[Samba] Samba 4.8 RODC not working

L.P.H. van Belle belle at bazuin.nl
Wed Jun 13 08:49:10 UTC 2018 

 If its really urgent then u would really suggest, invest in samba a bit and pay them to get this working. 
Thats what sernet can do for you. Get commercial support. 
 
Im pretty much out of options, execpt upgrade to 4.8 and try it again. 
 
 
Greetz, 
 
Louis
 
 

Van: Gaetan SLONGO [mailto:gslongo at it-optics.com] 
Verzonden: woensdag 13 juni 2018 10:40
Aan: Rowland Penny; L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4.8 RODC not working



Hi Louis, Hi Rowland, 

I will respond to both in this mail.


Yes winbind is installed :


[root at dmzrodc ~]# which winbindd
/usr/sbin/winbindd
[root at dmzrodc ~]# rpm -qa |grep winbind
sernet-samba-winbind-4.8.2-10.el7.x86_64


I know about *mbd processes. so strange.. This is why I'm posting here :-)


I joined the RODC following the procedure available on the wiki page https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC :


samba-tool domain join ads.MYDOMAIN.be RODC -U MYDOMAIN\\Administrator --dns-backend=SAMBA_INTERNAL


This is a Samba AD domain. But other DC are 4.7.7. Cannot upgrade to 4.8 but I don't think this is the issue. I had exactly same issue with 4.6 and 4.7 versions where a dev told me to wait for next release to get better RODC support. This did not solved the issue and it becomes "urgent" to have this RODC :-(


Thanks !

De: "Rowland Penny via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Mercredi 13 Juin 2018 10:27:21
Objet : Re: [Samba] Samba 4.8 RODC not working

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:

> Hi Rowland, 
> 
> 
> Same, as said; winbind isn't started :-) 
> 
> 
> 
> [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" 
> 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g 
> 1205 ? Ss 0:00 /usr/sbin/samba -D 
> 1225 ? S 0:00 /usr/sbin/samba -D 
> 1226 ? S 0:00 /usr/sbin/samba -D 
> 1227 ? S 0:00 /usr/sbin/samba -D 
> 1228 ? S 0:00 /usr/sbin/samba -D 
> 1229 ? S 0:00 /usr/sbin/samba -D 
> 1230 ? S 0:00 /usr/sbin/samba -D 
> 1231 ? S 0:00 /usr/sbin/samba -D 
> 1232 ? S 0:00 /usr/sbin/samba -D 
> 1233 ? S 0:00 /usr/sbin/samba -D 
> 1235 ? S 0:00 /usr/sbin/samba -D 
> 1236 ? S 0:00 /usr/sbin/samba -D 
> 1237 ? S 0:00 /usr/sbin/samba -D 
> 1238 ? S 0:00 /usr/sbin/samba -D 
> 12187 pts/0 S+ 0:00 grep -E --color=auto ntp|bind|named|samba|?mbd 
> 

The output when I run the command is this:

ps ax | egrep "ntp|bind|named|samba|?mbd" 
 1544 ?        Ssl   18:58 /usr/sbin/named -u bind
 7142 ?        S      0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
 7184 ?        S      0:00 samba: conn[rpc] c[ipv4:192.168.0.53:36870] s[ipv4:192.168.0.6:49153] server_id[7184]
11917 ?        Ss     0:00 /sbin/rpcbind -w
16828 pts/0    R+     0:00 grep -E ntp|bind|named|samba|?mbd
23980 ?        Ss     0:00 samba: root process
23998 ?        S      0:00 samba: task[s3fs_parent]
23999 ?        S      2:45 samba: task[dcesrv]
24000 ?        S      0:00 samba: tfork waiter process
24001 ?        S      0:03 samba: task[nbtd]
24002 ?        Ss     0:01 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
24003 ?        S      0:00 samba: task[wrepl]
24004 ?        S      0:01 samba: task[ldapsrv]
24005 ?        S      0:02 samba: task[cldapd]
24006 ?        S      0:08 samba: conn[kdc_tcp] c[ipv4:192.168.0.88:40340] s[ipv4:192.168.0.6:88] server_id[24006.42]
24007 ?        S      5:47 samba: task[dreplsrv]
24008 ?        S      0:00 samba: task[winbindd_parent]
24009 ?        S      0:00 samba: tfork waiter process
24010 ?        S      0:00 samba: task[ntp_signd]
24011 ?        S      0:06 samba: task[kccsrv]
24012 ?        Ss     0:49 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
24013 ?        S      0:16 samba: task[dnsupdate]
24020 ?        S      0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
24021 ?        S      0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
24022 ?        S      0:01 winbindd: domain child [SAMDOM]
24023 ?        S      0:00 winbindd: idmap child
24039 ?        S      0:00 winbindd: domain child [BUILTIN]

The out put of 'pstree', produces this (cropped):

init─┬─chronyd
     ├─named───4*[{named}]
     ├─samba─┬─samba───samba───smbd─┬─cleanupd
     │       │                      â”œâ”€smbd
     │       │                      â””─smbd-notifyd
     │       ├─2*[samba───samba]
     │       ├─8*[samba]
     │       └─samba───samba───winbindd───3*[winbindd]

Not only is 'winbind' not running on your DC, it looks like 'smbd'
isn't either.

How did you join the RODC to the domain ?
What is the domain (Samba or Windows) ?

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




-- 


www.it-optics.com 

	Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 

	

- Please consider your environmental responsibility before printing this e-mail -

More information about the samba mailing list