Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] RPC Server is unavailable . . .
1,483 views
Skip to first unread message
Steve Ankeny
Feb 14, 2015, 5:00:03 AM2/14/15
to
Ubuntu 14.04, Samba 4.1.6
I'm having trouble connecting Windows clients to the domain.
"The following error occurred attempting to join the domain "smbdomain":
The RPC server is unavailable."
When you attempt to join the domain, it finds it by name immediately and
asks for username/password, after which it gives the error above. I
haven't found documentation on the RPC Server in Samba.
Is that an entry in the 'smb.conf'? I see text about allowing "domain
logons" and use of the "SAMR RPC pipe" I have the requisite entries in
'smb.conf' for 'netlogon' share but not the calls to allow the scripts
to run.
[netlogon]
path = /var/lib/samba/sysvol/smbdomain.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
I don't have "add user script" or "add machine script" in the
'smb.conf' Is it as simple as that?
Any suggestions? Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I'm having trouble connecting Windows clients to the domain.
"The following error occurred attempting to join the domain "smbdomain":
The RPC server is unavailable."
When you attempt to join the domain, it finds it by name immediately and
asks for username/password, after which it gives the error above. I
haven't found documentation on the RPC Server in Samba.
Is that an entry in the 'smb.conf'? I see text about allowing "domain
logons" and use of the "SAMR RPC pipe" I have the requisite entries in
'smb.conf' for 'netlogon' share but not the calls to allow the scripts
to run.
[netlogon]
path = /var/lib/samba/sysvol/smbdomain.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
I don't have "add user script" or "add machine script" in the
'smb.conf' Is it as simple as that?
Any suggestions? Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
Feb 14, 2015, 5:10:03 AM2/14/15
to
On 14/02/15 09:53, Steve Ankeny wrote:
> Ubuntu 14.04, Samba 4.1.6
>
> I'm having trouble connecting Windows clients to the domain.
>
> "The following error occurred attempting to join the domain "smbdomain":
>
> The RPC server is unavailable."
>
> When you attempt to join the domain, it finds it by name immediately
> and asks for username/password, after which it gives the error above.
> I haven't found documentation on the RPC Server in Samba.
>
> Is that an entry in the 'smb.conf'? I see text about allowing "domain
> logons" and use of the "SAMR RPC pipe" I have the requisite entries
> in 'smb.conf' for 'netlogon' share but not the calls to allow the
> scripts to run.
>
>
> [netlogon]
> path = /var/lib/samba/sysvol/smbdomain.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> I don't have "add user script" or "add machine script" in the
> 'smb.conf' Is it as simple as that?
>
> Any suggestions? Thanks.
>
No, it is not that simple, forget the old add XXX scripts, they have no
> Ubuntu 14.04, Samba 4.1.6
>
> I'm having trouble connecting Windows clients to the domain.
>
> "The following error occurred attempting to join the domain "smbdomain":
>
> The RPC server is unavailable."
>
> When you attempt to join the domain, it finds it by name immediately
> and asks for username/password, after which it gives the error above.
> I haven't found documentation on the RPC Server in Samba.
>
> Is that an entry in the 'smb.conf'? I see text about allowing "domain
> logons" and use of the "SAMR RPC pipe" I have the requisite entries
> in 'smb.conf' for 'netlogon' share but not the calls to allow the
> scripts to run.
>
>
> [netlogon]
> path = /var/lib/samba/sysvol/smbdomain.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> I don't have "add user script" or "add machine script" in the
> 'smb.conf' Is it as simple as that?
>
> Any suggestions? Thanks.
>
place in an active directory domain.
How are your windows getting their ip info and do they point to the DC
as their nameserver ?
Rowland
Marc Muehlfeld
Feb 14, 2015, 5:20:03 AM2/14/15
to
Hello Steve,
Am 14.02.2015 um 10:53 schrieb Steve Ankeny:
> I'm having trouble connecting Windows clients to the domain.
>
> "The following error occurred attempting to join the domain "smbdomain":
>
> The RPC server is unavailable."
>
> When you attempt to join the domain, it finds it by name immediately and
> asks for username/password, after which it gives the error above. I
> haven't found documentation on the RPC Server in Samba.
* Can you please post your full smb.conf?
* Is this an NT4 PDC or an AD DC you want to join the machine to?
* Name resolution (Netbios/DNS) is working?
* Are all ports opened
(https://wiki.samba.org/index.php/Samba_port_usage) and all required
services running?
Regards,
Marc
Am 14.02.2015 um 10:53 schrieb Steve Ankeny:
> I'm having trouble connecting Windows clients to the domain.
>
> "The following error occurred attempting to join the domain "smbdomain":
>
> The RPC server is unavailable."
>
> When you attempt to join the domain, it finds it by name immediately and
> asks for username/password, after which it gives the error above. I
> haven't found documentation on the RPC Server in Samba.
