[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

Rowland Penny rpenny at samba.org
Tue Sep 27 18:03:12 UTC 2022 


On 27/09/2022 18:49, Andrew Bartlett wrote:
> On Tue, 2022-09-27 at 14:31 +0100, Rowland Penny via samba wrote:
>>
>> On 27/09/2022 13:52, Alexander Harm || ApfelQ wrote:
>>> I was able to make some progress on the issue and I have the following
>>> things working now:
>>>
>>> - "pdbedit -v -u username" works fine now
>>> - “pdbedit -L” works as well
>>> - “getent passwd username” works
>>> - "wbinfo -g" works
>>> - joining and leaving the domain works fine as well
>>>
>>> I’m still stuck on
>>>
>>> - "wbinfo -u" does not return any users (is this important?)
>>
>> Yes
> 
> I'm not sure this is relevant on an NT4 domain (as nsswitch is the
> authority for users in this case), but I would have expected this to
> work.

Well yes, but doesn't it ultimately as winbind ?

> 
>>> - login from Windows machines fails with error 7519 which indicates
>>> a
>>> problem with RPC
>>> - “net rpc join -U administrator” fails with “Failed to join
>>> domain:
>>> failed to lookup DC info for domain 'DLAN' over rpc: {Device
>>> Timeout}
>>> The specified I/O operation on %hs was not completed before the
>>> time-out
>>> period expired.”
> 
> is nmbd running?
> 
>>> - port 135 also does not seem to be open on the machine
>>
>> It looks like the rpc service isn't running.
> 
> Port 135 is not normally used on an NT4 DC.

Then why does the Samba wiki list port 135 as being required on an 
NT4-style domain PDC ?

> 
>>> - "testparm --suppress-prompt -v | grep '[s]erver services’” seems
>>> to
>>> return the correct list though “server services = s3fs, rpc, nbt,
>>> wrepl,
>>> ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns"
>>
>> Have you upgraded to AD, if not then you can ignore that, it is only
>> used by AD.
> 
> Correct.
> 
>>>
>>> Anymore ideas?
>>
>> No, a bit lost now, it has been years since I ran an NT4-style
>> domain.
>>
>> Rowland
> 
> I'm thinking missing nmbd.


Possibly, I believe that smbd, nmbd and winbind should all be running.
As I said, it has been a long time since I ran an NT4 PDC, AD is so much 
easier, once you get your head around the 'idmap config' lines.

Rowland

More information about the samba mailing list