[Samba] The RPC server is unavailable when clicking on RSAT tools

Dorlan Oxelgren maillist at axonsoft.com
Fri Apr 22 16:29:41 UTC 2016 

So, I poked around and found a couple of threads that seemed to fix my
immediate problem.   It looks like I had two issues.  The first was a
security update to Ubuntu on Monday.  That was fixed by adding the
following to the smb.conf file

        ldap server require strong auth = no
        client ldap sasl wrapping = plain

The second problem was the updated version of samba needed winbind
installed.  So, I did that and now I have access to the windows
administration tools.  Doing either one didn't fix my problem but doing
both did.

Phew!

On Thu, Apr 21, 2016 at 10:20 AM, Dorlan Oxelgren <maillist at axonsoft.com>
wrote:

> I'm running two Ubuntu 14.04 servers with  Samba version 4.3.8-Ubuntu on
> each. I haven't been able to access the tools since April 15, 2016.  It is
> setup as AD DC and all of the domain workstations CAN log in.  Iv'e googled
> the error msgs and tried many things and have come up empty.  I'm at the
> stage where I'm thinking of promoting dc2 and demoting dc1.
>
> I've been down a number of paths.  So, I've started looking at this from
> the beginning of an regular install.
>
> The authentication seems to be failing.
>
> The kinit is fine
>  axon at DC1:~$ kinit administrator at AXON.LAN
> Password for administrator at AXON.LAN:
> axon at DC1:~$ klist -e
> Ticket cache: FILE:/tmp/krb5cc_1000
> Default principal: administrator at AXON.LAN
>
> Valid starting     Expires            Service principal
> 16-04-21 09:54:14  16-04-21 19:54:14  krbtgt/AXON.LAN at AXON.LAN
>         renew until 16-04-22 09:54:10, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac
>
> But the cllent can't connect.
>
> axon at DC1:~$ sudo smbclient //localhost/netlogon -U 'administrator'
> Enter administrator's password:
> session setup failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> Testing the dns works fine
>
> axon at DC1:~$ host -t SRV _ldap._tcp.axon.lan
> _ldap._tcp.axon.lan has SRV record 0 100 389 dc1.axon.lan.
> _ldap._tcp.axon.lan has SRV record 0 100 389 dc2.axon.lan.
>
> There is a replication error between dc1 dc2 that I discovered as well.
> Here is the relevant part
> DC=DomainDnsZones,DC=axon,DC=lan
>         Default-First-Site-Name\DC1 via RPC
>                 DSA object GUID: 42e35e3b-4537-4104-aeef-da62464c8b2e
>                 Last attempt @ Thu Apr 21 10:06:02 2016 CST failed, result
> 58 (W                                     ERR_BAD_NET_RESP)
>                 44051 consecutive failure(s).
>                 Last success @ Tue Dec  1 07:03:01 2015 CST
>
>
> The smb.conf file is pretty standard
>
> # Global parameters
> [global]
>         workgroup = AXON
>         realm = AXON.LAN
>         netbios name = DC1
>         server role = active directory domain controller
>         dns forwarder = 192.168.172.250
>         idmap_ldb:use rfc2307 = yes
>
>         # Thanks to Lars for this fix, it stops the syslog
>         # being spammed by the lack of a CUPS server.
>         printing = CUPS
>         printcap name = /dev/null
>
>
> [netlogon]
>         path = /var/lib/samba/sysvol/axon.lan/scripts
>         read only = No
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
> [profiles]
>         path = /var/lib/samba/profiles
>         read only = No
>
> The log.smbd has errors but it is running.
>
> [2016/04/18 14:14:31.352896,  0] ../source3/smbd/server.c:1324(main)
>   server role = 'active directory domain controller' not compatible with
> running smbd standalone.
>   You should start 'samba' instead, and it will control starting smbd if
> required
> [2016/04/18 14:14:40.550618,  0]
> ../lib/util/become_daemon.c:124(daemon_ready)
>   STATUS=daemon 'smbd' finished starting up and ready to serve connections
>
> The service is started from samba.  sudo service samba restart.  Or a
> reboot.
>
> log.samba has errors as well  The timing is related to the doing a sync
> between dc1 and dc2
>
> [2016/04/21 10:10:01.644399,  0]
> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit)
>   ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit
> of transaction: operations error at
> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
> [2016/04/21 10:10:01.645781,  0]
> ../source4/dsdb/repl/drepl_out_helpers.c:773(dreplsrv_op_pull_source_apply_changes_trigger)
>   Failed to commit objects:
> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>
> Any help would be greatly appreciated. I'm all out of ideas at this stage.
>
>
>
>
>

More information about the samba mailing list