[Samba] Samba 4.0.3 on CentOS 6.3 as PDC.

Thomas Simmons twsnnva at gmail.com
Sat Mar 16 11:26:19 MDT 2013


On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven <
mike.stroven at visole-energy.com> wrote:

> Any help here?  I have included all of the output of the suggested diags
> that Thomas said I should run, but I admit that I'm not sure what I'm
> looking for, as I'm not familiar with RPC functionality on Linux.
>  Something is not working with RPC on my Samba 4.0.3 server.  (FWIW, it
> doesn't work with IPTables stopped either.)
>
> > On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote:
> >
> > > I finally have everything working that can be verified from the server
> command line. Running Bind9.8 with DLZ support.
> > > Verified Kerberos 5 running. Now attempting to join Windows XP
> machines to the domain, and am getting an error:
> > > "The RPC server is unavailable". Any pointers?
> > >
>
> On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote:
> > You're likely to get more support on the user's list (
> samba at lists.samba.org).
> >
> > If you're certain everything is working on the server and the client
> > network config is correct (you have the DC's IP as the primary DNS
> server),
> > then my first guess would be iptables or selinux. If you need further
> > assistance, output from the following commands would be useful:
> >
>
>
> > # test samba
>
> [root at grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon
> -UAdministrator%'**********' -c ls
> Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3]
>   .                                   D        0  Mon Feb 25 09:53:33 2013
>   ..                                  D        0  Fri Feb 22 17:09:24 2013
>
>                 40757 blocks of size 131072. 20332 blocks available
>
>
> > # test kerberos
>
> [root at grumpy ~]# kinit Administrator at VISOLE-ENERGY.COM
> Password for Administrator at VISOLE-ENERGY.COM:
> Warning: Your password will expire in 41 days on Mon Apr  8 18:14:03 2013
>
>
> > # check iptables
>
> [root at grumpy ~]# iptables -nL
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:22 /* SSH */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:53 /* DNS */
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> udp dpt:53 /* DNS UDP */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:80 /* HTTP */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:88 /* Kerberos */
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> udp dpt:123 /* NTP */
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> udp dpt:135 /* RPC UDP */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:135 /* RPC TCP */
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> udp dpt:138 /* NetBIOS Netlogon and Browsing */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:139 /* NetBIOS Session */
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> udp dpt:389 /* LDAP UDP */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:443 /* HTTPS */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:445 /* SMB CIFS */
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> udp dpt:445 /* SMB CIFS UDP */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:464 /* Kerberos Password Management */
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> udp dpt:464 /* Kerberos Password Management UDP */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:636 /* LDAP SSL */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:3268 /* LDAP Global Catalog */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:3269 /* LDAP Global Catalog SSL */
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:10000 /* Webmin */
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with
> icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with
> icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
>
> > # check selinux
>
> root at grumpy ~]# sestatus
> SELinux status:                 disabled
>
>
> > # netstat output
>
> [root at grumpy ~]# netstat -anp
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address               Foreign Address
>   State       PID/Program name
> tcp        0      0 0.0.0.0:3269                0.0.0.0:*
>   LISTEN      1114/samba
> tcp        0      0 0.0.0.0:389                 0.0.0.0:*
>   LISTEN      1114/samba
> tcp        0      0 0.0.0.0:39689               0.0.0.0:*
>   LISTEN      922/rpc.statd
> tcp        0      0 0.0.0.0:139                 0.0.0.0:*
>   LISTEN      1111/smbd
> tcp        0      0 0.0.0.0:111                 0.0.0.0:*
>   LISTEN      904/rpcbind
> tcp        0      0 0.0.0.0:10000               0.0.0.0:*
>   LISTEN      1150/perl
> tcp        0      0 0.0.0.0:464                 0.0.0.0:*
>   LISTEN      1116/samba
> tcp        0      0 192.168.60.200:53           0.0.0.0:*
>   LISTEN      882/named
> tcp        0      0 127.0.0.1:53                0.0.0.0:*
>   LISTEN      882/named
> tcp        0      0 0.0.0.0:22                  0.0.0.0:*
>   LISTEN      1091/sshd
> tcp        0      0 0.0.0.0:88                  0.0.0.0:*
