Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] RPC server is unavailable when using ADUC
144 views
Skip to first unread message
Damir Dezeljin via samba
Aug 22, 2016, 5:40:03 AM8/22/16
to
Hello.
We're running Samba 4.3.9 AD on two Ubuntu 16.04 LTS machines. I'm managing
AD users and DNS from Windows 10 joined to the domain, by using ADUC.
Last week I noticed the following error when starting ADUC as Administrator
of the AD domain:
----
Naming information cannot be located because:
The RPC server is unavailable.
Contact your system administrator to verify that your domain is properly
configured and is currently online
----
I did an Internet search and corrective actions I found - i.e.
1. kinit Administrator
2. made sure the smb.conf on both machines are correct
3. checked resolv.conf
3. samba_dnsupdate (on both machines)
4. synced the /var/lib/samba/sysvol/ between both machines (rsync)
5. samba-tool ntacl sysvolcheck
But the error still persist.
Here is my smb.conf (it is same on both computers):
----
[global]
workgroup = MYORG
realm = MYORG.SI
netbios name = SRV01
wins support = yes
server role = active directory domain controller
tls enabled = yes
tls cafile = tls/MyorgCA.crt
tls certfile = tls/srv01.myorg.si.crt
tls keyfile = tls/srv01.myorg.si.key
tls dh params file = tls/dcdhparams.pem
dns forwarder = 8.8.8.8
allow dns updates = nonsecure
idmap_ldb:use rfc2307 = yes
time server = yes
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config MYORG:backend = ad
idmap config MYORG:schema_mode = rfc2307
idmap config MYORG:range = 20001-29999
[netlogon]
path = /var/lib/samba/sysvol/myorg.si/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
----
Please note also the last couple of errors from this output:
----
# service samba-ad-dc status
● samba-ad-dc.service - LSB: start Samba daemons for the AD DC
Loaded: loaded (/etc/init.d/samba-ad-dc; bad; vendor preset: enabled)
Active: active (running) since Fri 2016-08-19 16:43:03 CEST; 2 days ago
Docs: man:systemd-sysv-generator(8)
Process: 2365 ExecStart=/etc/init.d/samba-ad-dc start (code=exited,
status=0/SUCCESS)
Tasks: 23
Memory: 249.4M
CPU: 7min 21.875s
CGroup: /system.slice/samba-ad-dc.service
├─2772 /usr/sbin/samba -D
├─2789 /usr/sbin/samba -D
├─2790 /usr/sbin/samba -D
├─2791 /usr/sbin/samba -D
├─2792 /usr/sbin/samba -D
├─2793 /usr/sbin/samba -D
├─2794 /usr/sbin/samba -D
├─2795 /usr/sbin/samba -D
├─2796 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─2797 /usr/sbin/samba -D
├─2798 /usr/sbin/samba -D
├─2799 /usr/sbin/samba -D
├─2800 /usr/sbin/samba -D
├─2801 /usr/sbin/samba -D
├─2802 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─2803 /usr/sbin/samba -D
├─2808 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─2812 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─2848 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─3096 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7105 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7256 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
└─7445 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
Aug 21 12:03:15 IDM samba[2801]: /usr/sbin/samba_dnsupdate: ; TSIG error
with server: tsig verify failure
Aug 21 12:03:16 IDM samba[2801]: [2016/08/21 12:03:16.008220, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
Aug 21 12:03:16 IDM samba[2801]: /usr/sbin/samba_dnsupdate: ; TSIG error
with server: tsig verify failure
Aug 21 12:03:16 IDM samba[2801]: [2016/08/21 12:03:16.020913, 0]
../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
Aug 21 12:03:16 IDM samba[2801]: ../source4/dsdb/dns/dns_update.c:294:
Failed DNS update - NT_STATUS_SHARING_VIOLATION
Aug 21 16:33:14 IDM samba[2801]: [2016/08/21 16:33:14.118190, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
Aug 21 16:33:14 IDM samba[2801]: /usr/sbin/samba_dnsupdate: ; TSIG error
with server: tsig verify failure
Aug 21 16:33:14 IDM samba[2801]: [2016/08/21 16:33:14.129562, 0]
../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
Aug 21 16:33:14 IDM samba[2801]: ../source4/dsdb/dns/dns_update.c:294:
Failed DNS update - NT_STATUS_ACCESS_DENIED
Aug 22 09:06:12 IDM samba[2790]: [2016/08/22 09:06:12.381991, 0]
../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1086(dnsserver_query_zone)
----
And here is the internal DNS update tool that shows there are no DNS
updates needed (same output is generated on both hosts):
----
# samba_dnsupdate --verbose | tail -1
No DNS updates needed
----
I would appreciate any hint and/or help.
