[Samba] Samba 4 AD issues with RPC
Praveen Ghimire
PGhimire at sundata.com.au
Tue Dec 5 05:08:24 UTC 2017
Hi Guys,
Setup:
Versions: Samba: 4.6.7
Bind9: 9.10.3
Firewall disabled
AD Provision:
Migrated from samba 3 to 4 using classic upgrade.
samba-tool domain classicupgrade --dbdir=/var/lib/samba.PDC/dbdir --realm=TEST.LOCAL --dns-backend=BIND9_FLATFILE /etc/samba.PDC/smb.PDC.conf
The following was the section in regards to the upgrade
Processing section "[netlogon]"
Processing section "[sysvol]"
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
After the upgrade we tried to promote a Windows 2008R2 server as a DC, but it fails with the following event in Server 2008R2 (Event 5719)
This computer was not able to set up a secure session with a domain controller in domain TEST due to the following:
The RPC server is unavailable.
This computer was not able to set up a secure session with a domain controller in domain TEST due to the following:
The RPC server is unavailable.
The DCPROMO command list the following error
The wizard cannot gain access to the list of the domains in the forest. The RPC server is unavailable
The following are the contents of the smb.conf file
[global]
netbios name = TESTDC
realm = TEST.LOCAL
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, s3fs
workgroup = TEST
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, mapiproxy
[netlogon]
path = /var/lib/samba/sysvol/test.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Tests done so far
- Confirmed that KINIT works
- Confirmed that SRV records resolves correctly
samba-tool testparm --suppress-prompt -v | grep '[s]erver services'
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, s3fs
samba-tool testparm --suppress-prompt -v | grep '[d]cerpc endpoint servers'
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, mapiproxy
service --status-all
[ - ] acpid
[ + ] apparmor
[ + ] apport
[ + ] atd
[ + ] bind9
[ - ] console-setup.sh
[ + ] cron
[ - ] cryptdisks
[ - ] cryptdisks-early
[ + ] dbus
[ + ] ebtables
[ + ] grub-common
[ - ] hwclock.sh
[ - ] irqbalance
[ - ] isc-dhcp-server
[ + ] iscsid
[ - ] keyboard-setup.sh
[ + ] kmod
[ - ] lvm2
[ + ] lvm2-lvmetad
[ + ] lvm2-lvmpolld
[ + ] lxcfs
[ - ] lxd
[ - ] mdadm
[ - ] mdadm-waitidle
[ - ] nmbd
[ - ] open-iscsi
[ + ] open-vm-tools
[ - ] plymouth
[ - ] plymouth-log
[ + ] procps
[ - ] rsync
[ + ] rsyslog
[ + ] samba-ad-dc
[ - ] screen-cleanup
[ - ] smbd
[ + ] ssh
[ + ] udev
[ + ] ufw
[ + ] unattended-upgrades
Any suggestions?
Regards
PG
More information about the samba
mailing list