[Samba] Samba 4 AD issues with RPC

Praveen Ghimire PGhimire at sundata.com.au
Tue Dec 5 05:08:24 UTC 2017 


Hi Guys,

Setup:

Versions: Samba: 4.6.7
                Bind9:   9.10.3


Firewall disabled

AD Provision:

Migrated from samba 3 to 4 using classic upgrade.

samba-tool domain classicupgrade --dbdir=/var/lib/samba.PDC/dbdir --realm=TEST.LOCAL --dns-backend=BIND9_FLATFILE /etc/samba.PDC/smb.PDC.conf

The following was the section in regards to the upgrade

Processing section "[netlogon]"
Processing section "[sysvol]"
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol



After the upgrade we tried to promote a Windows 2008R2 server as a DC, but it fails with the following event in Server 2008R2 (Event 5719)

This computer was not able to set up a secure session with a domain controller in domain TEST due to the following:
The RPC server is unavailable.
This computer was not able to set up a secure session with a domain controller in domain TEST due to the following:
The RPC server is unavailable.

The DCPROMO command list the following error
The wizard cannot gain access to the list of the domains in the forest. The RPC server is unavailable




The following are the contents of the smb.conf file

[global]
        netbios name = TESTDC
        realm = TEST.LOCAL
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, s3fs
        workgroup = TEST
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, mapiproxy

[netlogon]
        path = /var/lib/samba/sysvol/test.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

Tests done so far

-          Confirmed that KINIT works

-          Confirmed that SRV records resolves correctly

samba-tool testparm --suppress-prompt -v | grep '[s]erver services'
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, s3fs
samba-tool testparm --suppress-prompt -v | grep '[d]cerpc endpoint servers'
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, mapiproxy

service --status-all
[ - ]  acpid
[ + ]  apparmor
[ + ]  apport
[ + ]  atd
[ + ]  bind9
[ - ]  console-setup.sh
[ + ]  cron
[ - ]  cryptdisks
[ - ]  cryptdisks-early
[ + ]  dbus
[ + ]  ebtables
[ + ]  grub-common
[ - ]  hwclock.sh
[ - ]  irqbalance
[ - ]  isc-dhcp-server
[ + ]  iscsid
[ - ]  keyboard-setup.sh
[ + ]  kmod
[ - ]  lvm2
[ + ]  lvm2-lvmetad
[ + ]  lvm2-lvmpolld
[ + ]  lxcfs
[ - ]  lxd
[ - ]  mdadm
[ - ]  mdadm-waitidle
[ - ]  nmbd
[ - ]  open-iscsi
[ + ]  open-vm-tools
[ - ]  plymouth
[ - ]  plymouth-log
[ + ]  procps
[ - ]  rsync
[ + ]  rsyslog
[ + ]  samba-ad-dc
[ - ]  screen-cleanup
[ - ]  smbd
[ + ]  ssh
[ + ]  udev
[ + ]  ufw
[ + ]  unattended-upgrades


Any suggestions?

Regards
PG

More information about the samba mailing list