[Samba] Samba 4.0.3 on CentOS 6.3 as PDC.
Mike Stroven
mike.stroven at visole-energy.com
Mon Mar 18 08:08:07 MDT 2013
Hi Thomas,
Thanks for the reply. Yes, I followed the S4 standard install from the wiki (and repeated it on a second VM just to make sure I didn't miss something.)
I have the following in my smb.cfg services line:
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
Anything obviously missing?
Thanks again,
-Mike
On Tue, Feb 26, 2013 at 8:23 AM, Mike Stroven < mike.stroven at visole-energy.com > wrote:
Any help here? I have included all of the output of the suggested diags that Thomas said I should run, but I admit that I'm not sure what I'm looking for, as I'm not familiar with RPC functionality on Linux. Something is not working with RPC on my Samba 4.0.3 server. (FWIW, it doesn't work with IPTables stopped either.)
> On Mon, Feb 25, 2013 at 2:21 PM, Mike Stroven wrote:
>
> > I finally have everything working that can be verified from the server command line. Running Bind9.8 with DLZ support.
> > Verified Kerberos 5 running. Now attempting to join Windows XP machines to the domain, and am getting an error:
> > "The RPC server is unavailable". Any pointers?
> >
On Mon, Feb 25, 2013 at 6:55 PM, Thomas Simmons wrote:
> You're likely to get more support on the user's list ( samba at lists.samba.org ).
>
> If you're certain everything is working on the server and the client
> network config is correct (you have the DC's IP as the primary DNS server),
> then my first guess would be iptables or selinux. If you need further
> assistance, output from the following commands would be useful:
>
> # test samba
[root at grumpy ~]# /usr/local/samba/bin/smbclient //grumpy/netlogon -UAdministrator%'**********' -c ls
Domain=[TROY] OS=[Unix] Server=[Samba 4.0.3]
. D 0 Mon Feb 25 09:53:33 2013
.. D 0 Fri Feb 22 17:09:24 2013
40757 blocks of size 131072. 20332 blocks available
> # test kerberos
[root at grumpy ~]# kinit Administrator at VISOLE-ENERGY.COM
Password for Administrator at VISOLE-ENERGY.COM :
Warning: Your password will expire in 41 days on Mon Apr 8 18:14:03 2013
> # check iptables
[root at grumpy ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 /* SSH */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 /* DNS */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 /* DNS UDP */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 /* HTTP */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:88 /* Kerberos */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123 /* NTP */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:135 /* RPC UDP */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:135 /* RPC TCP */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 /* NetBIOS Netlogon and Browsing */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 /* NetBIOS Session */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:389 /* LDAP UDP */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 /* HTTPS */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 /* SMB CIFS */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:445 /* SMB CIFS UDP */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:464 /* Kerberos Password Management */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:464 /* Kerberos Password Management UDP */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:636 /* LDAP SSL */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3268 /* LDAP Global Catalog */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3269 /* LDAP Global Catalog SSL */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000 /* Webmin */
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
> # check selinux
root at grumpy ~]# sestatus
SELinux status: disabled
> # netstat output
[root at grumpy ~]# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1114/samba
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1114/samba
tcp 0 0 0.0.0.0:39689 0.0.0.0:* LISTEN 922/rpc.statd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1111/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 904/rpcbind
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1150/perl
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1116/samba
tcp 0 0 192.168.60.200:53 0.0.0.0:* LISTEN 882/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 882/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1091/sshd
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1116/samba
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 882/named
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1114/samba
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1111/smbd
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1110/samba
tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 1114/samba
tcp 0 48 192.168.60.200:22 192.168.63.102:51832 ESTABLISHED 4081/sshd
tcp 0 0 :::3269 :::* LISTEN 1114/samba
tcp 0 0 :::389 :::* LISTEN 1114/samba
tcp 0 0 :::139 :::* LISTEN 1111/smbd
tcp 0 0 :::111 :::* LISTEN 904/rpcbind
tcp 0 0 :::464 :::* LISTEN 1116/samba
tcp 0 0 :::53012 :::* LISTEN 922/rpc.statd
tcp 0 0 :::22 :::* LISTEN 1091/sshd
tcp 0 0 :::88 :::* LISTEN 1116/samba
tcp 0 0 ::1:953 :::* LISTEN 882/named
tcp 0 0 :::636 :::* LISTEN 1114/samba
tcp 0 0 :::445 :::* LISTEN 1111/smbd
tcp 0 0 :::1024 :::* LISTEN 1110/samba
tcp 0 0 :::3268 :::* LISTEN 1114/samba
udp 0 0 192.168.60.200:464 0.0.0.0:* 1116/samba
udp 0 0 0.0.0.0:464 0.0.0.0:* 1116/samba
udp 0 0 192.168.60.200:88 0.0.0.0:* 1116/samba
udp 0 0 0.0.0.0:88 0.0.0.0:* 1116/samba
udp 0 0 0.0.0.0:750 0.0.0.0:* 861/portreserve
udp 0 0 0.0.0.0:111 0.0.0.0:* 904/rpcbind
udp 0 0 192.168.60.200:123 0.0.0.0:* 1138/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1138/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1138/ntpd
udp 0 0 192.168.60.200:389 0.0.0.0:* 1115/samba
udp 0 0 0.0.0.0:389 0.0.0.0:* 1115/samba
udp 0 0 192.168.60.200:137 0.0.0.0:* 1112/samba
udp 0 0 192.168.63.255:137 0.0.0.0:* 1112/samba
udp 0 0 0.0.0.0:137 0.0.0.0:* 1112/samba
udp 0 0 192.168.60.200:138 0.0.0.0:* 1112/samba
udp 0 0 192.168.63.255:138 0.0.0.0:* 1112/samba
udp 0 0 0.0.0.0:138 0.0.0.0:* 1112/samba
udp 0 0 0.0.0.0:655 0.0.0.0:* 904/rpcbind
udp 0 0 0.0.0.0:10000 0.0.0.0:* 1150/perl
udp 0 0 0.0.0.0:44959 0.0.0.0:* 922/rpc.statd
udp 0 0 0.0.0.0:674 0.0.0.0:* 922/rpc.statd
udp 0 0 192.168.60.200:53 0.0.0.0:* 882/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 882/named
udp 0 0 fe80::389a:99ff:febe:379:464 :::* 1116/samba
udp 0 0 :::464 :::* 1116/samba
udp 0 0 fe80::389a:99ff:febe:3797:88 :::* 1116/samba
udp 0 0 :::88 :::* 1116/samba
udp 0 0 :::111 :::* 904/rpcbind
udp 0 0 fe80::389a:99ff:febe:379:123 :::* 1138/ntpd
udp 0 0 ::1:123 :::* 1138/ntpd
udp 0 0 :::123 :::* 1138/ntpd
udp 0 0 fe80::389a:99ff:febe:379:389 :::* 1115/samba
udp 0 0 :::389 :::* 1115/samba
udp 0 0 :::655 :::* 904/rpcbind
udp 0 0 :::53046 :::* 922/rpc.statd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 8689 1110/samba /usr/local/samba/var/run/ncalrpc/np/winreg