* Is this an NT4 PDC or an AD DC you want to join the machine to?
* Name resolution (Netbios/DNS) is working?
* Are all ports opened
(https://wiki.samba.org/index.php/Samba_port_usage) and all required
services running?
Regards,
Marc
Steve Ankeny
Feb 14, 2015, 1:10:04 PM2/14/15
to
answers below
On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>
>> They point to the DC as first nameserver and the gateway as second
>> (then the ISP nameserver)
>
> OK, they really should be only pointing to the DC.
I've made that change with no change in the results. I've also started
'winbind' with no change.
>
>>
>> I still get the message "RPC server unavailable" (though I didn't
>> reboot the Windows server before trying)
>>
>> Thanks for the response on using the scripts.
>>
>
> Have you altered the smb.conf on the DC ?
adam@sogo:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = SMBDOMAIN
realm = smbdomain.com
netbios name = SOGO
server role = active directory domain controller
dns forwarder = 192.168.121.1
idmap_ldb:use rfc2307 = yes
passdb backend = samba
allow dns updates = nonsecure
### Configuration required by OpenChange server ###
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
dcerpc_mapiproxy:server = true
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
### Configuration required by OpenChange server ###
mapistore:namedproperties = mysql
namedproperties:mysql_user = openchange-user
namedproperties:mysql_pass = passwd
namedproperties:mysql_host = localhost
namedproperties:mysql_db = openchange
mapistore:indexing_backend =
mysql://openchange-user:passwd@localhost/openchange
mapiproxy:openchangedb =
mysql://openchange-user:passwd@localhost/openchange
[netlogon]
path = /var/lib/samba/sysvol/smbdomain.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Other than adding the lines regarding 'openchange,' this has been the
'smb.conf' since provisioning.
>
> have you moved the krb5.conf file, that samba4 creates when the domain
> is provisioned, to /etc/ ? This should be in the private/ dir i.e
> /var/lib/samba/private/krb5.conf on debian
I had not considered this but after copying it to /etc/ it made no
difference in results.
>
> is the samba daemon running on the DC ?
Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and 'nmbd' and
'winbind' are not.
adam@sogo:~$ sudo service --status-all
[ + ] acpid
[ + ] apache2
[ + ] apparmor
[ ? ] apport
[ + ] atd
[ + ] clamav-freshclam
[ ? ] console-setup
[ + ] cron
[ - ] dbus
[ ? ] dns-clean
[ + ] friendly-recovery
[ + ] gdomap
[ - ] grub-common
[ ? ] irqbalance
[ ? ] killprocs
[ ? ] kmod
[ + ] memcached
[ ? ] mysql
[ ? ] networking
[ - ] nmbd
[ ? ] ondemand
[ + ] postfix
[ ? ] pppd-dns
[ - ] procps
[ ? ] rc.local
[ + ] resolvconf
[ - ] rsync
[ + ] rsyslog
[ + ] samba
[ + ] samba-ad-dc
[ ? ] screen-cleanup
[ ? ] sendsigs
[ + ] smbd
[ + ] sogo
[ - ] ssh
[ - ] sudo
[ + ] udev
[ ? ] umountfs
[ ? ] umountnfs.sh
[ ? ] umountroot
[ - ] unattended-upgrades
[ - ] urandom
[ - ] winbind
adam@sogo:~$ sudo initctl list | egrep "samba|smbd|nmbd|winbind"
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 815
Thanks again.
On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>
>> They point to the DC as first nameserver and the gateway as second
>> (then the ISP nameserver)
>
> OK, they really should be only pointing to the DC.
I've made that change with no change in the results. I've also started
'winbind' with no change.
>
>>
>> I still get the message "RPC server unavailable" (though I didn't
>> reboot the Windows server before trying)
>>
>> Thanks for the response on using the scripts.
>>
>
> Have you altered the smb.conf on the DC ?
adam@sogo:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = SMBDOMAIN
realm = smbdomain.com
netbios name = SOGO
server role = active directory domain controller
dns forwarder = 192.168.121.1
idmap_ldb:use rfc2307 = yes
passdb backend = samba
allow dns updates = nonsecure
### Configuration required by OpenChange server ###
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
dcerpc_mapiproxy:server = true
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
### Configuration required by OpenChange server ###
mapistore:namedproperties = mysql
namedproperties:mysql_user = openchange-user
namedproperties:mysql_pass = passwd
namedproperties:mysql_host = localhost
namedproperties:mysql_db = openchange
mapistore:indexing_backend =
mysql://openchange-user:passwd@localhost/openchange
mapiproxy:openchangedb =
mysql://openchange-user:passwd@localhost/openchange
[netlogon]
path = /var/lib/samba/sysvol/smbdomain.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
'smb.conf' since provisioning.