Kind regards,
Damir Dezeljin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
We're running Samba 4.3.9 AD on two Ubuntu 16.04 LTS machines. I'm managing
AD users and DNS from Windows 10 joined to the domain, by using ADUC.
Last week I noticed the following error when starting ADUC as Administrator
of the AD domain:
----
Naming information cannot be located because:
The RPC server is unavailable.
Contact your system administrator to verify that your domain is properly
configured and is currently online
----
I did an Internet search and corrective actions I found - i.e.
1. kinit Administrator
2. made sure the smb.conf on both machines are correct
3. checked resolv.conf
3. samba_dnsupdate (on both machines)
4. synced the /var/lib/samba/sysvol/ between both machines (rsync)
5. samba-tool ntacl sysvolcheck
But the error still persist.
Here is my smb.conf (it is same on both computers):
----
[global]
workgroup = MYORG
realm = MYORG.SI
netbios name = SRV01
wins support = yes
server role = active directory domain controller
tls enabled = yes
tls cafile = tls/MyorgCA.crt
tls certfile = tls/srv01.myorg.si.crt
tls keyfile = tls/srv01.myorg.si.key
tls dh params file = tls/dcdhparams.pem
dns forwarder = 8.8.8.8
allow dns updates = nonsecure
idmap_ldb:use rfc2307 = yes
time server = yes
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config MYORG:backend = ad
idmap config MYORG:schema_mode = rfc2307
idmap config MYORG:range = 20001-29999
[netlogon]
path = /var/lib/samba/sysvol/myorg.si/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
----
Please note also the last couple of errors from this output:
----
# service samba-ad-dc status
● samba-ad-dc.service - LSB: start Samba daemons for the AD DC
Loaded: loaded (/etc/init.d/samba-ad-dc; bad; vendor preset: enabled)
Active: active (running) since Fri 2016-08-19 16:43:03 CEST; 2 days ago
Docs: man:systemd-sysv-generator(8)
Process: 2365 ExecStart=/etc/init.d/samba-ad-dc start (code=exited,
status=0/SUCCESS)
Tasks: 23
Memory: 249.4M
CPU: 7min 21.875s
CGroup: /system.slice/samba-ad-dc.service
├─2772 /usr/sbin/samba -D
├─2789 /usr/sbin/samba -D
├─2790 /usr/sbin/samba -D
├─2791 /usr/sbin/samba -D
├─2792 /usr/sbin/samba -D
├─2793 /usr/sbin/samba -D
├─2794 /usr/sbin/samba -D
├─2795 /usr/sbin/samba -D
├─2796 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─2797 /usr/sbin/samba -D
├─2798 /usr/sbin/samba -D
├─2799 /usr/sbin/samba -D
├─2800 /usr/sbin/samba -D
├─2801 /usr/sbin/samba -D
├─2802 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─2803 /usr/sbin/samba -D
├─2808 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─2812 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─2848 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─3096 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7105 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7256 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
└─7445 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
Aug 21 12:03:15 IDM samba[2801]: /usr/sbin/samba_dnsupdate: ; TSIG error
with server: tsig verify failure
Aug 21 12:03:16 IDM samba[2801]: [2016/08/21 12:03:16.008220, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
Aug 21 12:03:16 IDM samba[2801]: /usr/sbin/samba_dnsupdate: ; TSIG error
with server: tsig verify failure
Aug 21 12:03:16 IDM samba[2801]: [2016/08/21 12:03:16.020913, 0]
../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
Aug 21 12:03:16 IDM samba[2801]: ../source4/dsdb/dns/dns_update.c:294:
Failed DNS update - NT_STATUS_SHARING_VIOLATION
Aug 21 16:33:14 IDM samba[2801]: [2016/08/21 16:33:14.118190, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
Aug 21 16:33:14 IDM samba[2801]: /usr/sbin/samba_dnsupdate: ; TSIG error
with server: tsig verify failure
Aug 21 16:33:14 IDM samba[2801]: [2016/08/21 16:33:14.129562, 0]
../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
Aug 21 16:33:14 IDM samba[2801]: ../source4/dsdb/dns/dns_update.c:294:
Failed DNS update - NT_STATUS_ACCESS_DENIED
Aug 22 09:06:12 IDM samba[2790]: [2016/08/22 09:06:12.381991, 0]
../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1086(dnsserver_query_zone)
----
And here is the internal DNS update tool that shows there are no DNS
updates needed (same output is generated on both hosts):
----
# samba_dnsupdate --verbose | tail -1
No DNS updates needed
----
I would appreciate any hint and/or help.
Kind regards,
Damir Dezeljin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
Aug 22, 2016, 6:00:04 AM8/22/16
to
https://bugzilla.samba.org/show_bug.cgi?id=11351
Rowland
0 new messages