Paul Upson
2015-Jun-30 18:37 UTC
[Samba] RPC server not available when windows client attempts to join samba AD
I am installing a new Samba 4.2 Active Directory server on CentOS 7. I followed the Wiki instructions on how to create the server. I am using sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but I cannot get any windows client to successfully join the domain. Each attempt returns the following error message "RPC Server in not available". Below are the config file info. I have searched the internet and cannot find any help that works. Thanks Paul ifcfg-enp0s3 ************************************************** TYPE=Ethernet BOOTPROTO=static IPADDR=192.168.42.241 DNS1=192.168.42.241 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=enp0s3 UUID=76058991-c999-4e20-a8cd-cea4da9a5be7 DEVICE=enp0s3 ONBOOT=yes HWADDR=08:00:27:F8:A6:80 PEERDNS=yes PEERROUTES=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_PRIVACY=no ******************************************************** smb.conf \************************************************* # Global parameters [global] workgroup = WMAA2 realm = WMAA2.LAN netbios name = WMAA-AD server role = active directory domain controller dns forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes security = domain [netlogon] path = /var/lib/samba/sysvol/wmaa2.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No ************************************************** resolv.conf ************************* # Generated Manually domain wmaa2.lan nameserver 192.168.42.241 *********************************** *Paul Upson* IT Support Manager Westmoreland Museum of American Art @rt 30 4764 State Route 30, Greensburg, PA 15601 724-261-9982 thewestmoreland.org <http://www.wmuseumaa.org/museum/getevent.cfm?ID=751>
Marc Muehlfeld
2015-Jun-30 18:47 UTC
[Samba] RPC server not available when windows client attempts to join samba AD
Hello Paul, Am 30.06.2015 um 20:37 schrieb Paul Upson:> I am installing a new Samba 4.2 Active Directory server on CentOS 7. I > followed the Wiki instructions on how to create the server. I am using > sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but > I cannot get any windows client to successfully join the domain. Each > attempt returns the following error message "RPC Server in not available". > Below are the config file info.* Do the clients use your DCs DNS server or one that is able to resolve your AD zones? * Does Samba listen on all required ports and on your LAN interface? https://wiki.samba.org/index.php/Samba_port_usage * Anything in the logs? Regards, Marc
Rowland Penny
2015-Jun-30 18:55 UTC
[Samba] RPC server not available when windows client attempts to join samba AD
On 30/06/15 19:37, Paul Upson wrote:> I am installing a new Samba 4.2 Active Directory server on CentOS 7. I > followed the Wiki instructions on how to create the server. I am using > sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but > I cannot get any windows client to successfully join the domain. Each > attempt returns the following error message "RPC Server in not available". > Below are the config file info. > > I have searched the internet and cannot find any help that works. > > Thanks Paul > > ifcfg-enp0s3 > ************************************************** > TYPE=Ethernet > BOOTPROTO=static > IPADDR=192.168.42.241 > DNS1=192.168.42.241 > DEFROUTE=yes > IPV4_FAILURE_FATAL=no > IPV6INIT=yes > IPV6_AUTOCONF=yes > IPV6_DEFROUTE=yes > IPV6_FAILURE_FATAL=no > NAME=enp0s3 > UUID=76058991-c999-4e20-a8cd-cea4da9a5be7 > DEVICE=enp0s3 > ONBOOT=yes > HWADDR=08:00:27:F8:A6:80 > PEERDNS=yes > PEERROUTES=yes > IPV6_PEERDNS=yes > IPV6_PEERROUTES=yes > IPV6_PRIVACY=no > ******************************************************** > > smb.conf > \************************************************* > # Global parameters > [global] > workgroup = WMAA2 > realm = WMAA2.LAN > netbios name = WMAA-AD > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > security = domain > > [netlogon] > path = /var/lib/samba/sysvol/wmaa2.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > ************************************************** > resolv.conf > ************************* > # Generated Manually > > domain wmaa2.lan > nameserver 192.168.42.241 > > *********************************** > > *Paul Upson* > IT Support Manager > Westmoreland Museum of American Art @rt 30 > 4764 State Route 30, Greensburg, PA 15601 > 724-261-9982 > thewestmoreland.org > > <http://www.wmuseumaa.org/museum/getevent.cfm?ID=751>What does 'hostname' say the hostname is ? Rowland