>   LISTEN      1116/samba
> tcp        0      0 127.0.0.1:953               0.0.0.0:*
>   LISTEN      882/named
> tcp        0      0 0.0.0.0:636                 0.0.0.0:*
>   LISTEN      1114/samba
> tcp        0      0 0.0.0.0:445                 0.0.0.0:*
>   LISTEN      1111/smbd
> tcp        0      0 0.0.0.0:1024                0.0.0.0:*
>   LISTEN      1110/samba
> tcp        0      0 0.0.0.0:3268                0.0.0.0:*
>   LISTEN      1114/samba
> tcp        0     48 192.168.60.200:22           192.168.63.102:51832
>    ESTABLISHED 4081/sshd
> tcp        0      0 :::3269                     :::*
>  LISTEN      1114/samba
> tcp        0      0 :::389                      :::*
>  LISTEN      1114/samba
> tcp        0      0 :::139                      :::*
>  LISTEN      1111/smbd
> tcp        0      0 :::111                      :::*
>  LISTEN      904/rpcbind
> tcp        0      0 :::464                      :::*
>  LISTEN      1116/samba
> tcp        0      0 :::53012                    :::*
>  LISTEN      922/rpc.statd
> tcp        0      0 :::22                       :::*
>  LISTEN      1091/sshd
> tcp        0      0 :::88                       :::*
>  LISTEN      1116/samba
> tcp        0      0 ::1:953                     :::*
>  LISTEN      882/named
> tcp        0      0 :::636                      :::*
>  LISTEN      1114/samba
> tcp        0      0 :::445                      :::*
>  LISTEN      1111/smbd
> tcp        0      0 :::1024                     :::*
>  LISTEN      1110/samba
> tcp        0      0 :::3268                     :::*
>  LISTEN      1114/samba
> udp        0      0 192.168.60.200:464          0.0.0.0:*
>               1116/samba
> udp        0      0 0.0.0.0:464                 0.0.0.0:*
>               1116/samba
> udp        0      0 192.168.60.200:88           0.0.0.0:*
>               1116/samba
> udp        0      0 0.0.0.0:88                  0.0.0.0:*
>               1116/samba
> udp        0      0 0.0.0.0:750                 0.0.0.0:*
>               861/portreserve
> udp        0      0 0.0.0.0:111                 0.0.0.0:*
>               904/rpcbind
> udp        0      0 192.168.60.200:123          0.0.0.0:*
>               1138/ntpd
> udp        0      0 127.0.0.1:123               0.0.0.0:*
>               1138/ntpd
> udp        0      0 0.0.0.0:123                 0.0.0.0:*
>               1138/ntpd
> udp        0      0 192.168.60.200:389          0.0.0.0:*
>               1115/samba
> udp        0      0 0.0.0.0:389                 0.0.0.0:*
>               1115/samba
> udp        0      0 192.168.60.200:137          0.0.0.0:*
>               1112/samba
> udp        0      0 192.168.63.255:137          0.0.0.0:*
>               1112/samba
> udp        0      0 0.0.0.0:137                 0.0.0.0:*
>               1112/samba
> udp        0      0 192.168.60.200:138          0.0.0.0:*
>               1112/samba
> udp        0      0 192.168.63.255:138          0.0.0.0:*
>               1112/samba
> udp        0      0 0.0.0.0:138                 0.0.0.0:*
>               1112/samba
> udp        0      0 0.0.0.0:655                 0.0.0.0:*
>               904/rpcbind
> udp        0      0 0.0.0.0:10000               0.0.0.0:*
>               1150/perl
> udp        0      0 0.0.0.0:44959               0.0.0.0:*
>               922/rpc.statd
> udp        0      0 0.0.0.0:674                 0.0.0.0:*
>               922/rpc.statd
> udp        0      0 192.168.60.200:53           0.0.0.0:*
>               882/named
> udp        0      0 127.0.0.1:53                0.0.0.0:*
>               882/named
> udp        0      0 fe80::389a:99ff:febe:379:464 :::*
>                1116/samba
> udp        0      0 :::464                      :::*
>              1116/samba
> udp        0      0 fe80::389a:99ff:febe:3797:88 :::*
>                1116/samba
> udp        0      0 :::88                       :::*
>              1116/samba
> udp        0      0 :::111                      :::*
>              904/rpcbind
> udp        0      0 fe80::389a:99ff:febe:379:123 :::*
>                1138/ntpd
> udp        0      0 ::1:123                     :::*
>              1138/ntpd
> udp        0      0 :::123                      :::*
>              1138/ntpd
> udp        0      0 fe80::389a:99ff:febe:379:389 :::*
>                1115/samba
> udp        0      0 :::389                      :::*
>              1115/samba
> udp        0      0 :::655                      :::*
>              904/rpcbind
> udp        0      0 :::53046                    :::*
>              922/rpc.statd
> Active UNIX domain sockets (servers and established)
> Proto RefCnt Flags       Type       State         I-Node PID/Program name
>    Path
> unix  2      [ ACC ]     STREAM     LISTENING     8689   1110/samba
>    /usr/local/samba/var/run/ncalrpc/np/winreg
> unix  2      [ ]         DGRAM                    8672   1113/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1113
