samba - Feb 2015 - RPC Server is unavailable . . .

Ubuntu 14.04, Samba 4.1.6

I'm having trouble connecting Windows clients to the domain.

"The following error occurred attempting to join the domain
"smbdomain":

The RPC server is unavailable."

When you attempt to join the domain, it finds it by name immediately and 
asks for username/password, after which it gives the error above.  I 
haven't found documentation on the RPC Server in Samba.

Is that an entry in the 'smb.conf'?  I see text about allowing
"domain
logons" and use of the "SAMR RPC pipe"  I have the requisite
entries in
'smb.conf' for 'netlogon' share but not the calls to allow the
scripts
to run.


[netlogon]
     path = /var/lib/samba/sysvol/smbdomain.com/scripts
     read only = No

[sysvol]
     path = /var/lib/samba/sysvol
     read only = No

I don't have "add user script" or "add machine script"
in the
'smb.conf'  Is it as simple as that?

Any suggestions?  Thanks.

On 14/02/15 09:53, Steve Ankeny wrote:
> Ubuntu 14.04, Samba 4.1.6
>
> I'm having trouble connecting Windows clients to the domain.
>
> "The following error occurred attempting to join the domain
"smbdomain":
>
> The RPC server is unavailable."
>
> When you attempt to join the domain, it finds it by name immediately 
> and asks for username/password, after which it gives the error above.  
> I haven't found documentation on the RPC Server in Samba.
>
> Is that an entry in the 'smb.conf'?  I see text about allowing
"domain
> logons" and use of the "SAMR RPC pipe"  I have the requisite
entries
> in 'smb.conf' for 'netlogon' share but not the calls to
allow the
> scripts to run.
>
>
> [netlogon]
>     path = /var/lib/samba/sysvol/smbdomain.com/scripts
>     read only = No
>
> [sysvol]
>     path = /var/lib/samba/sysvol
>     read only = No
>
> I don't have "add user script" or "add machine
script" in the
> 'smb.conf'  Is it as simple as that?
>
> Any suggestions?  Thanks.
>
No, it is not that simple, forget the old add XXX scripts, they have no 
place in an active directory domain.

How are your windows getting their ip info and do they point to the DC 
as their nameserver ?

Rowland

Hello Steve,

Am 14.02.2015 um 10:53 schrieb Steve Ankeny:
> I'm having trouble connecting Windows clients to the domain.
> 
> "The following error occurred attempting to join the domain
"smbdomain":
> 
> The RPC server is unavailable."
> 
> When you attempt to join the domain, it finds it by name immediately and
> asks for username/password, after which it gives the error above.  I
> haven't found documentation on the RPC Server in Samba.
* Can you please post your full smb.conf?

* Is this an NT4 PDC or an AD DC you want to join the machine to?

* Name resolution (Netbios/DNS) is working?

* Are all ports opened
(https://wiki.samba.org/index.php/Samba_port_usage) and all required
services running?


Regards,
Marc

answers below

On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>
>> They point to the DC as first nameserver and the gateway as second 
>> (then the ISP nameserver)
>
> OK, they really should be only pointing to the DC.
I've made that change with no change in the results.  I've also started 
'winbind' with no change.
>
>>
>> I still get the message "RPC server unavailable" (though I
didn't
>> reboot the Windows server before trying)
>>
>> Thanks for the response on using the scripts.
>>
>
> Have you altered the smb.conf on the DC ?
adam at sogo:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
     workgroup = SMBDOMAIN
     realm = smbdomain.com
     netbios name = SOGO
     server role = active directory domain controller
     dns forwarder = 192.168.121.1
     idmap_ldb:use rfc2307 = yes
     passdb backend = samba
     allow dns updates = nonsecure

     ### Configuration required by OpenChange server ###
     dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
     dcerpc_mapiproxy:server = true
     dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
exchange_ds_rfr
     ### Configuration required by OpenChange server ###

     mapistore:namedproperties = mysql
     namedproperties:mysql_user = openchange-user
     namedproperties:mysql_pass = passwd
     namedproperties:mysql_host = localhost
     namedproperties:mysql_db = openchange
     mapistore:indexing_backend = 
mysql://openchange-user:passwd at localhost/openchange
     mapiproxy:openchangedb = 
mysql://openchange-user:passwd at localhost/openchange

[netlogon]
     path = /var/lib/samba/sysvol/smbdomain.com/scripts
     read only = No

[sysvol]
     path = /var/lib/samba/sysvol
     read only = No

Other than adding the lines regarding 'openchange,' this has been the 
'smb.conf' since provisioning.
>
> have you moved the krb5.conf file, that samba4 creates when the domain 
> is provisioned, to /etc/ ? This should be in the private/ dir i.e 
> /var/lib/samba/private/krb5.conf on debian
I had not considered this but after copying it to /etc/ it made no 
difference in results.
>
> is the samba daemon running on the DC ?
Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and
'nmbd' and
'winbind' are not.