Paul Upson
2015-Jun-30 21:36 UTC
[Samba] RPC server not available when windows client attempts to join samba AD
Hi Marc, below is the ports the server is listening on. The client DNS is pointed at the samba ad DNS server address. I will get the logs to you as soon as I can. Thanks ************************************************************************* [root at wmaa2-ad samba]# netstat -lnp --tcp --udp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 4662/samba tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 4666/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 4666/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 4666/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 4662/samba tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 4663/smbd tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 2292/Xvnc tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2976/rpcbind tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 4668/samba tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2049/perl tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 2292/Xvnc tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 4675/samba tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 881/sshd tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 890/cupsd tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 4668/samba tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1291/master tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 4666/samba tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 4663/smbd tcp6 0 0 :::1024 :::* LISTEN 4662/samba tcp6 0 0 :::3268 :::* LISTEN 4666/samba tcp6 0 0 :::3269 :::* LISTEN 4666/samba tcp6 0 0 :::389 :::* LISTEN 4666/samba tcp6 0 0 :::135 :::* LISTEN 4662/samba tcp6 0 0 :::139 :::* LISTEN 4663/smbd tcp6 0 0 :::111 :::* LISTEN 2976/rpcbind tcp6 0 0 :::464 :::* LISTEN 4668/samba tcp6 0 0 :::6001 :::* LISTEN 2292/Xvnc tcp6 0 0 :::53 :::* LISTEN 4675/samba tcp6 0 0 :::22 :::* LISTEN 881/sshd tcp6 0 0 :::631 :::* LISTEN 890/cupsd tcp6 0 0 :::88 :::* LISTEN 4668/samba tcp6 0 0 ::1:25 :::* LISTEN 1291/master tcp6 0 0 :::636 :::* LISTEN 4666/samba tcp6 0 0 :::445 :::* LISTEN 4663/smbd udp 0 0 0.0.0.0:53 0.0.0.0:* 4675/samba udp 0 0 192.168.1.96:88 0.0.0.0:* 4668/samba udp 0 0 0.0.0.0:88 0.0.0.0:* 4668/samba udp 0 0 0.0.0.0:111 0.0.0.0:* 2976/rpcbind udp 0 0 0.0.0.0:123 0.0.0.0:* 605/chronyd udp 0 0 192.168.1.96:137 0.0.0.0:* 4664/samba udp 0 0 192.168.1.255:137 0.0.0.0:* 4664/samba udp 0 0 0.0.0.0:137 0.0.0.0:* 4664/samba udp 0 0 192.168.1.96:138 0.0.0.0:* 4664/samba udp 0 0 192.168.1.255:138 0.0.0.0:* 4664/samba udp 0 0 0.0.0.0:138 0.0.0.0:* 4664/samba udp 0 0 0.0.0.0:5353 0.0.0.0:* 618/avahi-daemon: r udp 0 0 127.0.0.1:323 0.0.0.0:* 605/chronyd udp 0 0 192.168.1.96:389 0.0.0.0:* 4667/samba udp 0 0 0.0.0.0:389 0.0.0.0:* 4667/samba udp 0 0 0.0.0.0:37258 0.0.0.0:* 618/avahi-daemon: r udp 0 0 192.168.1.96:464 0.0.0.0:* 4668/samba udp 0 0 0.0.0.0:464 0.0.0.0:* 4668/samba udp 0 0 0.0.0.0:607 0.0.0.0:* 2976/rpcbind udp 0 0 0.0.0.0:10000 0.0.0.0:* 2049/perl udp6 0 0 :::53 :::* 4675/samba udp6 0 0 fdb2:4b5:7220:0:20c::88 :::* 4668/samba udp6 0 0 :::88 :::* 4668/samba udp6 0 0 :::111 :::* 2976/rpcbind udp6 0 0 :::123 :::* 605/chronyd udp6 0 0 ::1:323 :::* 605/chronyd udp6 0 0 fdb2:4b5:7220:0:20c:389 :::* 4667/samba udp6 0 0 :::389 :::* 4667/samba udp6 0 0 fdb2:4b5:7220:0:20c:464 :::* 4668/samba udp6 0 0 :::464 :::* 4668/samba udp6 0 0 :::607 :::* 2976/rpcbind *Paul Upson* IT Support Manager Westmoreland Museum of American Art @rt 30 4764 State Route 30, Greensburg, PA 15601 724-261-9982 thewestmoreland.org <http://www.wmuseumaa.org/museum/getevent.cfm?ID=751> On Tue, Jun 30, 2015 at 2:47 PM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Hello Paul, > > Am 30.06.2015 um 20:37 schrieb Paul Upson: > > I am installing a new Samba 4.2 Active Directory server on CentOS 7. I > > followed the Wiki instructions on how to create the server. I am using > > sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side > but > > I cannot get any windows client to successfully join the domain. Each > > attempt returns the following error message "RPC Server in not > available". > > Below are the config file info. > > * Do the clients use your DCs DNS server or one that is able to resolve > your AD zones? > > * Does Samba listen on all required ports and on your LAN interface? > https://wiki.samba.org/index.php/Samba_port_usage > > * Anything in the logs? > > > Regards, > Marc >