unix 2 [ ] DGRAM 8672 1113/samba /usr/local/samba/private/smbd.tmp/msg/msg.1113
unix 2 [ ] DGRAM 8674 1114/samba /usr/local/samba/private/smbd.tmp/msg/msg.1114
unix 2 [ ] DGRAM 8691 1115/samba /usr/local/samba/private/smbd.tmp/msg/msg.1115
unix 2 [ ] DGRAM 8710 1116/samba /usr/local/samba/private/smbd.tmp/msg/msg.1116
unix 2 [ ] DGRAM 8717 1117/samba /usr/local/samba/private/smbd.tmp/msg/msg.1117
unix 2 [ ACC ] STREAM LISTENING 8878 1114/samba /usr/local/samba/private/ldapi
unix 2 [ ACC ] STREAM LISTENING 8880 1114/samba /usr/local/samba/private/ldap_priv/ldapi
unix 2 [ ] DGRAM 8719 1118/samba /usr/local/samba/private/smbd.tmp/msg/msg.1118
unix 2 [ ACC ] STREAM LISTENING 8756 1118/samba /usr/local/samba/var/run/winbindd/pipe
unix 2 [ ACC ] STREAM LISTENING 8758 1118/samba /usr/local/samba/var/lib/winbindd_privileged/pipe
unix 2 [ ] DGRAM 8652 1109/samba /usr/local/samba/private/smbd.tmp/msg/msg.1109
unix 2 [ ] DGRAM 8752 1119/samba /usr/local/samba/private/smbd.tmp/msg/msg.1119
unix 2 [ ACC ] STREAM LISTENING 8509 1059/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8754 1119/samba /usr/local/samba/var/lib/ntp_signd/socket
unix 2 [ ] DGRAM 8760 1120/samba /usr/local/samba/private/smbd.tmp/msg/msg.1120
unix 2 [ ] DGRAM 8763 1121/samba /usr/local/samba/private/smbd.tmp/msg/msg.1121
unix 2 [ ] DGRAM 9055 1118/samba /usr/local/samba/private/smbd.tmp/msg/msg.1118.28
unix 2 [ ACC ] STREAM LISTENING 8676 1110/samba /usr/local/samba/var/run/ncalrpc/np/srvsvc
unix 2 [ ACC ] STREAM LISTENING 8678 1110/samba /usr/local/samba/var/run/ncalrpc/DEFAULT
unix 2 [ ] DGRAM 8657 1110/samba /usr/local/samba/private/smbd.tmp/msg/msg.1110
unix 2 [ ] DGRAM 7754 861/portreserve /var/run/portreserve/socket
unix 2 [ ACC ] STREAM LISTENING 6569 1/init @/com/ubuntu/upstart
unix 9 [ ] DGRAM 7785 868/rsyslogd /dev/log
unix 2 [ ] DGRAM 6706 319/udevd @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 8648 1107/samba /usr/local/samba/private/smbd.tmp/msg/msg.0
unix 2 [ ] DGRAM 8659 1112/samba /usr/local/samba/private/smbd.tmp/msg/msg.1112
unix 2 [ ACC ] STREAM LISTENING 7969 904/rpcbind /var/run/rpcbind.sock
unix 2 [ ] DGRAM 63732 4081/sshd
unix 2 [ ] DGRAM 9193 1150/perl
unix 3 [ ] STREAM CONNECTED 9054 1118/samba /usr/local/samba/var/lib/winbindd_privileged/pipe
unix 3 [ ] STREAM CONNECTED 9053 1111/smbd
unix 2 [ ] DGRAM 9012 1138/ntpd
unix 2 [ ] DGRAM 8771 1111/smbd
unix 2 [ ] DGRAM 8625 1099/crond
unix 3 [ ] STREAM CONNECTED 8521 1059/dbus-daemon /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8520 1/init
unix 3 [ ] STREAM CONNECTED 8514 1059/dbus-daemon
unix 3 [ ] STREAM CONNECTED 8513 1059/dbus-daemon
unix 3 [ ] STREAM CONNECTED 8419 1031/rpc.idmapd
unix 3 [ ] STREAM CONNECTED 8418 1031/rpc.idmapd
unix 2 [ ] DGRAM 8056 922/rpc.statd
unix 2 [ ] DGRAM 7811 882/named
unix 3 [ ] STREAM CONNECTED 7722 842/audispd
unix 3 [ ] STREAM CONNECTED 7721 843/sedispatch
unix 3 [ ] STREAM CONNECTED 7712 840/auditd
unix 3 [ ] STREAM CONNECTED 7711 842/audispd
unix 3 [ ] DGRAM 6724 319/udevd
unix 3 [ ] DGRAM 6723 319/udevd
>
Your server does not appear to be listening for RPC (TCP/135). Your netstat output should show something like this:
[root at ADC1 ~]# netstat -anp|grep 135
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 20738/samba
tcp 0 0 :::135 :::* LISTEN 20738/samba
Was this a standard S4 install following the Samba wiki? Do you have a "server services" line in your smb.conf? Does it include "rpc"?
More information about the samba
mailing list