[Samba] RPC Server is unavailable

samba at 3eb.pl samba at 3eb.pl
Mon Jun 5 18:40:58 UTC 2017 

>> 
>> This is my nsswitch file:
>> 
>> 
>> passwd:         files ldap compat winbind
>> group:          files ldap compat winbind
>> shadow:         files ldap compat
> 
> Do you have anything that needs to connect via LDAP ?
> If you have what it is it ?
> I would remove 'ldap'
> 
> 'files' and 'compat' basically mean the same thing, so I would remove
> 'compat'
> 
>> 
>> 
>> When i use wbinfo i see names and groups.
> 
> 'wbinfo' show windows users and groups, just because windows users and
> groups are shown doesn't mean the Unix OS knows who they are. This is
> where Samba comes in.
> 
>> >
>> >>
>> >>          idmap config * : unix_primary_group = yes
>> >
>> > I think you can only use the above line with the 'ad' backend.
>> 
>> When i set backet to 'ad' i can't start winbindd
>> 
>> Output: "main: FATAL: Invalid idmap backend ad configured as the
>> default backend!"
> 
> Yes, I missed that, focussed on 'idmap config' and
> 'unix_primary_group', what I meant was you can only use
> 'unix_primary_group' with 'idmap config DOMAIN' and the 'ad' backend,
> so you should have removed it. Your 'idmap config block should look
> something like this:
> 
>    idmap config * : backend = tdb
>    idmap config * : range = 2000-9999
>    idmap config SAMDOM : backend = rid
>    idmap config SAMDOM : range = 10000-999999
> 
> 

I changed nsswitch to:

passwd:         files winbind
group:          files winbind
shadow:         files
gshadow:        files
hosts:          files resolve [!UNAVAIL=return] dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis


New version of smb.conf:

[global]
         workgroup = XYZ
         server string = %h server (Samba, Ubuntu)
         realm = XYZ.LOCAL
         interfaces = lo, eth0
         kerberos method = secrets and keytab
         template shell = /bin/bash
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = Yes
         security = ads
         domain master = no
         local master = no
         preferred master = no
         domain logons = no
         allow trusted domains = yes
         idmap config * : range = 2000-49999
         idmap config * : backend = tdb
         idmap config XYZ : range = 50000-60000
         idmap config XYZ : backend = rid
         map acl inherit = yes
         store dos attributes = yes
         inherit acls = yes
         inherit permissions = yes
         acl group control = yes
         acl map full control = true
         nt acl support = yes
         ea support = yes
         idmap_ldb:use rfc2307 = yes
         template homedir = /home/%U
         rpc_server:tcpip = no
         rpc_daemon:spoolssd = embedded
         rpc_server:spoolss = embedded
         rpc_server:winreg = embedded
         rpc_server:ntsvcs = embedded
         rpc_server:eventlog = embedded
         rpc_server:srvsvc = embedded
         rpc_server:svcctl = embedded
         rpc_server:default = external
         full_audit:prefix = %u|%I|%M|%S
         full_audit:priority = notice
         full_audit:facility = local5
         map archive = No
         map readonly = no
         username map = /etc/samba/user.map
         client use spnego = yes
         client ntlmv2 auth = yes
         load printers = no

[share]
          comment = share
          path = /share
          browseable = Yes
          read only = No
          force create mode = 0660
          force directory mode = 0660
          vfs objects = dfs_samba4 acl_xattr full_audit
          acl_xattr:ignore system acls = yes
          full_audit:success = connect opendir disconnect unlink mkdir 
rmdir open rename
          full_audit:failure = connect opendir disconnect unlink mkdir 
rmdir open rename

I deleted all files *tdb and reconnected to domain.

Log from samba:


[2017/06/05 20:30:58.650182,  5] 
../source3/auth/token_util.c:640(debug_unix_user_token)
   UNIX token of user 50500
   Primary group is 50513 and contains 13 supplementary groups
   Group[  0]: 50500
   Group[  1]: 50513
   Group[  2]: 50518
   Group[  3]: 50572
   Group[  4]: 50519
   Group[  5]: 50512
   Group[  6]: 59426
   Group[  7]: 50520
   Group[  8]: 50002
   Group[  9]: 50003
   Group[ 10]: 50004
   Group[ 11]: 2001
   Group[ 12]: 2000
[2017/06/05 20:30:50.906441,  5] 
../source3/smbd/uid.c:363(change_to_user_internal)
   Impersonated user: uid=(50500,50500), gid=(0,50513)
[2017/06/05 20:30:50.906526,  4] ../source3/smbd/vfs.c:874(vfs_ChDir)
   vfs_ChDir to /tmp
[2017/06/05 20:30:50.906552,  4] ../source3/smbd/vfs.c:885(vfs_ChDir)
   vfs_ChDir got /tmp
[2017/06/05 20:30:50.906578,  5] 
../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
   check lock order 1 for /var/lock/samba/smbXsrv_open_global.tdb
[2017/06/05 20:30:50.906626,  5] 
../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
   release lock order 1 for /var/lock/samba/smbXsrv_open_global.tdb
[2017/06/05 20:30:50.906640,  5] ../source3/smbd/files.c:128(file_new)
   allocated file structure fnum 293231795 (4 used)
[2017/06/05 20:30:50.906722,  4] 
../source3/smbd/sec_ctx.c:216(push_sec_ctx)
   push_sec_ctx(50500, 50513) : sec_ctx_stack_ndx = 1
[2017/06/05 20:30:50.906737,  4] 
../source3/smbd/uid.c:491(push_conn_ctx)
   push_conn_ctx(544753224) : conn_ctx_stack_ndx = 0
[2017/06/05 20:30:50.906746,  4] 
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/06/05 20:30:50.906755,  5] 
../libcli/security/security_token.c:53(security_token_debug)
   Security token: (NULL)
[2017/06/05 20:30:50.906763,  5] 
../source3/auth/token_util.c:640(debug_unix_user_token)
   UNIX token of user 0
   Primary group is 0 and contains 0 supplementary groups
[2017/06/05 20:30:50.906854,  4] 
../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
   pop_sec_ctx (50500, 50513) - sec_ctx_stack_ndx = 0
[2017/06/05 20:30:50.906870,  2] 
../source3/rpc_server/rpc_ncacn_np.c:770(make_external_rpc_pipe)
   tstream_npa_connect_recv  to /var/run/samba/ncalrpc/np for pipe lsarpc 
and user XYZ\Admin failed: No such file or directory
[2017/06/05 20:30:50.906906,  5] 
../lib/dbwrap/dbwrap.c:159(dbwrap_check_lock_order)
   check lock order 1 for /var/lock/samba/smbXsrv_open_global.tdb
[2017/06/05 20:30:50.906924,  5] 
../lib/dbwrap/dbwrap.c:127(dbwrap_lock_order_state_destructor)
   release lock order 1 for /var/lock/samba/smbXsrv_open_global.tdb
[2017/06/05 20:30:50.906937,  5] ../source3/smbd/files.c:565(file_free)
   freed files structure 293231795 (3 used)
[2017/06/05 20:30:50.906949,  3] 
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at 
../source3/smbd/smb2_create.c:293

Nothing changed. Is is possible that config file is wrong ?

Best regards,
Supporter 3eb

More information about the samba mailing list