Paul Upson
2015-Jul-01 01:50 UTC
[Samba] RPC server not available when windows client attempts to join samba AD
Hi Marc, below are the log files. I cleared the logs and then did the following, restarted samba with the command service sernet-samba-ad restart, smbclient -L wmaa2.lan -Upmupson, smbclient //wmaa2.lan/netlogon -Upmupson -c 'ls', and then I attempt to have a client to join the domain. log.samba ********************************************** [2015/06/30 21:37:05.048349, 0] ../source4/smbd/server.c:370(binary_smbd_main) samba version 4.2.2-SerNet-RedHat-18.el7 started. Copyright Andrew Tridgell and the Samba Team 1992-2014 [2015/06/30 21:37:05.772456, 0] ../source4/smbd/server.c:488(binary_smbd_main) samba: using 'standard' process model [2015/06/30 21:37:06.765116, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'samba' finished starting up and ready to serve connections [2015/06/30 21:37:10.428655, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure [2015/06/30 21:37:10.673097, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure [2015/06/30 21:37:11.023650, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure [2015/06/30 21:37:11.279413, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure [2015/06/30 21:37:11.736173, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure log.smbd ******************************************* [2015/06/30 21:37:06, 0] ../source3/smbd/server.c:1241(main) smbd version 4.2.2-SerNet-RedHat-18.el7 started. Copyright Andrew Tridgell and the Samba Team 1992-2014 [2015/06/30 21:37:07.767844, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'smbd' finished starting up and ready to serve connections log.wb-WMAA2 ********************************************** [2015/06/30 21:37:06.926578, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_UNSUCCESSFUL [2015/06/30 21:37:06.927101, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL [2015/06/30 21:37:06.939711, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_UNSUCCESSFUL [2015/06/30 21:37:06.939891, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL [2015/06/30 21:37:06.940023, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL [2015/06/30 21:42:06.938400, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_UNSUCCESSFUL [2015/06/30 21:42:06.939108, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL [2015/06/30 21:42:06.939243, 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe) open_internal_pipe: Could not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL log.winbindd ******************************************************************************************************************* [2015/06/30 21:37:06, 0] ../source3/winbindd/winbindd.c:1549(main) winbindd version 4.2.2-SerNet-RedHat-18.el7 started. Copyright Andrew Tridgell and the Samba Team 1992-2014 [2015/06/30 21:37:06.788485, 0] ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 2 [2015/06/30 21:37:06.836008, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'winbindd' finished starting up and ready to serve connections *Paul Upson* IT Support Manager Westmoreland Museum of American Art @rt 30 4764 State Route 30, Greensburg, PA 15601 724-261-9982 thewestmoreland.org <http://www.wmuseumaa.org/museum/getevent.cfm?ID=751> On Tue, Jun 30, 2015 at 2:47 PM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Hello Paul, > > Am 30.06.2015 um 20:37 schrieb Paul Upson: > > I am installing a new Samba 4.2 Active Directory server on CentOS 7. I > > followed the Wiki instructions on how to create the server. I am using > > sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side > but > > I cannot get any windows client to successfully join the domain. Each > > attempt returns the following error message "RPC Server in not > available". > > Below are the config file info. > > * Do the clients use your DCs DNS server or one that is able to resolve > your AD zones? > > * Does Samba listen on all required ports and on your LAN interface? > https://wiki.samba.org/index.php/Samba_port_usage > > * Anything in the logs? > > > Regards, > Marc >
