[Samba] Samba 4.8 RODC not working

[Gaetan SLONGO]

Hi, 


Not sure sernet can help. It really looks like a samba issue to me..? 
Just found this in logs when starting the RODC : 



[2018/06/13 10:59:11.546077, 3, pid=12673, effective(0, 0), real(0, 0)] ../lib/util/util_runcmd.c:291(samba_runcmd_io_handler) 
samba_runcmd_io_handler: Child /usr/sbin/winbindd exited 1 
[2018/06/13 10:59:11.546131, 0, pid=12673, effective(0, 0), real(0, 0)] ../source4/winbind/winbindd.c:47(winbindd_done) 
winbindd daemon died with exit status 1 
[2018/06/13 10:59:11.546268, 0, pid=12673, effective(0, 0), real(0, 0)] ../source4/smbd/service_task.c:36(task_server_terminate) 
task_server_terminate: task_server_terminate: [winbindd child process exited] 




But no details about the crash :-/ 







----- Mail original -----

De: "L.P.H. van Belle via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 13 Juin 2018 10:49:10 
Objet : Re: [Samba] Samba 4.8 RODC not working 

 If its really urgent then u would really suggest, invest in samba a bit and pay them to get this working. 
Thats what sernet can do for you. Get commercial support. 

Im pretty much out of options, execpt upgrade to 4.8 and try it again. 


Greetz, 

Louis 



Van: Gaetan SLONGO [mailto:gslongo at it-optics.com] 
Verzonden: woensdag 13 juni 2018 10:40 
Aan: Rowland Penny; L.P.H. van Belle 
CC: samba at lists.samba.org 
Onderwerp: Re: [Samba] Samba 4.8 RODC not working 



Hi Louis, Hi Rowland, 

I will respond to both in this mail. 


Yes winbind is installed : 


[root at dmzrodc ~]# which winbindd 
/usr/sbin/winbindd 
[root at dmzrodc ~]# rpm -qa |grep winbind 
sernet-samba-winbind-4.8.2-10.el7.x86_64 


I know about *mbd processes. so strange.. This is why I'm posting here :-) 


I joined the RODC following the procedure available on the wiki page https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC : 


samba-tool domain join ads.MYDOMAIN.be RODC -U MYDOMAIN\\Administrator --dns-backend=SAMBA_INTERNAL 


This is a Samba AD domain. But other DC are 4.7.7. Cannot upgrade to 4.8 but I don't think this is the issue. I had exactly same issue with 4.6 and 4.7 versions where a dev told me to wait for next release to get better RODC support. This did not solved the issue and it becomes "urgent" to have this RODC :-( 


Thanks ! 

De: "Rowland Penny via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 13 Juin 2018 10:27:21 
Objet : Re: [Samba] Samba 4.8 RODC not working 

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST) 
Gaetan SLONGO <gslongo at it-optics.com> wrote: 

> Hi Rowland, 
> 
> 
> Same, as said; winbind isn't started :-) 
> 
> 
> 
> [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" 
> 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g 
> 1205 ? Ss 0:00 /usr/sbin/samba -D 
> 1225 ? S 0:00 /usr/sbin/samba -D 
> 1226 ? S 0:00 /usr/sbin/samba -D 
> 1227 ? S 0:00 /usr/sbin/samba -D 
> 1228 ? S 0:00 /usr/sbin/samba -D 
> 1229 ? S 0:00 /usr/sbin/samba -D 
> 1230 ? S 0:00 /usr/sbin/samba -D 
> 1231 ? S 0:00 /usr/sbin/samba -D 
> 1232 ? S 0:00 /usr/sbin/samba -D 
> 1233 ? S 0:00 /usr/sbin/samba -D 
> 1235 ? S 0:00 /usr/sbin/samba -D 
> 1236 ? S 0:00 /usr/sbin/samba -D 
> 1237 ? S 0:00 /usr/sbin/samba -D 
> 1238 ? S 0:00 /usr/sbin/samba -D 
> 12187 pts/0 S+ 0:00 grep -E --color=auto ntp|bind|named|samba|?mbd 
> 

The output when I run the command is this: 

ps ax | egrep "ntp|bind|named|samba|?mbd" 
1544 ? Ssl 18:58 /usr/sbin/named -u bind 
7142 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
7184 ? S 0:00 samba: conn[rpc] c[ipv4:192.168.0.53:36870] s[ipv4:192.168.0.6:49153] server_id[7184] 
11917 ? Ss 0:00 /sbin/rpcbind -w 
16828 pts/0 R+ 0:00 grep -E ntp|bind|named|samba|?mbd 
23980 ? Ss 0:00 samba: root process 
23998 ? S 0:00 samba: task[s3fs_parent] 
23999 ? S 2:45 samba: task[dcesrv] 
24000 ? S 0:00 samba: tfork waiter process 
24001 ? S 0:03 samba: task[nbtd] 
24002 ? Ss 0:01 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
24003 ? S 0:00 samba: task[wrepl] 
24004 ? S 0:01 samba: task[ldapsrv] 
24005 ? S 0:02 samba: task[cldapd] 
24006 ? S 0:08 samba: conn[kdc_tcp] c[ipv4:192.168.0.88:40340] s[ipv4:192.168.0.6:88] server_id[24006.42] 
24007 ? S 5:47 samba: task[dreplsrv] 
24008 ? S 0:00 samba: task[winbindd_parent] 
24009 ? S 0:00 samba: tfork waiter process 
24010 ? S 0:00 samba: task[ntp_signd] 
24011 ? S 0:06 samba: task[kccsrv] 
24012 ? Ss 0:49 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 
24013 ? S 0:16 samba: task[dnsupdate] 
24020 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
24021 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 
24022 ? S 0:01 winbindd: domain child [SAMDOM] 
24023 ? S 0:00 winbindd: idmap child 
24039 ? S 0:00 winbindd: domain child [BUILTIN] 

The out put of 'pstree', produces this (cropped): 

init─┬─chronyd 
├─named───4*[{named}] 
├─samba─┬─samba───samba───smbd─┬─cleanupd 
│ │ ├─smbd 
│ │ └─smbd-notifyd 
│ ├─2*[samba───samba] 
│ ├─8*[samba] 
│ └─samba───samba───winbindd───3*[winbindd] 

Not only is 'winbind' not running on your DC, it looks like 'smbd' 
isn't either. 

How did you join the RODC to the domain ? 
What is the domain (Samba or Windows) ? 

Rowland 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 




-- 


www.it-optics.com 

Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : +32 (0)65 84 23 85 
Direct : +32 (0)65 32 85 88 
Fax : +32 (0)65 84 66 76 
Skype ID : gslongo.pro 
GPG Key : gslongo-gpg_key.asc 



- Please consider your environmental responsibility before printing this e-mail - 













-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



-- 




www.it-optics.com 
	
Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 
	

- Please consider your environmental responsibility before printing this e-mail -