> unix  2      [ ]         DGRAM                    8674   1114/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1114
> unix  2      [ ]         DGRAM                    8691   1115/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1115
> unix  2      [ ]         DGRAM                    8710   1116/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1116
> unix  2      [ ]         DGRAM                    8717   1117/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1117
> unix  2      [ ACC ]     STREAM     LISTENING     8878   1114/samba
>    /usr/local/samba/private/ldapi
> unix  2      [ ACC ]     STREAM     LISTENING     8880   1114/samba
>    /usr/local/samba/private/ldap_priv/ldapi
> unix  2      [ ]         DGRAM                    8719   1118/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1118
> unix  2      [ ACC ]     STREAM     LISTENING     8756   1118/samba
>    /usr/local/samba/var/run/winbindd/pipe
> unix  2      [ ACC ]     STREAM     LISTENING     8758   1118/samba
>    /usr/local/samba/var/lib/winbindd_privileged/pipe
> unix  2      [ ]         DGRAM                    8652   1109/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1109
> unix  2      [ ]         DGRAM                    8752   1119/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1119
> unix  2      [ ACC ]     STREAM     LISTENING     8509   1059/dbus-daemon
>    /var/run/dbus/system_bus_socket
> unix  2      [ ACC ]     STREAM     LISTENING     8754   1119/samba
>    /usr/local/samba/var/lib/ntp_signd/socket
> unix  2      [ ]         DGRAM                    8760   1120/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1120
> unix  2      [ ]         DGRAM                    8763   1121/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1121
> unix  2      [ ]         DGRAM                    9055   1118/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1118.28
> unix  2      [ ACC ]     STREAM     LISTENING     8676   1110/samba
>    /usr/local/samba/var/run/ncalrpc/np/srvsvc
> unix  2      [ ACC ]     STREAM     LISTENING     8678   1110/samba
>    /usr/local/samba/var/run/ncalrpc/DEFAULT
> unix  2      [ ]         DGRAM                    8657   1110/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1110
> unix  2      [ ]         DGRAM                    7754   861/portreserve
>   /var/run/portreserve/socket
> unix  2      [ ACC ]     STREAM     LISTENING     6569   1/init
>    @/com/ubuntu/upstart
> unix  9      [ ]         DGRAM                    7785   868/rsyslogd
>    /dev/log
> unix  2      [ ]         DGRAM                    6706   319/udevd
>   @/org/kernel/udev/udevd
> unix  2      [ ]         DGRAM                    8648   1107/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.0
> unix  2      [ ]         DGRAM                    8659   1112/samba
>    /usr/local/samba/private/smbd.tmp/msg/msg.1112
> unix  2      [ ACC ]     STREAM     LISTENING     7969   904/rpcbind
>   /var/run/rpcbind.sock
> unix  2      [ ]         DGRAM                    63732  4081/sshd
> unix  2      [ ]         DGRAM                    9193   1150/perl
> unix  3      [ ]         STREAM     CONNECTED     9054   1118/samba
>    /usr/local/samba/var/lib/winbindd_privileged/pipe
> unix  3      [ ]         STREAM     CONNECTED     9053   1111/smbd
> unix  2      [ ]         DGRAM                    9012   1138/ntpd
> unix  2      [ ]         DGRAM                    8771   1111/smbd
> unix  2      [ ]         DGRAM                    8625   1099/crond
> unix  3      [ ]         STREAM     CONNECTED     8521   1059/dbus-daemon
>    /var/run/dbus/system_bus_socket
> unix  3      [ ]         STREAM     CONNECTED     8520   1/init
> unix  3      [ ]         STREAM     CONNECTED     8514   1059/dbus-daemon
> unix  3      [ ]         STREAM     CONNECTED     8513   1059/dbus-daemon
> unix  3      [ ]         STREAM     CONNECTED     8419   1031/rpc.idmapd
> unix  3      [ ]         STREAM     CONNECTED     8418   1031/rpc.idmapd
> unix  2      [ ]         DGRAM                    8056   922/rpc.statd
> unix  2      [ ]         DGRAM                    7811   882/named
> unix  3      [ ]         STREAM     CONNECTED     7722   842/audispd
> unix  3      [ ]         STREAM     CONNECTED     7721   843/sedispatch
> unix  3      [ ]         STREAM     CONNECTED     7712   840/auditd
> unix  3      [ ]         STREAM     CONNECTED     7711   842/audispd
> unix  3      [ ]         DGRAM                    6724   319/udevd
> unix  3      [ ]         DGRAM                    6723   319/udevd
> >
>

Your server does not appear to be listening for RPC (TCP/135). Your netstat
output should show something like this:

[root at ADC1 ~]# netstat -anp|grep 135
tcp        0      0 0.0.0.0:135                 0.0.0.0:*
LISTEN      20738/samba
tcp        0      0 :::135                      :::*
 LISTEN      20738/samba

Was this a standard S4 install following the Samba wiki? Do you have a
"server services" line in your smb.conf? Does it include "rpc"?


More information about the samba mailing list