Rowland Penny
2015-Jul-01 06:45 UTC
[Samba] RPC server not available when windows client attempts to join samba AD
On 30/06/15 19:37, Paul Upson wrote:> I am installing a new Samba 4.2 Active Directory server on CentOS 7. I > followed the Wiki instructions on how to create the server. I am using > sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but > I cannot get any windows client to successfully join the domain. Each > attempt returns the following error message "RPC Server in not available". > Below are the config file info. > > I have searched the internet and cannot find any help that works. > > Thanks Paul > > ifcfg-enp0s3 > ************************************************** > TYPE=Ethernet > BOOTPROTO=static > IPADDR=192.168.42.241 > DNS1=192.168.42.241 > DEFROUTE=yes > IPV4_FAILURE_FATAL=no > IPV6INIT=yes > IPV6_AUTOCONF=yes > IPV6_DEFROUTE=yes > IPV6_FAILURE_FATAL=no > NAME=enp0s3 > UUID=76058991-c999-4e20-a8cd-cea4da9a5be7 > DEVICE=enp0s3 > ONBOOT=yes > HWADDR=08:00:27:F8:A6:80 > PEERDNS=yes > PEERROUTES=yes > IPV6_PEERDNS=yes > IPV6_PEERROUTES=yes > IPV6_PRIVACY=no > ******************************************************** > > smb.conf > \************************************************* > # Global parameters > [global] > workgroup = WMAA2 > realm = WMAA2.LAN > netbios name = WMAA-AD > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > security = domainOK, totally missed this the first time I read your smb.conf, why have you added 'security = domain' ??? Remove this and your samba DC should start working like an AD DC. Rowland> > [netlogon] > path = /var/lib/samba/sysvol/wmaa2.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > ************************************************** > resolv.conf > ************************* > # Generated Manually > > domain wmaa2.lan > nameserver 192.168.42.241 > > *********************************** > > *Paul Upson* > IT Support Manager > Westmoreland Museum of American Art @rt 30 > 4764 State Route 30, Greensburg, PA 15601 > 724-261-9982 > thewestmoreland.org > > <http://www.wmuseumaa.org/museum/getevent.cfm?ID=751>
Eduard Gabdullin
2015-Jul-06 22:18 UTC
[Samba] RPC server not available when windows client attempts to join samba AD
Paul Upson <pmupson <at> thewestmoreland.org> writes:> > I am installing a new Samba 4.2 Active Directory server on CentOS 7. I > followed the Wiki instructions on how to create the server. I am using > sernet-samba 4.2 binaries. Everything seems to be OK on the Linux sidebut> I cannot get any windows client to successfully join the domain. Each > attempt returns the following error message "RPC Server in notavailable".> Below are the config file info. > > I have searched the internet and cannot find any help that works. > > Thanks Paul > > ifcfg-enp0s3 > ************************************************** > TYPE=Ethernet > BOOTPROTO=static > IPADDR=192.168.42.241 > DNS1=192.168.42.241 > DEFROUTE=yes > IPV4_FAILURE_FATAL=no > IPV6INIT=yes > IPV6_AUTOCONF=yes > IPV6_DEFROUTE=yes > IPV6_FAILURE_FATAL=no > NAME=enp0s3 > UUID=76058991-c999-4e20-a8cd-cea4da9a5be7 > DEVICE=enp0s3 > ONBOOT=yes > HWADDR=08:00:27:F8:A6:80 > PEERDNS=yes > PEERROUTES=yes > IPV6_PEERDNS=yes > IPV6_PEERROUTES=yes > IPV6_PRIVACY=no > ******************************************************** > > smb.conf > \************************************************* > # Global parameters > [global] > workgroup = WMAA2 > realm = WMAA2.LAN > netbios name = WMAA-AD > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > security = domain > > [netlogon] > path = /var/lib/samba/sysvol/wmaa2.