[Samba] The RPC server is unavailable when clicking on RSAT tools

Dorlan Oxelgren maillist at axonsoft.com
Thu Apr 21 16:20:07 UTC 2016


I'm running two Ubuntu 14.04 servers with  Samba version 4.3.8-Ubuntu on
each. I haven't been able to access the tools since April 15, 2016.  It is
setup as AD DC and all of the domain workstations CAN log in.  Iv'e googled
the error msgs and tried many things and have come up empty.  I'm at the
stage where I'm thinking of promoting dc2 and demoting dc1.

I've been down a number of paths.  So, I've started looking at this from
the beginning of an regular install.

The authentication seems to be failing.

The kinit is fine
 axon at DC1:~$ kinit administrator at AXON.LAN
Password for administrator at AXON.LAN:
axon at DC1:~$ klist -e
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administrator at AXON.LAN

Valid starting     Expires            Service principal
16-04-21 09:54:14  16-04-21 19:54:14  krbtgt/AXON.LAN at AXON.LAN
        renew until 16-04-22 09:54:10, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac

But the cllent can't connect.

axon at DC1:~$ sudo smbclient //localhost/netlogon -U 'administrator'
Enter administrator's password:
session setup failed: NT_STATUS_OBJECT_NAME_NOT_FOUND

Testing the dns works fine

axon at DC1:~$ host -t SRV _ldap._tcp.axon.lan
_ldap._tcp.axon.lan has SRV record 0 100 389 dc1.axon.lan.
_ldap._tcp.axon.lan has SRV record 0 100 389 dc2.axon.lan.

There is a replication error between dc1 dc2 that I discovered as well.
Here is the relevant part
DC=DomainDnsZones,DC=axon,DC=lan
        Default-First-Site-Name\DC1 via RPC
                DSA object GUID: 42e35e3b-4537-4104-aeef-da62464c8b2e
                Last attempt @ Thu Apr 21 10:06:02 2016 CST failed, result
58 (W                                     ERR_BAD_NET_RESP)
                44051 consecutive failure(s).
                Last success @ Tue Dec  1 07:03:01 2015 CST


The smb.conf file is pretty standard

# Global parameters
[global]
        workgroup = AXON
        realm = AXON.LAN
        netbios name = DC1
        server role = active directory domain controller
        dns forwarder = 192.168.172.250
        idmap_ldb:use rfc2307 = yes

        # Thanks to Lars for this fix, it stops the syslog
        # being spammed by the lack of a CUPS server.
        printing = CUPS
        printcap name = /dev/null


[netlogon]
        path = /var/lib/samba/sysvol/axon.lan/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[profiles]
        path = /var/lib/samba/profiles
        read only = No

The log.smbd has errors but it is running.

[2016/04/18 14:14:31.352896,  0] ../source3/smbd/server.c:1324(main)
  server role = 'active directory domain controller' not compatible with
running smbd standalone.
  You should start 'samba' instead, and it will control starting smbd if
required
[2016/04/18 14:14:40.550618,  0]
../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections

The service is started from samba.  sudo service samba restart.  Or a
reboot.

log.samba has errors as well  The timing is related to the doing a sync
between dc1 and dc2

[2016/04/21 10:10:01.644399,  0]
../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit)
  ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit of
transaction: operations error at
../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
[2016/04/21 10:10:01.645781,  0]
../source4/dsdb/repl/drepl_out_helpers.c:773(dreplsrv_op_pull_source_apply_changes_trigger)
  Failed to commit objects:
WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

Any help would be greatly appreciated. I'm all out of ideas at this stage.


More information about the samba mailing list