Web lists-archives.com

Re: [Samba] Samba 4.8 RODC not working




Hi Louis ! 


Thanks for suggestion ! 
What are these ports ? 


Thanks ! 

----- Mail original -----

De: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> 
À: samba@xxxxxxxxxxxxxxx 
Envoyé: Mardi 29 Mai 2018 17:08:21 
Objet : Re: [Samba] Samba 4.8 RODC not working 

I think you missed these in the firewall, if you allowed the "in" for the DC, you also need the OUT. 

49152:65535/tcp ALLOW OUT 


Greetz, 

Louis 



> -----Oorspronkelijk bericht----- 
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Gaetan SLONGO via samba 
> Verzonden: dinsdag 29 mei 2018 16:40 
> Aan: Rowland Penny 
> CC: samba@xxxxxxxxxxxxxxx 
> Onderwerp: Re: [Samba] Samba 4.8 RODC not working 
> 
> Hi Rowland, 
> 
> 
> As said into the reply sent to Andrew, Winbind is installed, 
> but not started by samba (this is sernet packages) 
> 
> 
> Thanks 
> 
> ----- Mail original ----- 
> 
> De: "Rowland Penny via samba" <samba@xxxxxxxxxxxxxxx> 
> À: samba@xxxxxxxxxxxxxxx 
> Envoyé: Jeudi 24 Mai 2018 20:48:22 
> Objet : Re: [Samba] Samba 4.8 RODC not working 
> 
> On Thu, 24 May 2018 11:30:40 +0200 (CEST) 
> Gaetan SLONGO via samba <samba@xxxxxxxxxxxxxxx> wrote: 
> 
> > Hi, 
> > 
> > 
> > 
> > 
> > It's my first try to setup RODC using Samba 4.8. We have 
> latest Samba 
> > 4.7 environnement with 2 DC and some file servers. Joining 
> the DC to 
> > the domain is OK using samba-tool domain join command. The domain 
> > controller appears in the DC list (MMC) 
> > 
> > 
> > However, users cannot be authenticated. Samba is running but these 
> > ports are closed : 
> > 
> > 
> > netbios-ssn 139/tcp # NETBIOS session service 
> > netbios-ssn 139/udp 
> > microsoft-ds 445/tcp 
> > microsoft-ds 445/udp 
> > 
> > Some other ports are available : 
> > 
> > 
> > 
> > [root@dmzrodc ~]# netstat -tlpn 
> > Connexions Internet actives (seulement serveurs) 
> > Proto Recv-Q Send-Q Adresse locale Adresse distante Etat 
> PID/Program 
> > name tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:49153 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:49154 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 23622/samba 
> > tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 23619/samba 
> > tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 23624/samba 
> > tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 23632/samba 
> > tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 23624/samba 
> > 
> > 
> > Winbind is not working : 
> > 
> > [root@dmzrodc ~]# wbinfo -u 
> > could not obtain winbind interface details: 
> > WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! 
> > Error looking up domain users 
> 
> Is winbind actually installed ?? 
> 
> Rowland 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 
> 
> 
> -- 
> 
> 
> 
> 
> www.it-optics.com 
> 
> Gaëtan SLONGO | Head of Infrastructure Department 
> Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
> Company : +32 (0)65 84 23 85 
> Direct : +32 (0)65 32 85 88 
> Fax : +32 (0)65 84 66 76 
> Skype ID : gslongo.pro 
> GPG Key : gslongo-gpg_key.asc 
> 
> 
> - Please consider your environmental responsibility before 
> printing this e-mail - 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



-- 




www.it-optics.com 
	
Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 
	

- Please consider your environmental responsibility before printing this e-mail - 








-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba