[Samba] Samba 4.8 RODC not working

L.P.H. van Belle belle at bazuin.nl
Wed May 30 10:24:06 UTC 2018 

That are port you need : 
https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage  
from the site :  
*** The range matches the port range used by Windows Server 2008 and later. 
Samba versions before 4.7 used the TCP ports 1024 to 1300 instead. To manually set the port range in Samba 4.7 and later, 
set the rpc server port parameter in your smb.conf file. 
 
For details, see the parameter description in the smb.conf(5) man page. 
 
What i'll do, go lunching first, then i'll post my rule for ufw for my member server, that is set to 
Default: deny (incoming), deny (outgoing), disabled (routed)
if people want them. 

Greetz, 
 
Louis
 


 
 


Van: Gaetan SLONGO [mailto:gslongo at it-optics.com] 
Verzonden: woensdag 30 mei 2018 12:13
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4.8 RODC not working



Hi Louis ! 
Thanks for suggestion ! What are these ports ?


Thanks !

De: "L.P.H. van Belle via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Mardi 29 Mai 2018 17:08:21
Objet : Re: [Samba] Samba 4.8 RODC not working

I think you missed these in the firewall, if you allowed the "in" for the DC, you also need the OUT. 

 49152:65535/tcp ALLOW OUT  


Greetz, 

Louis

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Gaetan SLONGO via samba
> Verzonden: dinsdag 29 mei 2018 16:40
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4.8 RODC not working
> 
> Hi Rowland, 
> 
> 
> As said into the reply sent to Andrew, Winbind is installed, 
> but not started by samba (this is sernet packages) 
> 
> 
> Thanks 
> 
> ----- Mail original -----
> 
> De: "Rowland Penny via samba" <samba at lists.samba.org> 
> À: samba at lists.samba.org 
> Envoyé: Jeudi 24 Mai 2018 20:48:22 
> Objet : Re: [Samba] Samba 4.8 RODC not working 
> 
> On Thu, 24 May 2018 11:30:40 +0200 (CEST) 
> Gaetan SLONGO via samba <samba at lists.samba.org> wrote: 
> 
> > Hi, 
> > 
> > 
> > 
> > 
> > It's my first try to setup RODC using Samba 4.8. We have 
> latest Samba 
> > 4.7 environnement with 2 DC and some file servers. Joining 
> the DC to 
> > the domain is OK using samba-tool domain join command. The domain 
> > controller appears in the DC list (MMC) 
> > 
> > 
> > However, users cannot be authenticated. Samba is running but these 
> > ports are closed : 
> > 
> > 
> > netbios-ssn 139/tcp # NETBIOS session service 
> > netbios-ssn 139/udp 
> > microsoft-ds 445/tcp 
> > microsoft-ds 445/udp 
> > 
> > Some other ports are available : 
> > 
> > 
> > 
> > [root at dmzrodc ~]# netstat -tlpn 
> > Connexions Internet actives (seulement serveurs) 
> > Proto Recv-Q Send-Q Adresse locale Adresse distante Etat 
> PID/Program 
> > name tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 23624/samba 
> > tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 23632/samba 
> > tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 23624/samba 
> > 
> > 
> > Winbind is not working : 
> > 
> > [root at dmzrodc ~]# wbinfo -u 
> > could not obtain winbind interface details: 
> > WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! 
> > Error looking up domain users 
> 
> Is winbind actually installed ?? 
> 
> Rowland 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 
> 
> 
> -- 
> 
> 
> 
> 
> www.it-optics.com 
>         
> Gaëtan SLONGO | Head of Infrastructure Department 
> Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
> Company :         +32 (0)65 84 23 85 
> Direct :         +32 (0)65 32 85 88 
> Fax :         +32 (0)65 84 66 76 
> Skype ID :         gslongo.pro 
> GPG Key :         gslongo-gpg_key.asc 
>         
> 
> - Please consider your environmental responsibility before 
> printing this e-mail - 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




-- 


www.it-optics.com 

	Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 

	

- Please consider your environmental responsibility before printing this e-mail -

More information about the samba mailing list