[Samba] Samba 4.8 RODC not working

Gaetan SLONGO gslongo at it-optics.com
Wed Jun 13 08:40:28 UTC 2018 

Hi Louis, Hi Rowland, 


I will respond to both in this mail. 


Yes winbind is installed : 



[root at dmzrodc ~]# which winbindd 
/usr/sbin/winbindd 
[root at dmzrodc ~]# rpm -qa |grep winbind 
sernet-samba-winbind-4.8.2-10.el7.x86_64 


I know about *mbd processes. so strange.. This is why I'm posting here :-) 


I joined the RODC following the procedure available on the wiki page https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC : 


samba-tool domain join ads.MYDOMAIN.be RODC -U MYDOMAIN\\Administrator --dns-backend=SAMBA_INTERNAL 


This is a Samba AD domain. But other DC are 4.7.7. Cannot upgrade to 4.8 but I don't think this is the issue. I had exactly same issue with 4.6 and 4.7 versions where a dev told me to wait for next release to get better RODC support. This did not solved the issue and it becomes "urgent" to have this RODC :-( 


Thanks ! 
----- Mail original -----

De: "Rowland Penny via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 13 Juin 2018 10:27:21 
Objet : Re: [Samba] Samba 4.8 RODC not working 

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST) 
Gaetan SLONGO <gslongo at it-optics.com> wrote: 

> Hi Rowland, 
> 
> 
> Same, as said; winbind isn't started :-) 
> 
> 
> 
> [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" 
> 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g 
> 1205 ? Ss 0:00 /usr/sbin/samba -D 
> 1225 ? S 0:00 /usr/sbin/samba -D 
> 1226 ? S 0:00 /usr/sbin/samba -D 
> 1227 ? S 0:00 /usr/sbin/samba -D 
> 1228 ? S 0:00 /usr/sbin/samba -D 
> 1229 ? S 0:00 /usr/sbin/samba -D 
> 1230 ? S 0:00 /usr/sbin/samba -D 
> 1231 ? S 0:00 /usr/sbin/samba -D 
> 1232 ? S 0:00 /usr/sbin/samba -D 
> 1233 ? S 0:00 /usr/sbin/samba -D 
> 1235 ? S 0:00 /usr/sbin/samba -D 
> 1236 ? S 0:00 /usr/sbin/samba -D 
> 1237 ? S 0:00 /usr/sbin/samba -D 
> 1238 ? S 0:00 /usr/sbin/samba -D 
> 12187 pts/0 S+ 0:00 grep -E --color=auto ntp|bind|named|samba|?mbd 
> 

The output when I run the command is this: 

ps ax | egrep "ntp|bind|named|samba|?mbd" 
1544 ? Ssl 18:58 /usr/sbin/named -u bind 
7142 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
7184 ? S 0:00 samba: conn[rpc] c[ipv4:192.168.0.53:36870] s[ipv4:192.168.0.6:49153] server_id[7184] 
11917 ? Ss 0:00 /sbin/rpcbind -w 
16828 pts/0 R+ 0:00 grep -E ntp|bind|named|samba|?mbd 
23980 ? Ss 0:00 samba: root process 
23998 ? S 0:00 samba: task[s3fs_parent] 
23999 ? S 2:45 samba: task[dcesrv] 
24000 ? S 0:00 samba: tfork waiter process 
24001 ? S 0:03 samba: task[nbtd] 
24002 ? Ss 0:01 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
24003 ? S 0:00 samba: task[wrepl] 
24004 ? S 0:01 samba: task[ldapsrv] 
24005 ? S 0:02 samba: task[cldapd] 
24006 ? S 0:08 samba: conn[kdc_tcp] c[ipv4:192.168.0.88:40340] s[ipv4:192.168.0.6:88] server_id[24006.42] 
24007 ? S 5:47 samba: task[dreplsrv] 
24008 ? S 0:00 samba: task[winbindd_parent] 
24009 ? S 0:00 samba: tfork waiter process 
24010 ? S 0:00 samba: task[ntp_signd] 
24011 ? S 0:06 samba: task[kccsrv] 
24012 ? Ss 0:49 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 
24013 ? S 0:16 samba: task[dnsupdate] 
24020 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
24021 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
24022 ? S 0:01 winbindd: domain child [SAMDOM] 
24023 ? S 0:00 winbindd: idmap child 
24039 ? S 0:00 winbindd: domain child [BUILTIN] 

The out put of 'pstree', produces this (cropped): 

init─┬─chronyd 
├─named───4*[{named}] 
├─samba─┬─samba───samba───smbd─┬─cleanupd 
│ │ ├─smbd 
│ │ └─smbd-notifyd 
│ ├─2*[samba───samba] 
│ ├─8*[samba] 
│ └─samba───samba───winbindd───3*[winbindd] 

Not only is 'winbind' not running on your DC, it looks like 'smbd' 
isn't either. 

How did you join the RODC to the domain ? 
What is the domain (Samba or Windows) ? 

Rowland 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



-- 




www.it-optics.com 
	
Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 
	

- Please consider your environmental responsibility before printing this e-mail -

More information about the samba mailing list