adam at sogo:~$ sudo service --status-all
  [ + ]  acpid
  [ + ]  apache2
  [ + ]  apparmor
  [ ? ]  apport
  [ + ]  atd
  [ + ]  clamav-freshclam
  [ ? ]  console-setup
  [ + ]  cron
  [ - ]  dbus
  [ ? ]  dns-clean
  [ + ]  friendly-recovery
  [ + ]  gdomap
  [ - ]  grub-common
  [ ? ]  irqbalance
  [ ? ]  killprocs
  [ ? ]  kmod
  [ + ]  memcached
  [ ? ]  mysql
  [ ? ]  networking
  [ - ]  nmbd
  [ ? ]  ondemand
  [ + ]  postfix
  [ ? ]  pppd-dns
  [ - ]  procps
  [ ? ]  rc.local
  [ + ]  resolvconf
  [ - ]  rsync
  [ + ]  rsyslog
  [ + ]  samba
  [ + ]  samba-ad-dc
  [ ? ]  screen-cleanup
  [ ? ]  sendsigs
  [ + ]  smbd
  [ + ]  sogo
  [ - ]  ssh
  [ - ]  sudo
  [ + ]  udev
  [ ? ]  umountfs
  [ ? ]  umountnfs.sh
  [ ? ]  umountroot
  [ - ]  unattended-upgrades
  [ - ]  urandom
  [ - ]  winbind


adam at sogo:~$ sudo initctl list | egrep "samba|smbd|nmbd|winbind"
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 815


Thanks again.
>
> Rowland

On 14/02/15 18:05, Steve Ankeny wrote:
> answers below
>
> On 02/14/2015 08:22 AM, Rowland Penny wrote:
>>>
>>> They point to the DC as first nameserver and the gateway as second 
>>> (then the ISP nameserver)
>>
>> OK, they really should be only pointing to the DC.
>
> I've made that change with no change in the results.  I've also 
> started 'winbind' with no change.
No, I think you will find that you tried to start winbind and it wouldn't.

Just what samba packages do you have installed ?
>
>>
>>>
>>> I still get the message "RPC server unavailable" (though
I didn't
>>> reboot the Windows server before trying)
>>>
>>> Thanks for the response on using the scripts.
>>>
>>
>> Have you altered the smb.conf on the DC ?
>
> adam at sogo:~$ cat /etc/samba/smb.conf
> # Global parameters
> [global]
>     workgroup = SMBDOMAIN
>     realm = smbdomain.com
>     netbios name = SOGO
>     server role = active directory domain controller
>     dns forwarder = 192.168.121.1
>     idmap_ldb:use rfc2307 = yes
>     passdb backend = samba
>     allow dns updates = nonsecure
>
>     ### Configuration required by OpenChange server ###
>     dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
>     dcerpc_mapiproxy:server = true
>     dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
> exchange_ds_rfr
>     ### Configuration required by OpenChange server ###
>
>     mapistore:namedproperties = mysql
>     namedproperties:mysql_user = openchange-user
>     namedproperties:mysql_pass = passwd
>     namedproperties:mysql_host = localhost
>     namedproperties:mysql_db = openchange
>     mapistore:indexing_backend = 
> mysql://openchange-user:passwd at localhost/openchange
>     mapiproxy:openchangedb = 
> mysql://openchange-user:passwd at localhost/openchange
>
> [netlogon]
>     path = /var/lib/samba/sysvol/smbdomain.com/scripts
>     read only = No
>
> [sysvol]
>     path = /var/lib/samba/sysvol
>     read only = No
>
> Other than adding the lines regarding 'openchange,' this has been
the
> 'smb.conf' since provisioning.
>
>>
>> have you moved the krb5.conf file, that samba4 creates when the 
>> domain is provisioned, to /etc/ ? This should be in the private/ dir 
>> i.e /var/lib/samba/private/krb5.conf on debian
>
> I had not considered this but after copying it to /etc/ it made no 
> difference in results.
>
>>
>> is the samba daemon running on the DC ?
>
> Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running
and 'nmbd' and
> 'winbind' are not. they are built
That is not actually what I asked, but it's close, nmbd & winbind 
shouldn't be running, they are built into the samba daemon, does 'ps
ax'
show 'samba -D' & 'smbd -D' ?
>
> adam at sogo:~$ sudo service --status-all
>  [ + ]  acpid
>  [ + ]  apache2
>  [ + ]  apparmor
>  [ ? ]  apport
>  [ + ]  atd
>  [ + ]  clamav-freshclam
>  [ ? ]  console-setup
>  [ + ]  cron
>  [ - ]  dbus
>  [ ? ]  dns-clean
>  [ + ]  friendly-recovery
>  [ + ]  gdomap
>  [ - ]  grub-common
>  [ ? ]  irqbalance
>  [ ? ]  killprocs
>  [ ? ]  kmod
>  [ + ]  memcached
>  [ ? ]  mysql
>  [ ? ]  networking
>  [ - ]  nmbd
>  [ ? ]  ondemand
>  [ + ]  postfix
>  [ ? ]  pppd-dns
>  [ - ]  procps
>  [ ? ]  rc.local
>  [ + ]  resolvconf
>  [ - ]  rsync
>  [ + ]  rsyslog
>  [ + ]  samba
>  [ + ]  samba-ad-dc
>  [ ? ]  screen-cleanup
>  [ ? ]  sendsigs
>  [ + ]  smbd
>  [ + ]  sogo
>  [ - ]  ssh
>  [ - ]  sudo
>  [ + ]  udev
>  [ ? ]  umountfs
>  [ ? ]  umountnfs.sh
>  [ ? ]  umountroot
>  [ - ]  unattended-upgrades
>  [ - ]  urandom
>  [ - ]  winbind
>
>
> adam at sogo:~$ sudo initctl list | egrep
"samba|smbd|nmbd|winbind"
> nmbd start/running
> winbind stop/waiting
> smbd stop/waiting
> reload-smbd stop/waiting
> samba-ad-dc start/running, process 815
>
>
> Thanks again.
>
>>
>> Rowland
>
>
Try turning off the sogo parts and try again.