine
> into zone file and start bind? Or is this something that is expected to
> work like the Windows 7 machine?
>
> I then went back to the Windows 7 machine and tried to change one of the
> users passwords. No matter what I tried, I can not get passed the
message
> that the password is unable to change due to the strength ( The value
> provided does not meet the length, complexity ... etc ). I am pretty
sure
> this is due to the minimum duration of a password. After I waited a day
I
> was able to change the password once and then not again ( need another
day
> ).
>
> The first time I could not change my password I decided to see if I
could
> change the minimum duration with the remote tool "Active Directory Users
> and
> Computers". But now when I run this I get the error: "Naming
information
> cannot be located because: The RPC server is unavailable. Contact you
> system administrator ... "
>
> Running using the command:
> samba -i -M single -d 3
> Gives this error when trying to use the remote admin tool:
>
> using SPNEGO
> Selected protocol [5][NT LM 0.12]
> Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_
> DISCONNECTED'
> single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv()
-
> NT_STATUS_CONNECTION_DISCONNECTED]
>
> Question 2: What is the cause of this? Is the domain corrupt or is
there
> a
> fix other than reinstall?
>
>
> Any other debug information I can provide that would be useful?
>
> From the Windows 7 machine running: dcdiag /v /s: ... results are
below.
>
> Thank you for any help,
> Scott
>
>
>
>
> Directory Server Diagnosis
>
> Performing initial setup:
> * Connecting to directory service on server base.mytestdomain.ca.
> * Identified AD Forest.
> Collecting AD specific global data
> * Collecting site info.
> Calling
>
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
> The previous call succeeded
> Iterating through the sites
> Looking at base site object: CN=NTDS Site
>
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> Getting ISTG and options for the site
> * Identifying all servers.
> Calling
>
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
> The previous call succeeded....
> The previous call succeeded
> Iterating through the list of servers
> Getting information for the server CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
>
> objectGuid obtained
> InvocationID obtained
> dnsHostname obtained
> site info obtained
> All the info for the server collected
> * Identifying all NC cross-refs.
> Got error while checking if the DC is using FRS or DFSR. Error:
> There is no such object on the server.The VerifyReferences, FrsEvent
and
> DfsrEvent tests might fail because of this error.
> * Found 1 DC(s). Testing 1 of them.
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\BASE
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> Determining IP4 connectivity
> * Active Directory RPC Services Check
> ......................... BASE passed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\BASE
> Starting test: Advertising
> Fatal Error:DsGetDcName (BASE) call failed, error 1722
> The Locator could not find the server.
> Printing RPC Extended Error Info:
> Error Record 1, ProcessID is 1996
> (DcDiag)
>
> System Time is: 1/24/2011 14:58:43:619
> Generating component is 2 (RPC runtime)
>
> Status is 1722 The RPC server is unavailable.
>
> Detection location is 193
> Error Record 2, ProcessID is 1996
> (DcDiag)
>
> System Time is: 1/24/2011 14:58:43:619
> Generating component is 5 (redirector)
>
> Status is 1359 An internal error occurred.
>
> Detection location is 190
> NumberOfParameters is 2
> Long val: 1441792
> Unicode string: \\BASE\PIPE\NETLOGON
> ......................... BASE failed test Advertising
> Test omitted by user request: CheckSecurityError
> Test omitted by user request: CutoffServers
> Starting test: FrsEvent
> * The File Replication Service Event log test
> ......................... BASE passed test FrsEvent
> Starting test: DFSREvent
> The DFS Replication Event Log.
> Skip the test because the server is running FRS.
> ......................... BASE passed test DFSREvent
> Starting test: SysVolCheck
> * The File Replication Service SYSVOL ready test
> The SysVol is not ready. This can cause the DC to not
advertise
> itself as a DC for netlogon after dcpromo. Also trouble with
FRS
> SysVol replication can cause Group Policy problems. Check the
FRS
> event log on this DC.
> ......................... BASE failed test SysVolCheck
> Starting test: KccEvent
> * The KCC Event log test
> Found no KCC errors in "Directory Service" Event log in the
last
> 15
> minutes.
> ......................... BASE passed test KccEvent
> Starting test: KnowsOfRoleHolders
> Role Schema Owner = CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> Role Domain Owner = CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> Role PDC Owner = CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> Role Rid Owner = CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> Role Infrastructure Update Owner = CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> ......................... BASE passed test KnowsOfRoleHolders
> Starting test: MachineAccount
> Checking machine account for DC BASE on DC BASE.
> Could not open Lsa Policy
> Could not get NetBIOSDomainName
> Failed can not test for HOST SPN
> Failed can not test for HOST SPN
> * SPN found :LDAP/base.mytestdomain.ca/mytestdomain.ca
> * SPN found :LDAP/base.mytestdomain.ca
> * SPN found :LDAP/BASE
> * SPN found :LDAP/d6256e29-5015-4918-b9fa-fee0c94503ea._
> msdcs.mytestdomain.ca
> * SPN found
>
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/d6256e29-5015-4918-b9fa-fee0c94503ea/
> mytestdomain.ca
> * SPN found :HOST/base.mytestdomain.ca/mytestdomain.ca
> * SPN found :HOST/base.mytestdomain.ca
> * SPN found :HOST/BASE
> * SPN found :GC/base.mytestdomain.ca/mytestdomain.ca
> ......................... BASE passed test MachineAccount
> Starting test: NCSecDesc
> * Security Permissions check for all NC's on DC BASE.