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > ************************************************** > resolv.conf > ************************* > # Generated Manually > > domain wmaa2.lan > nameserver 192.168.42.241 > > *********************************** > > *Paul Upson* > IT Support Manager > Westmoreland Museum of American Art <at> rt 30 > 4764 State Route 30, Greensburg, PA 15601 > 724-261-9982 > thewestmoreland.org > > <http://www.wmuseumaa.org/museum/getevent.cfm?ID=751>You enabled Selinux? I have the exact same problem, and I found out the following: [root at centos7-server /]# ls -Z /var/run/samba/ drwxr-xr-x. root root system_u:object_r:var_run_t:s0 ncalrpc -rw-r--r--. root root system_u:object_r:initrc_var_run_t:s0 samba.pid -rw-r--r--. root root system_u:object_r:smbd_var_run_t:s0 smbd.pid drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 winbindd -rw-r--r--. root root system_u:object_r:winbind_var_run_t:s0 winbindd.pid Change the label in "ncalrpc" [root at centos7-server /]# semanage fcontext -a -t winbind_var_run_t "/var/run/samba/ncalrpc(/.*)?" [root at centos7-server /]# semanage fcontext -l | grep /run/samba/ /var/run/samba/brlock\.tdb regular file system_u:object_r:smbd_var_run_t:s0 /var/run/samba/connections\.tdb regular file system_u:object_r:smbd_var_run_t:s0 /var/run/samba/gencache\.tdb regular file system_u:object_r:smbd_var_run_t:s0 /var/run/samba/locking\.tdb regular file system_u:object_r:smbd_var_run_t:s0 /var/run/samba/messages\.tdb regular file system_u:object_r:nmbd_var_run_t:s0 /var/run/samba/namelist\.debug regular file system_u:object_r:nmbd_var_run_t:s0 /var/run/samba/ncalrpc(/.*)? all files system_u:object_r:winbind_var_run_t:s0 /var/run/samba/nmbd(/.*)? all files system_u:object_r:nmbd_var_run_t:s0 /var/run/samba/nmbd\.pid regular file system_u:object_r:nmbd_var_run_t:s0 /var/run/samba/sessionid\.tdb regular file system_u:object_r:smbd_var_run_t:s0 /var/run/samba/share_info\.tdb regular file system_u:object_r:smbd_var_run_t:s0 /var/run/samba/smbd\.pid regular file system_u:object_r:smbd_var_run_t:s0 /var/run/samba/unexpected\.tdb regular file system_u:object_r:nmbd_var_run_t:s0 /var/run/samba/winbindd(/.*)? all files system_u:object_r:winbind_var_run_t:s0 [root at centos7-server /]# restorecon -Rv /run/samba/ncalrpc restorecon reset /run/samba/ncalrpc context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/EPMAPPER context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/DEFAULT context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/epmapper context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/wkssvc context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/rpcecho context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/samr context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/netlogon context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/lsarpc context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/lsass context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/spoolss context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/protected_storage context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/unixinfo context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/browser context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/ntsvcs context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 restorecon reset /run/samba/ncalrpc/np/dnsserver context system_u:object_r:var_run_t:s0->system_u:object_r:winbind_var_run_t:s0 [root at centos7-server /]# ls -Z /var/run/samba/ drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 ncalrpc -rw-r--r--. root root system_u:object_r:initrc_var_run_t:s0 samba.pid -rw-r--r--. root root system_u:object_r:smbd_var_run_t:s0 smbd.pid drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 winbindd -rw-r--r--. root root system_u:object_r:winbind_var_run_t:s0 winbindd.pid The error message "RPC Server in not available" I do not see! But if you restart the Samba AD DC server: [root at centos7-server /]# systemctl reboot I see that the labels are not preserved [root at centos7-server /]# ls -Z /var/run/samba/ drwxr-xr-x. root root system_u:object_r:var_run_t:s0 ncalrpc -rw-r--r--. root root system_u:object_r:initrc_var_run_t:s0 samba.pid -rw-r--r--. root root system_u:object_r:smbd_var_run_t:s0 smbd.pid drwxr-xr-x. root root system_u:object_r:winbind_var_run_t:s0 winbindd -rw-r--r--. root root system_u:object_r:winbind_var_run_t:s0 winbindd.pid Why are not preserved when you restart the labels, that's the question? The second question - what context should be in the file "samba.pid"