On 14/02/15 18:05, Steve Ankeny wrote:> answers below > > On 02/14/2015 08:22 AM, Rowland Penny wrote: >>> >>> They point to the DC as first nameserver and the gateway as second >>> (then the ISP nameserver) >> >> OK, they really should be only pointing to the DC. > > I've made that change with no change in the results. I've also > started 'winbind' with no change.No, I think you will find that you tried to start winbind and it wouldn't. Just what samba packages do you have installed ?> >> >>> >>> I still get the message "RPC server unavailable" (though I didn't >>> reboot the Windows server before trying) >>> >>> Thanks for the response on using the scripts. >>> >> >> Have you altered the smb.conf on the DC ? > > adam at sogo:~$ cat /etc/samba/smb.conf > # Global parameters > [global] > workgroup = SMBDOMAIN > realm = smbdomain.com > netbios name = SOGO > server role = active directory domain controller > dns forwarder = 192.168.121.1 > idmap_ldb:use rfc2307 = yes > passdb backend = samba > allow dns updates = nonsecure > > ### Configuration required by OpenChange server ### > dcerpc endpoint servers = epmapper, mapiproxy, dnsserver > dcerpc_mapiproxy:server = true > dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, > exchange_ds_rfr > ### Configuration required by OpenChange server ### > > mapistore:namedproperties = mysql > namedproperties:mysql_user = openchange-user > namedproperties:mysql_pass = passwd > namedproperties:mysql_host = localhost > namedproperties:mysql_db = openchange > mapistore:indexing_backend = > mysql://openchange-user:passwd at localhost/openchange > mapiproxy:openchangedb = > mysql://openchange-user:passwd at localhost/openchange > > [netlogon] > path = /var/lib/samba/sysvol/smbdomain.com/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Other than adding the lines regarding 'openchange,' this has been the > 'smb.conf' since provisioning. > >> >> have you moved the krb5.conf file, that samba4 creates when the >> domain is provisioned, to /etc/ ? This should be in the private/ dir >> i.e /var/lib/samba/private/krb5.conf on debian > > I had not considered this but after copying it to /etc/ it made no > difference in results. > >> >> is the samba daemon running on the DC ? > > Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and 'nmbd' and > 'winbind' are not. they are builtThat is not actually what I asked, but it's close, nmbd & winbind shouldn't be running, they are built into the samba daemon, does 'ps ax' show 'samba -D' & 'smbd -D' ?> > adam at sogo:~$ sudo service --status-all > [ + ] acpid > [ + ] apache2 > [ + ] apparmor > [ ? ] apport > [ + ] atd > [ + ] clamav-freshclam > [ ? ] console-setup > [ + ] cron > [ - ] dbus > [ ? ] dns-clean > [ + ] friendly-recovery > [ + ] gdomap > [ - ] grub-common > [ ? ] irqbalance > [ ? ] killprocs > [ ? ] kmod > [ + ] memcached > [ ? ] mysql > [ ? ] networking > [ - ] nmbd > [ ? ] ondemand > [ + ] postfix > [ ? ] pppd-dns > [ - ] procps > [ ? ] rc.local > [ + ] resolvconf > [ - ] rsync > [ + ] rsyslog > [ + ] samba > [ + ] samba-ad-dc > [ ? ] screen-cleanup > [ ? ] sendsigs > [ + ] smbd > [ + ] sogo > [ - ] ssh > [ - ] sudo > [ + ] udev > [ ? ] umountfs > [ ? ] umountnfs.sh > [ ? ] umountroot > [ - ] unattended-upgrades > [ - ] urandom > [ - ] winbind > > > adam at sogo:~$ sudo initctl list | egrep "samba|smbd|nmbd|winbind" > nmbd start/running > winbind stop/waiting > smbd stop/waiting > reload-smbd stop/waiting > samba-ad-dc start/running, process 815 > > > Thanks again. > >> >> Rowland > >Try turning off the sogo parts and try again.
answers below On 02/14/2015 02:10 PM, Rowland Penny wrote:> On 14/02/15 18:05, Steve Ankeny wrote: >> answers below >> >> On 02/14/2015 08:22 AM, Rowland Penny wrote: >> >> I've made that change with no change in the results. I've also >> started 'winbind' with no change. > > No, I think you will find that you tried to start winbind and it > wouldn't. > > Just what samba packages do you have installed ?adam at sogo:~$ sudo dpkg --get-selections | egrep "samba|smb|nmb|winbind" libnss-winbind:amd64 install libpam-winbind:amd64 install libsmbclient:amd64 install python-samba install samba install samba-common install samba-common-bin install samba-dev install samba-dsdb-modules install samba-libs:amd64 install samba-vfs-modules install smbclient install winbind install> have you moved the krb5.conf file, that samba4 creates when the domain > is provisioned, to /etc/ ? This should be in the private/ dir i.e > /var/lib/samba/private/krb5.conf on debian >> >> I had not considered this but after copying it to /etc/ it made no >> difference in results. >> >>> >>> is the samba daemon running on the DC ? >> >> Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and 'nmbd' and >> 'winbind' are not. they are built > > That is not actually what I asked, but it's close, nmbd & winbind > shouldn't be running, they are built into the samba daemon, does 'ps > ax' show 'samba -D' & 'smbd -D' ?adam at sogo:~$ sudo ps ax | egrep "samba|smbd|nmbd|winbind" 815 ? Ss 0:00 samba -D 1458 ? S 0:00 samba -D 1460 ? Ss 0:02 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 1461 ? S 0:00 samba -D 1462 ? S 0:00 samba -D 1464 ? S 0:03 samba -D 1473 ? S 0:00 samba -D 1479 ? S 0:00 samba -D 1483 ? S 0:16 samba -D 1487 ? S 0:00 samba -D 1490 ? S 0:00 samba -D 1491 ? S 0:09 samba -D 1492 ? S 0:01 samba -D 1501 ? S 0:03 samba -D 1519 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 3960 pts/1 S+ 0:00 egrep --color=auto samba|smbd|nmbd|winbind> Rowland >> >> > > Try turning off the sogo parts and try again.Bingo! I commented out the OpenChange portions of 'smb.conf' ### Configuration required by OpenChange server ### #dcerpc endpoint servers = epmapper, mapiproxy, dnsserver #dcerpc_mapiproxy:server = true #dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr ### Configuration required by OpenChange server ### #mapistore:namedproperties = mysql #namedproperties:mysql_user = openchange-user #namedproperties:mysql_pass = passwd #namedproperties:mysql_host = localhost #namedproperties:mysql_db = openchange #mapistore:indexing_backend = mysql://openchange-user:passwd at localhost/openchange #mapiproxy:openchangedb = mysql://openchange-user:passwd at localhost/openchange And, I temporarily stopped the 'sogo' & 'memcache' services, and one of my machines joined the domain. Thanks! I appreciate your help and will move on from here. I've learned a lot.
On 14/02/15 19:45, Steve Ankeny wrote:> answers below > > On 02/14/2015 02:10 PM, Rowland Penny wrote: >> On 14/02/15 18:05, Steve Ankeny wrote: >>> answers below >>> >>> On 02/14/2015 08:22 AM, Rowland Penny wrote: >>> >>> I've made that change with no change in the results. I've also >>> started 'winbind' with no change. >> >> No, I think you will find that you tried to start winbind and it >> wouldn't. >> >> Just what samba packages do you have installed ? > > adam at sogo:~$ sudo dpkg --get-selections | egrep "samba|smb|nmb|winbind" > libnss-winbind:amd64 install > libpam-winbind:amd64 install > libsmbclient:amd64 install > python-samba install > samba install > samba-common install > samba-common-bin install > samba-dev install > samba-dsdb-modules install > samba-libs:amd64 install > samba-vfs-modules install > smbclient install > winbind install > > >> have you moved the krb5.conf file, that samba4 creates when the >> domain is provisioned, to /etc/ ? This should be in the private/ dir >> i.e /var/lib/samba/private/krb5.conf on debian >>> >>> I had not considered this but after copying it to /etc/ it made no >>> difference in results. >>> >>>> >>>> is the samba daemon running on the DC ? >>> >>> Yes, 'samba,' 'samba-ad-dc' and 'smbd' are running and 'nmbd' and >>> 'winbind' are not. they are built >> >> That is not actually what I asked, but it's close, nmbd & winbind >> shouldn't be running, they are built into the samba daemon, does 'ps >> ax' show 'samba -D' & 'smbd -D' ? > > adam at sogo:~$ sudo ps ax | egrep "samba|smbd|nmbd|winbind" > 815 ? Ss 0:00 samba -D > 1458 ? S 0:00 samba -D > 1460 ? Ss 0:02 /usr/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > 1461 ? S 0:00 samba -D > 1462 ? S 0:00 samba -D > 1464 ? S 0:03 samba -D > 1473 ? S 0:00 samba -D > 1479 ? S 0:00 samba -D > 1483 ? S 0:16 samba -D > 1487 ? S 0:00 samba -D > 1490 ? S 0:00 samba -D > 1491 ? S 0:09 samba -D > 1492 ? S 0:01 samba -D > 1501 ? S 0:03 samba -D > 1519 ? S 0:00 /usr/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > 3960 pts/1 S+ 0:00 egrep --color=auto samba|smbd|nmbd|winbind > > >> Rowland >>> >>> >> >> Try turning off the sogo parts and try again. > > Bingo! > > I commented out the OpenChange portions of 'smb.conf' > > ### Configuration required by OpenChange server ### > #dcerpc endpoint servers = epmapper, mapiproxy, dnsserver > #dcerpc_mapiproxy:server = true > #dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, > exchange_ds_rfr > ### Configuration required by OpenChange server ### > > #mapistore:namedproperties = mysql > #namedproperties:mysql_user = openchange-user > #namedproperties:mysql_pass = passwd > #namedproperties:mysql_host = localhost > #namedproperties:mysql_db = openchange > #mapistore:indexing_backend = > mysql://openchange-user:passwd at localhost/openchange > #mapiproxy:openchangedb = > mysql://openchange-user:passwd at localhost/openchange > > And, I temporarily stopped the 'sogo' & 'memcache' services, and one > of my machines joined the domain. > > Thanks! I appreciate your help and will move on from here. I've > learned a lot. > >If you are interested why it didn't work before: dcerpc endpoint servers = epmapper, mapiproxy, dnsserver Is turning off this lot: wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey If you run 'samba-tool testparm -v' , you will get all the defaults as well as what is in smb.conf, amongst which is: dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver So by setting 'dcerpc endpoint server' as you did, you have turned all the rest off, try this line instead: dcerpc endpoint servers = +mapiproxy Rowland