> * Security Permissions Check for
> CN=Configuration,DC=mytestdomain,DC=ca
> (Configuration,Version 3)
> * Security Permissions Check for
> CN=Schema,CN=Configuration,DC=mytestdomain,DC=ca
> (Schema,Version 3)
> * Security Permissions Check for
> DC=mytestdomain,DC=ca
> (Domain,Version 3)
> ......................... BASE passed test NCSecDesc
> Starting test: NetLogons
> * Network Logons Privileges Check
> Unable to connect to the NETLOGON share! (\\BASE\netlogon)
> [BASE] An net use or LsaPolicy operation failed with error 67,
> The network name cannot be found..
> ......................... BASE failed test NetLogons
> Starting test: ObjectsReplicated
> BASE is in domain DC=mytestdomain,DC=ca
> Checking for CN=BASE,OU=Domain
Controllers,DC=mytestdomain,DC=ca
> in
> domain DC=mytestdomain,DC=ca on 1 servers
> Failed to read object metadata on BASE, error
> The system call level is not correct.
> Object is up-to-date on all servers.
> Checking for CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> in domain CN=Configuration,DC=mytestdomain,DC=ca on 1 servers
> Failed to read object metadata on BASE, error
> The system call level is not correct.
> Object is up-to-date on all servers.
> ......................... BASE passed test ObjectsReplicated
> Test omitted by user request: OutboundSecureChannels
> Starting test: Replications
> * Replications Check
> * Replication Latency Check
> ......................... BASE passed test Replications
> Starting test: RidManager
> * Available RID Pool for the Domain is 1600 to 1073741823
> * base.mytestdomain.ca is the RID Master
> * DsBind with RID Master was successful
> * rIDAllocationPool is 1100 to 1599
> * rIDPreviousAllocationPool is 1100 to 1599
> * rIDNextRID: 1109
> ......................... BASE passed test RidManager
> Starting test: Services
> Could not open Service Control Manager on base.mytestdomain.ca,
> error 0x6ba
> "The RPC server is unavailable."
> Printing RPC Extended Error Info:
> Error Record 1, ProcessID is 1996
> (DcDiag)
>
> System Time is: 1/24/2011 14:58:44:760
> Generating component is 2 (RPC runtime)
>
> Status is 1722 The RPC server is unavailable.
>
> Detection location is 193
> Error Record 2, ProcessID is 1996
> (DcDiag)
>
> System Time is: 1/24/2011 14:58:44:760
> Generating component is 5 (redirector)
>
> Status is 1359 An internal error occurred.
>
> Detection location is 190
> NumberOfParameters is 2
> Long val: 1441792
> Unicode string: \\base.mytestdomain.ca\pipe\svcctl
> ......................... BASE failed test Services
> Starting test: SystemLog
> * The System Event log test
> Found no errors in "System" Event log in the last 60 minutes.
> ......................... BASE passed test SystemLog
> Test omitted by user request: Topology
> Test omitted by user request: VerifyEnterpriseReferences
> Starting test: VerifyReferences
> The system object reference (serverReference)
> CN=BASE,OU=Domain Controllers,DC=mytestdomain,DC=ca and
backlink
> on
>
>
CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> are correct.
> Some objects relating to the DC BASE have problems:
> [1] Problem: Missing Expected Value
> Base Object:
> CN=NTDS
>
Settings,CN=BASE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mytestdomain,DC=ca
> Base Object Description: "DSA Object"
> Value Object Attribute Name: serverReferenceBL
> Value Object Description: "SYSVOL FRS Member Object"
> Recommended Action: See Knowledge Base Article: Q312862
>
> [1] Problem: Missing Expected Value
> Base Object: CN=BASE,OU=Domain
> Controllers,DC=mytestdomain,DC=ca
> Base Object Description: "DC Account Object"
> Value Object Attribute Name: frsComputerReferenceBL
> Value Object Description: "SYSVOL FRS Member Object"
> Recommended Action: See Knowledge Base Article: Q312862
>
> ......................... BASE failed test VerifyReferences
> Test omitted by user request: VerifyReplicas
>
> Test omitted by user request: DNS
> Test omitted by user request: DNS
>
> Running partition tests on : Configuration
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
CheckSDRefDom
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
>
> Running partition tests on : Schema
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
>
> Running partition tests on : mytestdomain
> Starting test: CheckSDRefDom
> ......................... mytestdomain passed test
CheckSDRefDom
> Starting test: CrossRefValidation
> ......................... mytestdomain passed test
> CrossRefValidation
>
> Running enterprise tests on : mytestdomain.ca
> Test omitted by user request: DNS
> Test omitted by user request: DNS
> Starting test: LocatorCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1722
> A Global Catalog Server could not be located - All GC's are
down.
> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
> A Primary Domain Controller could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
> error
> 1722
> A Good Time Server could not be located.
> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
> A KDC could not be located - All the KDCs are down.
> ......................... mytestdomain.ca failed test
LocatorCheck
> Starting test: Intersite
> Skipping site Default-First-Site-Name, this site is outside the
> scope
> provided by the command line arguments provided.
> ......................... mytestdomain.ca passed test Intersite
More information about the samba
mailing list