Web lists-archives.com

[Samba] Samba 4.8 RODC not working




Hi, 




It's my first try to setup RODC using Samba 4.8. We have latest Samba 4.7 environnement with 2 DC and some file servers. 
Joining the DC to the domain is OK using samba-tool domain join command. The domain controller appears in the DC list (MMC) 


However, users cannot be authenticated. Samba is running but these ports are closed : 


netbios-ssn 139/tcp # NETBIOS session service 
netbios-ssn 139/udp 
microsoft-ds 445/tcp 
microsoft-ds 445/udp 

Some other ports are available : 



[root@dmzrodc ~]# netstat -tlpn 
Connexions Internet actives (seulement serveurs) 
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name 
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 23622/samba 
tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 23619/samba 
tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 23619/samba 
tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN 23619/samba 
tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 23622/samba 
tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 23622/samba 
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 23622/samba 
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 23619/samba 
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 23624/samba 
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 23632/samba 
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 23624/samba 






Winbind is not working : 



[root@dmzrodc ~]# wbinfo -u 
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE 
could not obtain winbind domain name! 
Error looking up domain users 


Logs are not showing something clear : 





==> /var/log/samba/log.samba <== 
[2018/05/24 11:29:24.038701, 0] ../source4/smbd/process_standard.c:81(sigterm_signal_handler) 
sigterm_signal_handler: Exiting pid 23632 on SIGTERM 
[2018/05/24 11:29:25.178372, 0] ../source4/smbd/server.c:466(binary_smbd_main) 
samba version 4.8.2-SerNet-RedHat-10.el7 started. 
Copyright Andrew Tridgell and the Samba Team 1992-2018 
[2018/05/24 11:29:25.369162, 0] ../source4/smbd/server.c:638(binary_smbd_main) 
binary_smbd_main: samba: using 'standard' process model 
[2018/05/24 11:29:25.382292, 0] ../lib/util/become_daemon.c:138(daemon_ready) 
daemon_ready: STATUS=daemon 'samba' finished starting up and ready to serve connections 
[2018/05/24 11:29:25.520009, 0] ../file_server/file_server.c:46(file_server_smbd_done) 
file_server smbd daemon died with exit status 1 
[2018/05/24 11:29:25.520167, 0] ../source4/smbd/service_task.c:36(task_server_terminate) 
task_server_terminate: task_server_terminate: [smbd child process exited] 
[2018/05/24 11:29:25.530008, 0] ../source4/winbind/winbindd.c:47(winbindd_done) 
winbindd daemon died with exit status 1 
[2018/05/24 11:29:25.530169, 0] ../source4/smbd/service_task.c:36(task_server_terminate) 
task_server_terminate: task_server_terminate: [winbindd child process exited] 
[2018/05/24 11:29:26.029093, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: Traceback (most recent call last): 
[2018/05/24 11:29:26.029286, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 917, in <module> 
[2018/05/24 11:29:26.029317, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: call_rodc_update(d) 
[2018/05/24 11:29:26.029344, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 714, in call_rodc_update 
[2018/05/24 11:29:26.029375, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: rodc_dns_update(d, t, op) 
[2018/05/24 11:29:26.029402, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 657, in rodc_dns_update 
[2018/05/24 11:29:26.029428, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: w = winbind.winbind("irpc:winbind_server", lp) 
[2018/05/24 11:29:26.029454, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) 
/usr/sbin/samba_dnsupdate: samba.NTSTATUSError: (3221225645, 'The named pipe is not in the connected or closing state.') 
[2018/05/24 11:29:26.035872, 0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done) 
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 1 




Do you have any idea about what is causing the issue ? 


Thanks ! 
-- 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba