>On 18/03/15 17:56, Jesper Koivum?ki wrote: >>/ Hi,/>>/ />>/ I'm running a samba 4.2 server on RedHat5 and for some reason I can't />>/ seem to logon using the AD Users and Computers -tool. />>/ />>/ Whenever I try to connect to the PDC I get the following error: />>/ />>/ "The following Domain Controller could not be contacted: <name of />>/ pdc>. The RPC server is unavailable." />>/ />>/ I've checked for any possible firewall issues, but even with all />>/ firewalls turned off in between them, I still get the same error message. />>/ />>/ I've also noticed I cannot access the server with the Administrator />>/ account over the network. When using smbclient I get />>/ NT_STATUS_INVALID_SID and if I try to connect as Administrator with a />>/ Windows 7 workstation, I just get a time out ("Error code: 0x80004005 />>/ Unspecified error). />>/ />>/ samba-tool works without a hitch, as do a number of other tools like />>/ ldbedit and wbinfo. />>/ />>/ />>/ I've followed the instructions by Rowland Penny I found in the />>/ archives for this mailing list: />>/ />>/ http://samba.2283325.n4.nabble.com/Administrators-SID-is-invalid-td4674430.html />>/ />>/ />>/ But I just can't get the Administrator account to work. The same error />>/ has now also started propagating to some of my test accounts as well />>/ as my own main account. />>/ />>/ mots might've fixed this by installing 4.1.0, but I have yet to try />>/ that. I figured I'd want to solve this with the current stable release. />>/ />>/ Anybody got any suggestions on how to tackle this? />>/ />>WOW, fame at last, I got quoted :-D > >Where did you get samba4 from ? > >Can you post your smb.conf > >RowlandHello, My mailinglist-Fu is clearly lacking, since I didn't get your message sent to my inbox. Sorry about that. I'm running the 4.2 that is currently linked on samba.org. My smb.conf: # Global parameters [global] workgroup = DOMAIN realm = FANCYDOMAINNAME.ORG netbios name = MEGATRON server role = active directory domain controller dns forwarder = <ISP DNS server> [netlogon] path = /mnt/Netshares/Logonscripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [nethome] path = /mnt/Netusers/Nethome read only = No -- Kind regards, Jesper Koivum?ki
On 19/03/15 12:48, Jesper Koivum?ki wrote:>> On 18/03/15 17:56, Jesper Koivum?ki wrote: >>> / Hi, > />>/ > />>/ I'm running a samba 4.2 server on RedHat5 and for some reason I > can't > />>/ seem to logon using the AD Users and Computers -tool. > />>/ > />>/ Whenever I try to connect to the PDC I get the following error: > />>/ > />>/ "The following Domain Controller could not be contacted: <name of > />>/ pdc>. The RPC server is unavailable." > />>/ > />>/ I've checked for any possible firewall issues, but even with all > />>/ firewalls turned off in between them, I still get the same error > message. > />>/ > />>/ I've also noticed I cannot access the server with the Administrator > />>/ account over the network. When using smbclient I get > />>/ NT_STATUS_INVALID_SID and if I try to connect as Administrator > with a > />>/ Windows 7 workstation, I just get a time out ("Error code: > 0x80004005 > />>/ Unspecified error). > />>/ > />>/ samba-tool works without a hitch, as do a number of other tools > like > />>/ ldbedit and wbinfo. > />>/ > />>/ > />>/ I've followed the instructions by Rowland Penny I found in the > />>/ archives for this mailing list: > />>/ > />>/ > http://samba.2283325.n4.nabble.com/Administrators-SID-is-invalid-td4674430.html > />>/ > />>/ > />>/ But I just can't get the Administrator account to work. The same > error > />>/ has now also started propagating to some of my test accounts as > well > />>/ as my own main account. > />>/ > />>/ mots might've fixed this by installing 4.1.0, but I have yet to try > />>/ that. I figured I'd want to solve this with the current stable > release. > />>/ > />>/ Anybody got any suggestions on how to tackle this? > />>/ > /> >> WOW, fame at last, I got quoted :-D >> >> Where did you get samba4 from ? >> >> Can you post your smb.conf >> >> Rowland > > > Hello, > > My mailinglist-Fu is clearly lacking, since I didn't get your message > sent to my inbox. Sorry about that. > > I'm running the 4.2 that is currently linked on samba.org. > > My smb.conf: > > # Global parameters > [global] > workgroup = DOMAIN > realm = FANCYDOMAINNAME.ORG > netbios name = MEGATRON > server role = active directory domain controller > dns forwarder = <ISP DNS server> > > [netlogon] > path = /mnt/Netshares/Logonscripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [nethome] > path = /mnt/Netusers/Nethome > read only = No >OK, what is the results from the following two commands: samba-tool testparm --suppress-prompt -v | grep '[s]erver services' samba-tool testparm --suppress-prompt -v | grep '[d]cerpc endpoint servers' Rowland
Den 2015-03-19 15:12, Rowland Penny skrev:> On 19/03/15 12:48, Jesper Koivum?ki wrote: >>> On 18/03/15 17:56, Jesper Koivum?ki wrote: >>>> / Hi, >> />>/ >> />>/ I'm running a samba 4.2 server on RedHat5 and for some reason I >> can't >> />>/ seem to logon using the AD Users and Computers -tool. >> />>/ >> />>/ Whenever I try to connect to the PDC I get the following error: >> />>/ >> />>/ "The following Domain Controller could not be contacted: <name of >> />>/ pdc>. The RPC server is unavailable." >> />>/ >> />>/ I've checked for any possible firewall issues, but even with all >> />>/ firewalls turned off in between them, I still get the same >> error message. >> />>/ >> />>/ I've also noticed I cannot access the server with the >> Administrator >> />>/ account over the network. When using smbclient I get >> />>/ NT_STATUS_INVALID_SID and if I try to connect as Administrator >> with a >> />>/ Windows 7 workstation, I just get a time out ("Error code: >> 0x80004005 >> />>/ Unspecified error). >> />>/ >> />>/ samba-tool works without a hitch, as do a number of other tools >> like >> />>/ ldbedit and wbinfo. >> />>/ >> />>/ >> />>/ I've followed the instructions by Rowland Penny I found in the >> />>/ archives for this mailing list: >> />>/ >> />>/ >> http://samba.2283325.n4.nabble.com/Administrators-SID-is-invalid-td4674430.html >> />>/ >> />>/ >> />>/ But I just can't get the Administrator account to work. The >> same error >> />>/ has now also started propagating to some of my test accounts as >> well >> />>/ as my own main account. >> />>/ >> />>/ mots might've fixed this by installing 4.1.0, but I have yet to >> try >> />>/ that. I figured I'd want to solve this with the current stable >> release. >> />>/ >> />>/ Anybody got any suggestions on how to tackle this? >> />>/ >> /> >>> WOW, fame at last, I got quoted :-D >>> >>> Where did you get samba4 from ? >>> >>> Can you post your smb.conf >>> >>> Rowland >> >> >> Hello, >> >> My mailinglist-Fu is clearly lacking, since I didn't get your message >> sent to my inbox. Sorry about that. >> >> I'm running the 4.2 that is currently linked on samba.org. >> >> My smb.conf: >> >> # Global parameters >> [global] >> workgroup = DOMAIN >> realm = FANCYDOMAINNAME.ORG >> netbios name = MEGATRON >> server role = active directory domain controller >> dns forwarder = <ISP DNS server> >> >> [netlogon] >> path = /mnt/Netshares/Logonscripts >> read only = No >> >> [sysvol] >> path = /usr/local/samba/var/locks/sysvol >> read only = No >> >> [nethome] >> path = /mnt/Netusers/Nethome >> read only = No >> > > OK, what is the results from the following two commands: > > samba-tool testparm --suppress-prompt -v | grep '[s]erver services' > > samba-tool testparm --suppress-prompt -v | grep '[d]cerpc endpoint > servers' > > Rowland >$ sudo samba-tool testparm --suppress-prompt -v | grep '[s]erver services' server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns $ sudo samba-tool testparm --suppress-prompt -v | grep '[d]cerpc endpoint servers' dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver I don't see anything out of the ordinary here, but then again I'd have no clue if something would be missing. Kind regards, Jesper Koivum?ki