>
> have you moved the krb5.conf file, that samba4 creates when the domain
> is provisioned, to /etc/ ? This should be in the private/ dir i.e
> /var/lib/samba/private/krb5.conf on debian
I had not considered this but after copying it to /etc/ it made no
difference in results.
>
> is the samba daemon running on the DC ?
Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and 'nmbd' and
'winbind' are not.
adam@sogo:~$ sudo service --status-all
[ + ] acpid
[ + ] apache2
[ + ] apparmor
[ ? ] apport
[ + ] atd
[ + ] clamav-freshclam
[ ? ] console-setup
[ + ] cron
[ - ] dbus
[ ? ] dns-clean
[ + ] friendly-recovery
[ + ] gdomap
[ - ] grub-common
[ ? ] irqbalance
[ ? ] killprocs
[ ? ] kmod
[ + ] memcached
[ ? ] mysql
[ ? ] networking
[ - ] nmbd
[ ? ] ondemand
[ + ] postfix
[ ? ] pppd-dns
[ - ] procps
[ ? ] rc.local
[ + ] resolvconf
[ - ] rsync
[ + ] rsyslog
[ + ] samba
[ + ] samba-ad-dc
[ ? ] screen-cleanup
[ ? ] sendsigs
[ + ] smbd
[ + ] sogo
[ - ] ssh
[ - ] sudo
[ + ] udev
[ ? ] umountfs
[ ? ] umountnfs.sh
[ ? ] umountroot
[ - ] unattended-upgrades
[ - ] urandom
[ - ] winbind
adam@sogo:~$ sudo initctl list | egrep "samba|smbd|nmbd|winbind"
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 815
Thanks again.
Rowland Penny
Feb 14, 2015, 2:20:03 PM2/14/15
to
On 14/02/15 18:05, Steve Ankeny wrote:
> answers below
>
> On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>>
>>> They point to the DC as first nameserver and the gateway as second
>>> (then the ISP nameserver)
>>
>> OK, they really should be only pointing to the DC.
>
> I've made that change with no change in the results. I've also
> started 'winbind' with no change.
No, I think you will find that you tried to start winbind and it wouldn't.
> answers below
>
> On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>>
>>> They point to the DC as first nameserver and the gateway as second
>>> (then the ISP nameserver)
>>
>> OK, they really should be only pointing to the DC.
>
> I've made that change with no change in the results. I've also
> started 'winbind' with no change.
Just what samba packages do you have installed ?
That is not actually what I asked, but it's close, nmbd & winbind
shouldn't be running, they are built into the samba daemon, does 'ps ax'
show 'samba -D' & 'smbd -D' ?
Steve Ankeny
Feb 14, 2015, 2:50:03 PM2/14/15
to
answers below
On 02/14/2015 02:10 PM, Rowland Penny wrote:
> On 14/02/15 18:05, Steve Ankeny wrote:
>> answers below
>>
>> On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>
>> I've made that change with no change in the results. I've also
>> started 'winbind' with no change.
>
> No, I think you will find that you tried to start winbind and it
> wouldn't.
>
> Just what samba packages do you have installed ?
adam@sogo:~$ sudo dpkg --get-selections | egrep "samba|smb|nmb|winbind"
libnss-winbind:amd64 install
libpam-winbind:amd64 install
libsmbclient:amd64 install
python-samba install
samba install
samba-common install
samba-common-bin install
samba-dev install
samba-dsdb-modules install
samba-libs:amd64 install
samba-vfs-modules install
smbclient install
winbind install
> have you moved the krb5.conf file, that samba4 creates when the domain
> is provisioned, to /etc/ ? This should be in the private/ dir i.e
> /var/lib/samba/private/krb5.conf on debian
>>
>> I had not considered this but after copying it to /etc/ it made no
>> difference in results.
>>
>>>
>>> is the samba daemon running on the DC ?
>>
>> Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and 'nmbd' and
>> 'winbind' are not. they are built
>
> That is not actually what I asked, but it's close, nmbd & winbind
> shouldn't be running, they are built into the samba daemon, does 'ps
> ax' show 'samba -D' & 'smbd -D' ?
adam@sogo:~$ sudo ps ax | egrep "samba|smbd|nmbd|winbind"
815 ? Ss 0:00 samba -D
1458 ? S 0:00 samba -D
1460 ? Ss 0:02 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
1461 ? S 0:00 samba -D
1462 ? S 0:00 samba -D
1464 ? S 0:03 samba -D
1473 ? S 0:00 samba -D
1479 ? S 0:00 samba -D
1483 ? S 0:16 samba -D
1487 ? S 0:00 samba -D
1490 ? S 0:00 samba -D
1491 ? S 0:09 samba -D
1492 ? S 0:01 samba -D
1501 ? S 0:03 samba -D
1519 ? S 0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
3960 pts/1 S+ 0:00 egrep --color=auto samba|smbd|nmbd|winbind
> Rowland
>>
>>
>
> Try turning off the sogo parts and try again.
