[Samba] RPC Server is unavailable

samba at 3eb.pl samba at 3eb.pl
Thu Jun 1 12:55:40 UTC 2017


Hello All,

I have big problem. I don't know how can i resolve it.

Design:

|server Samba AD 4.6.2|    <----------    | Samba File Server 
v4.6.2/v4.6.4 |  <---------  | Windows 7 client |


-----------------------
On Windows & client:

  User can open files in share.
  Problem is when he wants to change privileges 
(Proporties>Security>Edit>Add).
  "Application can't open required window...".
  Next windows: "The user selection dialog can not be displayed. RPC 
Server is unavailable.".


-----------------------
On Samba File Server:

- server is connected to domain:
net ads testjoin -k
Join is OK
- wbinfo -i  (show users correctly),
- wbinfo -g  (show groups corrsctly),
- users have access to files on share,
- files/directories have right privileges

getfacl example_dir
# file: example_dir
# owner: xxx
# group: xxy
user::rwx
user:root:rwx
user:50000:rwx
user:50002:rwx
user:51151:rwx
user:58522:rwx
group::---
group:50000:rwx
group:50002:rwx
group:50068:rwx
group:58522:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:50000:rwx
default:user:50002:rwx
default:user:51151:rwx
default:user:58522:rwx
default:group::---
default:group:50000:rwx
default:group:50002:rwx
default:group:50068:rwx
default:group:58522:rwx
default:mask::rwx
default:other::---



config samba file share:
[global]
         workgroup = XYZ
         server string = %h server (Samba)
         realm = XYZ.LOCAL

         password server = pdc.xyz.local
         interfaces = lo, eth0

         kerberos method = secrets and keytab

         template shell = /bin/bash
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = Yes

         security = ads

         domain master = no
         local master = no
         preferred master = no
         domain logons = no

         allow trusted domains = yes
         idmap config * : range = 50000-60000
         idmap config * : backend = tdb
         idmap config EMEA : range = 50000-60000
         idmap config EMEA : backend = rid

         idmap config * : unix_primary_group = yes

         map acl inherit = yes
         store dos attributes = yes
         inherit acls = yes
         inherit permissions = yes
         acl group control = yes
         acl map full control = true
         nt acl support = yes
         ea support = yes
         idmap_ldb:use rfc2307 = yes

         template homedir = /home/%U

         rpc_server:tcpip = no
         rpc_daemon:spoolssd = embedded
         rpc_server:spoolss = embedded
         rpc_server:winreg = embedded
         rpc_server:ntsvcs = embedded
         rpc_server:eventlog = embedded
         rpc_server:srvsvc = embedded
         rpc_server:svcctl = embedded
         rpc_server:default = external

         full_audit:prefix = %u|%I|%M|%S
         full_audit:priority = notice
         full_audit:facility = local5
         map archive = No
         map readonly = no

         username map = /etc/samba/user.map

         client use spnego = yes
         client ntlmv2 auth = yes

         load printers = no

         server role = member server

[share]
         comment = share
         path = /share
         browseable = Yes
         read only = No
         force create mode = 0660
         force directory mode = 0660
         vfs objects = dfs_samba4 acl_xattr full_audit
         acl_xattr:ignore system acls = yes
         full_audit:success = connect opendir disconnect unlink mkdir 
rmdir open rename
         full_audit:failure = connect opendir disconnect unlink mkdir 
rmdir open rename


---------------------------------
On Samba AD:

[global]
         netbios name = PDC
         realm = XYZ.LOCAL
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = XYZ
         server role = active directory domain controller
         ntlm auth = yes
         winbind enum users = Yes
         winbind enum groups = Yes

         winbind use default domain = yes
         winbind nested groups = yes
         winbind refresh tickets = yes

         client ldap sasl wrapping = plain
         client signing = if_required

         idmap_ldb:use rfc2307 = yes

         ntlm auth = yes
         client use spnego = yes

         load printers = no

         log file = /var/log/samba/samba.log
         log level = 2
         max log size = 1000

[netlogon]
         path = /var/lib/samba/sysvol/xyz.local/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No


Do you have any suggestions how can i resolve my issue ?

Best Regards,
Supporter 3eb



More information about the samba mailing list