[Samba] Samba 4.8 RODC not working
Gaetan SLONGO
gslongo at it-optics.com
Wed Jun 13 07:43:43 UTC 2018
Hi Louis,
Sorry for late reply.
The command result is :
[root at dmzrodc ~]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
I don't thing this is a routing or policy issue. This is very strange.
----- Mail original -----
De: "L.P.H. van Belle via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Jeudi 31 Mai 2018 12:47:44
Objet : Re: [Samba] Samba 4.8 RODC not working
Hai Gaetan,
Can you post the output this this command : netstat -plaunt | egrep "ntp|bind|named|samba|?mbd"
and iptables -S
@Rowland, https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
might need a smal change. test as followed
The wiki line: netstat -tulpn | egrep "samba|smbd|nmbd|winbind"
Now test my line and see the changes. this catches everything a DC might be running.
netstat -plaunt | egrep "ntp|bind|named|samba|?mbd"
Greetz,
Louis
Van: Gaetan SLONGO [mailto:gslongo at it-optics.com]
Verzonden: donderdag 31 mei 2018 11:01
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4.8 RODC not working
Hi Louis !
Thank you for your time. OK I see.
But I checked, for testing I set an allow all rule, which doesnt have any effect :-/
Thanks ;-)
De: "L.P.H. van Belle via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Mercredi 30 Mai 2018 12:24:06
Objet : Re: [Samba] Samba 4.8 RODC not working
That are port you need :
https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
from the site :
*** The range matches the port range used by Windows Server 2008 and later.
Samba versions before 4.7 used the TCP ports 1024 to 1300 instead. To manually set the port range in Samba 4.7 and later,
set the rpc server port parameter in your smb.conf file.
For details, see the parameter description in the smb.conf(5) man page.
What i'll do, go lunching first, then i'll post my rule for ufw for my member server, that is set to
Default: deny (incoming), deny (outgoing), disabled (routed)
if people want them.
Greetz,
Louis
Van: Gaetan SLONGO [mailto:gslongo at it-optics.com]
Verzonden: woensdag 30 mei 2018 12:13
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4.8 RODC not working
Hi Louis !
Thanks for suggestion ! What are these ports ?
Thanks !
De: "L.P.H. van Belle via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Mardi 29 Mai 2018 17:08:21
Objet : Re: [Samba] Samba 4.8 RODC not working
I think you missed these in the firewall, if you allowed the "in" for the DC, you also need the OUT.
49152:65535/tcp ALLOW OUT
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Gaetan SLONGO via samba
> Verzonden: dinsdag 29 mei 2018 16:40
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4.8 RODC not working
>
> Hi Rowland,
>
>
> As said into the reply sent to Andrew, Winbind is installed,
> but not started by samba (this is sernet packages)
>
>
> Thanks
>
> ----- Mail original -----
>
> De: "Rowland Penny via samba" <samba at lists.samba.org>
> À: samba at lists.samba.org
> Envoyé: Jeudi 24 Mai 2018 20:48:22
> Objet : Re: [Samba] Samba 4.8 RODC not working
>
> On Thu, 24 May 2018 11:30:40 +0200 (CEST)
> Gaetan SLONGO via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> >
> >
> >
> > It's my first try to setup RODC using Samba 4.8. We have
> latest Samba
> > 4.7 environnement with 2 DC and some file servers. Joining
> the DC to
> > the domain is OK using samba-tool domain join command. The domain
> > controller appears in the DC list (MMC)
> >
> >
> > However, users cannot be authenticated. Samba is running but these
> > ports are closed :
> >
> >
> > netbios-ssn 139/tcp # NETBIOS session service
> > netbios-ssn 139/udp
> > microsoft-ds 445/tcp
> > microsoft-ds 445/udp
> >
> > Some other ports are available :
> >
> >
> >
> > [root at dmzrodc ~]# netstat -tlpn
> > Connexions Internet actives (seulement serveurs)
> > Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
> PID/Program
> > name tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 23622/samba
> > tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 23619/samba
> > tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 23619/samba
> > tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN 23619/samba
> > tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 23622/samba
> > tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 23622/samba
> > tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 23622/samba
> > tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 23619/samba
> > tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 23624/samba
> > tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 23632/samba
> > tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 23624/samba
> >
> >
> > Winbind is not working :
> >
> > [root at dmzrodc ~]# wbinfo -u
> > could not obtain winbind interface details:
> > WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name!
> > Error looking up domain users
>
> Is winbind actually installed ??
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
>
>
>
>
> www.it-optics.com
>
> Gaëtan SLONGO | Head of Infrastructure Department
> Boulevard Initialis, 28 - 7000 Mons, BELGIUM
> Company : +32 (0)65 84 23 85
> Direct : +32 (0)65 32 85 88
> Fax : +32 (0)65 84 66 76
> Skype ID : gslongo.pro
> GPG Key : gslongo-gpg_key.asc
>
>
> - Please consider your environmental responsibility before
> printing this e-mail -
>
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
www.it-optics.com
Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : +32 (0)65 84 23 85
Direct : +32 (0)65 32 85 88
Fax : +32 (0)65 84 66 76
Skype ID : gslongo.pro
GPG Key : gslongo-gpg_key.asc
- Please consider your environmental responsibility before printing this e-mail -
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
www.it-optics.com
Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : +32 (0)65 84 23 85
Direct : +32 (0)65 32 85 88
Fax : +32 (0)65 84 66 76
Skype ID : gslongo.pro
GPG Key : gslongo-gpg_key.asc
- Please consider your environmental responsibility before printing this e-mail -
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
www.it-optics.com
Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : +32 (0)65 84 23 85
Direct : +32 (0)65 32 85 88
Fax : +32 (0)65 84 66 76
Skype ID : gslongo.pro
GPG Key : gslongo-gpg_key.asc
- Please consider your environmental responsibility before printing this e-mail -
More information about the samba
mailing list