[Samba] RPC server not available when windows client attempts to join samba AD

Eduard Gabdullin eduard.gabdullin at gmail.com
Mon Jul 6 22:18:53 UTC 2015 

Paul Upson <pmupson <at> thewestmoreland.org> writes:

> 
> I am installing a new Samba 4.2 Active Directory server on CentOS 7. I
> followed the Wiki instructions on how to create the server. I am using
> sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side 
but
> I cannot get any windows client to successfully join the domain. Each
> attempt returns the following error message "RPC Server in not 
available".
> Below are the config file info.
> 
> I have searched the internet and cannot find any help that works.
> 
> Thanks Paul
> 
> ifcfg-enp0s3
> **************************************************
> TYPE=Ethernet
> BOOTPROTO=static
> IPADDR=192.168.42.241
> DNS1=192.168.42.241
> DEFROUTE=yes
> IPV4_FAILURE_FATAL=no
> IPV6INIT=yes
> IPV6_AUTOCONF=yes
> IPV6_DEFROUTE=yes
> IPV6_FAILURE_FATAL=no
> NAME=enp0s3
> UUID=76058991-c999-4e20-a8cd-cea4da9a5be7
> DEVICE=enp0s3
> ONBOOT=yes
> HWADDR=08:00:27:F8:A6:80
> PEERDNS=yes
> PEERROUTES=yes
> IPV6_PEERDNS=yes
> IPV6_PEERROUTES=yes
> IPV6_PRIVACY=no
> ********************************************************
> 
> smb.conf
> \*************************************************
> # Global parameters
> [global]
> workgroup = WMAA2
> realm = WMAA2.LAN
> netbios name = WMAA-AD
> server role = active directory domain controller
> dns forwarder = 8.8.8.8
> idmap_ldb:use rfc2307 = yes
> security = domain
> 
> [netlogon]
> path = /var/lib/samba/sysvol/wmaa2.lan/scripts
> read only = No
> 
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> **************************************************
> resolv.conf
> *************************
> # Generated Manually
> 
> domain wmaa2.lan
> nameserver 192.168.42.241
> 
> ***********************************
> 
> *Paul Upson*
> IT Support Manager
> Westmoreland Museum of American Art  <at> rt 30
> 4764 State Route 30, Greensburg, PA 15601
> 724-261-9982
> thewestmoreland.org
> 
> <http://www.wmuseumaa.org/museum/getevent.cfm?ID=751>


You enabled Selinux?
I have the exact same problem, and I found out the following:

[root at centos7-server /]# ls -Z /var/run/samba/
drwxr-xr-x. root root system_u:object_r:var_run_t:s0   ncalrpc
-rw-r--r--. root root system_u:object_r:initrc_var_run_t:s0 samba.pid
-rw-r--r--. root root system_u:object_r:smbd_var_run_t:s0 smbd.pid
drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 winbindd
-rw-r--r--. root root system_u:object_r:winbind_var_run_t:s0 
winbindd.pid

Change the label in "ncalrpc"

[root at centos7-server /]# semanage fcontext -a -t winbind_var_run_t 
"/var/run/samba/ncalrpc(/.*)?"

[root at centos7-server /]# semanage fcontext -l | grep /run/samba/
/var/run/samba/brlock\.tdb                         regular file       
system_u:object_r:smbd_var_run_t:s0 
/var/run/samba/connections\.tdb                    regular file       
system_u:object_r:smbd_var_run_t:s0 
/var/run/samba/gencache\.tdb                       regular file       
system_u:object_r:smbd_var_run_t:s0 
/var/run/samba/locking\.tdb                        regular file       
system_u:object_r:smbd_var_run_t:s0 
/var/run/samba/messages\.tdb                       regular file       
system_u:object_r:nmbd_var_run_t:s0 
/var/run/samba/namelist\.debug                     regular file       
system_u:object_r:nmbd_var_run_t:s0 
/var/run/samba/ncalrpc(/.*)?                       all files          
system_u:object_r:winbind_var_run_t:s0 
/var/run/samba/nmbd(/.*)?                          all files          
system_u:object_r:nmbd_var_run_t:s0 
/var/run/samba/nmbd\.pid                           regular file       
system_u:object_r:nmbd_var_run_t:s0 
/var/run/samba/sessionid\.tdb                      regular file       
system_u:object_r:smbd_var_run_t:s0 
/var/run/samba/share_info\.tdb                     regular file       
system_u:object_r:smbd_var_run_t:s0 
/var/run/samba/smbd\.pid                           regular file       
system_u:object_r:smbd_var_run_t:s0 
/var/run/samba/unexpected\.tdb                     regular file       
system_u:object_r:nmbd_var_run_t:s0 
/var/run/samba/winbindd(/.*)?                      all files          
system_u:object_r:winbind_var_run_t:s0

[root at centos7-server /]# restorecon -Rv /run/samba/ncalrpc
restorecon reset /run/samba/ncalrpc context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/EPMAPPER context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/DEFAULT context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/epmapper context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/wkssvc context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/rpcecho context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/samr context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/netlogon context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/lsarpc context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/lsass context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/spoolss context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/protected_storage context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/unixinfo context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/browser context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/ntsvcs context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0
restorecon reset /run/samba/ncalrpc/np/dnsserver context 
system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0

[root at centos7-server /]# ls -Z /var/run/samba/
drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 ncalrpc
-rw-r--r--. root root system_u:object_r:initrc_var_run_t:s0 samba.pid
-rw-r--r--. root root system_u:object_r:smbd_var_run_t:s0 smbd.pid
drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 winbindd
-rw-r--r--. root root system_u:object_r:winbind_var_run_t:s0 
winbindd.pid

The error message "RPC Server in not available" I do not see!
But if you restart the Samba AD DC server:

[root at centos7-server /]# systemctl reboot

I see that the labels are not preserved

[root at centos7-server /]# ls -Z /var/run/samba/
drwxr-xr-x. root root system_u:object_r:var_run_t:s0   ncalrpc
-rw-r--r--. root root system_u:object_r:initrc_var_run_t:s0 samba.pid
-rw-r--r--. root root system_u:object_r:smbd_var_run_t:s0 smbd.pid
drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 winbindd
-rw-r--r--. root root system_u:object_r:winbind_var_run_t:s0 
winbindd.pid

Why are not preserved when you restart the labels, that's the question? 
The second question - what context should be in the file "samba.pid"

More information about the samba mailing list