[Samba] Samba-AD-DC package question . . .
Rowland Penny
rowlandpenny241155 at gmail.com
Sat Oct 10 14:32:48 UTC 2015
On 10/10/15 14:39, Steve Ankeny wrote:
> On 10/10/2015 09:05 AM, Rowland Penny wrote:
>> On 10/10/15 13:44, Steve Ankeny wrote:
>>> I have an existing Samba-AD-DC built from Inverse packages,
>>> v.4.1.18+dfsg-3~inverse1
>>>
>>> I have OpenChangeServer installed on that machine, v.2.4-zentyal6
>>>
>>> When I start OpenChange, it "shuts down" my Samba-AD-DC so that no
>>> one can login.
>>>
>>> To troubleshoot my problem, I've built a "new" Samba-AD-DC from the
>>> same Inverse packages, but I see a slight difference in the
>>> installed packages, and my question is whether they might be causing
>>> my problem.
>>>
>>> *Specifically, could the presence of 'winbind' be causing my problem?*
>>>
>>> on the original server (with the OpenChange problem) --
>>>
>>> adam at sogo:~$ sudo dpkg --get-selections | egrep 'samba|smb|nmb|winbind'
>>> libnss-winbind:amd64 install
>>> libpam-winbind:amd64 install
>>> libsmbclient:amd64 install
>>> python-samba install
>>> samba install
>>> samba-common install
>>> samba-common-bin install
>>> samba-dev install
>>> samba-dsdb-modules install
>>> samba-libs:amd64 install
>>> samba-vfs-modules install
>>> smbclient install
>>> winbind install
>>> adam at sogo:~$
>>>
>>> on the "new" server (without OpenChange at the moment) --
>>>
>>> adam at eagle:~$ sudo dpkg --get-selections | egrep
>>> 'samba|smb|nmb|winbind'
>>> python-samba install
>>> samba install
>>> samba-common install
>>> samba-common-bin install
>>> samba-dev install
>>> samba-dsdb-modules install
>>> samba-libs:amd64 install
>>> samba-vfs-modules install
>>> adam at eagle:~$
>>>
>>> The difference is in the 'winbind' and 'smbclient' packages.
>>>
>>> I realize that Samba-AD-DC runs its own version of 'winbind' and I'm
>>> not currently using it otherwise.
>>>
>>> on the original server --
>>>
>>> adam at sogo:~$ ./samba
>>> nmbd start/running
>>> winbind stop/waiting
>>> smbd stop/waiting
>>> reload-smbd stop/waiting
>>> samba-ad-dc start/running, process 927
>>> adam at sogo:~$
>>>
>>> on the "new" server --
>>>
>>> adam at eagle:~$ ./samba
>>> nmbd start/running
>>> smbd stop/waiting
>>> reload-smbd stop/waiting
>>> samba-ad-dc start/running, process 889
>>> adam at eagle:~$
>>>
>>>
>>
>> Having a package installed is a lot different from the binaries it
>> contains being run, what does 'ps ax | grep [w]inbind' return?
>>
>> What is your 'server services' line in smb.conf and what are the
>> openchange lines in smb.conf
>>
>> Rowland
>>
>>
>>
>
> on the original server --
>
> adam at sogo:~$ sudo ps ax | grep [w]inbind
> adam at sogo:~$ sudo ps ax | grep winbind
> 6241 pts/0 S+ 0:00 grep --color=auto winbind
> adam at sogo:~$
>
> adam at sogo:~$ cat /etc/samba/smb.conf
> # Global parameters
> [global]
> workgroup = SMBDOMAIN
> realm = smbdomain.com
> netbios name = SOGO
> server role = active directory domain controller
> dns forwarder = 192.168.121.1
> idmap_ldb:use rfc2307 = yes
> passdb backend = samba
> allow dns updates = nonsecure
>
> ### Configuration required by OpenChange server ###
> dsb:schema update allowed = true
> #dcerpc endpoint servers = +mapiproxy
> #dcerpc endpoint servers = +epmapper, +mapiproxy
> #dcerpc_mapiproxy:server = true
> #dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
> exchange_ds_rfr
> ### Configuration required by OpenChange server ###
>
> mapistore:namedproperties = mysql
> namedproperties:mysql_user = openchange-user
> namedproperties:mysql_pass = $Passwd
> namedproperties:mysql_host = localhost
> namedproperties:mysql_db = openchange
> mapistore:indexing_backend =
> mysql://openchange-user:$Passwd@localhost/openchange
> mapiproxy:openchangedb =
> mysql://openchange-user:$Passwd@localhost/openchange
>
> [netlogon]
> path = /var/lib/samba/sysvol/smbdomain.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> adam at sogo:~$
>
> It's when I "uncomment" the DCERPC lines that OpenChange "shuts down"
> Samba-AD-DC
>
> So, the answer to the question is the 'winbind' binary is NOT running
> (thx for that)
>
> On the SOGo mailing list, someone suggested "de-provisioning" a
> non-working OpenChange server and starting again. I just wanted to
> know if the 'winbind' packages might hinder what I'm trying to do.
>
> Otherwise, I'm continuing to build the "side-by-side" server (at
> Ludovic's suggestion)
>
> thx, Rowland I've learned I can always count on your insight.
>
>
>
Well on my debian samba 4.1.17 DC, when I run 'samba-tool testparm -v'
amongst everything else I get this:
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver
Which, as you can see, already has epmapper and dnsserver running.
I also cannot understand why openchange tell you to have this line:
dsb:schema update allowed = true
which should be:
dsdb:schema update allowed = true
either way, you only need it if you are adding something to the schema,
is openchange permanently updating the schema ??
With samba4 when you change the server services and dcerpc endpoint
servers lines, you need to do as you have done, add a + to the service
you want to add, or enter the complete line including the new service.
Just adding the service by itself (without the +) will turn off
everything else.
It doesn't help that page 5 in the Native Microsoft Outlook
Configuration Guide for version 2.3.2 show you one thing and then page 6
shows it differently.
Rowland
More information about the samba
mailing list