Bingo!
I commented out the OpenChange portions of 'smb.conf'
### Configuration required by OpenChange server ###
#dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
#dcerpc_mapiproxy:server = true
#dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
#namedproperties:mysql_user = openchange-user
#namedproperties:mysql_pass = passwd
#namedproperties:mysql_host = localhost
#namedproperties:mysql_db = openchange
#mapistore:indexing_backend =
mysql://openchange-user:passwd@localhost/openchange
#mapiproxy:openchangedb =
mysql://openchange-user:passwd@localhost/openchange
And, I temporarily stopped the 'sogo' & 'memcache' services, and one of
my machines joined the domain.
Thanks! I appreciate your help and will move on from here. I've
learned a lot.
On 02/14/2015 02:10 PM, Rowland Penny wrote:
> On 14/02/15 18:05, Steve Ankeny wrote:
>> answers below
>>
>> On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>
>> I've made that change with no change in the results. I've also
>> started 'winbind' with no change.
>
> No, I think you will find that you tried to start winbind and it
> wouldn't.
>
> Just what samba packages do you have installed ?
libnss-winbind:amd64 install
libpam-winbind:amd64 install
libsmbclient:amd64 install
python-samba install
samba install
samba-common install
samba-common-bin install
samba-dev install
samba-dsdb-modules install
samba-libs:amd64 install
samba-vfs-modules install
smbclient install
winbind install
> have you moved the krb5.conf file, that samba4 creates when the domain
> is provisioned, to /etc/ ? This should be in the private/ dir i.e
> /var/lib/samba/private/krb5.conf on debian
>>
>> I had not considered this but after copying it to /etc/ it made no
>> difference in results.
>>
>>>
>>> is the samba daemon running on the DC ?
>>
>> Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and 'nmbd' and
>> 'winbind' are not. they are built
>
> That is not actually what I asked, but it's close, nmbd & winbind
> shouldn't be running, they are built into the samba daemon, does 'ps
> ax' show 'samba -D' & 'smbd -D' ?
815 ? Ss 0:00 samba -D
1458 ? S 0:00 samba -D
1460 ? Ss 0:02 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
1461 ? S 0:00 samba -D
1462 ? S 0:00 samba -D
1464 ? S 0:03 samba -D
1473 ? S 0:00 samba -D
1479 ? S 0:00 samba -D
1483 ? S 0:16 samba -D
1487 ? S 0:00 samba -D
1490 ? S 0:00 samba -D
1491 ? S 0:09 samba -D
1492 ? S 0:01 samba -D
1501 ? S 0:03 samba -D
1519 ? S 0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
3960 pts/1 S+ 0:00 egrep --color=auto samba|smbd|nmbd|winbind
> Rowland
>>
>>
>
> Try turning off the sogo parts and try again.
I commented out the OpenChange portions of 'smb.conf'
### Configuration required by OpenChange server ###
#dcerpc_mapiproxy:server = true
#dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
### Configuration required by OpenChange server ###
#mapistore:namedproperties = mysql
### Configuration required by OpenChange server ###
#namedproperties:mysql_user = openchange-user
#namedproperties:mysql_pass = passwd
#namedproperties:mysql_host = localhost
#namedproperties:mysql_db = openchange
#mapistore:indexing_backend =
mysql://openchange-user:passwd@localhost/openchange
#mapiproxy:openchangedb =
mysql://openchange-user:passwd@localhost/openchange
And, I temporarily stopped the 'sogo' & 'memcache' services, and one of
my machines joined the domain.
Thanks! I appreciate your help and will move on from here. I've
learned a lot.
Rowland Penny
Feb 14, 2015, 5:50:04 PM2/14/15
to
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup,
unixinfo, browser, eventlog6, backupkey
If you run 'samba-tool testparm -v' , you will get all the defaults as
well as what is in smb.conf, amongst which is:
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver
So by setting 'dcerpc endpoint server' as you did, you have turned all
the rest off, try this line instead:
dcerpc endpoint servers = +mapiproxy
Rowland
Steve Ankeny
Feb 14, 2015, 7:00:03 PM2/14/15
to
respond to the Windows RPC, but I didn't think of it until you mentioned
it. The line is as Inverse suggests, but I'll try your suggestion instead.
Thanks, again. I'll be following the Samba list for awhile but
hopefully I'm ready to move forward.
I'll be using the Microsoft snap-in for AD management, but I've already
used some of the Samba tools, and I've already run things like
'samba-tool testparm' but not with the '-v' parameter. That's amazing!
I'm really impressed with the response and competence of the help I've
received.
0 new messages