[Samba] Samba 4.8 RODC not working

L.P.H. van Belle belle at bazuin.nl
Tue May 29 15:08:21 UTC 2018


I think you missed these in the firewall, if you allowed the "in" for the DC, you also need the OUT. 

 49152:65535/tcp ALLOW OUT  


Greetz, 

Louis

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Gaetan SLONGO via samba
> Verzonden: dinsdag 29 mei 2018 16:40
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4.8 RODC not working
> 
> Hi Rowland, 
> 
> 
> As said into the reply sent to Andrew, Winbind is installed, 
> but not started by samba (this is sernet packages) 
> 
> 
> Thanks 
> 
> ----- Mail original -----
> 
> De: "Rowland Penny via samba" <samba at lists.samba.org> 
> À: samba at lists.samba.org 
> Envoyé: Jeudi 24 Mai 2018 20:48:22 
> Objet : Re: [Samba] Samba 4.8 RODC not working 
> 
> On Thu, 24 May 2018 11:30:40 +0200 (CEST) 
> Gaetan SLONGO via samba <samba at lists.samba.org> wrote: 
> 
> > Hi, 
> > 
> > 
> > 
> > 
> > It's my first try to setup RODC using Samba 4.8. We have 
> latest Samba 
> > 4.7 environnement with 2 DC and some file servers. Joining 
> the DC to 
> > the domain is OK using samba-tool domain join command. The domain 
> > controller appears in the DC list (MMC) 
> > 
> > 
> > However, users cannot be authenticated. Samba is running but these 
> > ports are closed : 
> > 
> > 
> > netbios-ssn 139/tcp # NETBIOS session service 
> > netbios-ssn 139/udp 
> > microsoft-ds 445/tcp 
> > microsoft-ds 445/udp 
> > 
> > Some other ports are available : 
> > 
> > 
> > 
> > [root at dmzrodc ~]# netstat -tlpn 
> > Connexions Internet actives (seulement serveurs) 
> > Proto Recv-Q Send-Q Adresse locale Adresse distante Etat 
> PID/Program 
> > name tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 23624/samba 
> > tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 23632/samba 
> > tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 23624/samba 
> > 
> > 
> > Winbind is not working : 
> > 
> > [root at dmzrodc ~]# wbinfo -u 
> > could not obtain winbind interface details: 
> > WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! 
> > Error looking up domain users 
> 
> Is winbind actually installed ?? 
> 
> Rowland 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 
> 
> 
> -- 
> 
> 
> 
> 
> www.it-optics.com 
> 	
> Gaëtan SLONGO | Head of Infrastructure Department 
> Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
> Company : 	+32 (0)65 84 23 85 
> Direct : 	+32 (0)65 32 85 88 
> Fax : 	+32 (0)65 84 66 76 
> Skype ID : 	gslongo.pro 
> GPG Key : 	gslongo-gpg_key.asc 
> 	
> 
> - Please consider your environmental responsibility before 
> printing this e-mail - 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list