On 10/10/2015 09:05 AM, Rowland Penny wrote:> On 10/10/15 13:44, Steve Ankeny wrote: >> I have an existing Samba-AD-DC built from Inverse packages, >> v.4.1.18+dfsg-3~inverse1 >> >> I have OpenChangeServer installed on that machine, v.2.4-zentyal6 >> >> When I start OpenChange, it "shuts down" my Samba-AD-DC so that no >> one can login. >> >> To troubleshoot my problem, I've built a "new" Samba-AD-DC from the >> same Inverse packages, but I see a slight difference in the installed >> packages, and my question is whether they might be causing my problem. >> >> *Specifically, could the presence of 'winbind' be causing my problem?* >> >> on the original server (with the OpenChange problem) -- >> >> adam at sogo:~$ sudo dpkg --get-selections | egrep 'samba|smb|nmb|winbind' >> libnss-winbind:amd64 install >> libpam-winbind:amd64 install >> libsmbclient:amd64 install >> python-samba install >> samba install >> samba-common install >> samba-common-bin install >> samba-dev install >> samba-dsdb-modules install >> samba-libs:amd64 install >> samba-vfs-modules install >> smbclient install >> winbind install >> adam at sogo:~$ >> >> on the "new" server (without OpenChange at the moment) -- >> >> adam at eagle:~$ sudo dpkg --get-selections | egrep 'samba|smb|nmb|winbind' >> python-samba install >> samba install >> samba-common install >> samba-common-bin install >> samba-dev install >> samba-dsdb-modules install >> samba-libs:amd64 install >> samba-vfs-modules install >> adam at eagle:~$ >> >> The difference is in the 'winbind' and 'smbclient' packages. >> >> I realize that Samba-AD-DC runs its own version of 'winbind' and I'm >> not currently using it otherwise. >> >> on the original server -- >> >> adam at sogo:~$ ./samba >> nmbd start/running >> winbind stop/waiting >> smbd stop/waiting >> reload-smbd stop/waiting >> samba-ad-dc start/running, process 927 >> adam at sogo:~$ >> >> on the "new" server -- >> >> adam at eagle:~$ ./samba >> nmbd start/running >> smbd stop/waiting >> reload-smbd stop/waiting >> samba-ad-dc start/running, process 889 >> adam at eagle:~$ >> >> > > Having a package installed is a lot different from the binaries it > contains being run, what does 'ps ax | grep [w]inbind' return? > > What is your 'server services' line in smb.conf and what are the > openchange lines in smb.conf > > Rowland > > >on the original server -- adam at sogo:~$ sudo ps ax | grep [w]inbind adam at sogo:~$ sudo ps ax | grep winbind 6241 pts/0 S+ 0:00 grep --color=auto winbind adam at sogo:~$ adam at sogo:~$ cat /etc/samba/smb.conf # Global parameters [global] workgroup = SMBDOMAIN realm = smbdomain.com netbios name = SOGO server role = active directory domain controller dns forwarder = 192.168.121.1 idmap_ldb:use rfc2307 = yes passdb backend = samba allow dns updates = nonsecure ### Configuration required by OpenChange server ### dsb:schema update allowed = true #dcerpc endpoint servers = +mapiproxy #dcerpc endpoint servers = +epmapper, +mapiproxy #dcerpc_mapiproxy:server = true #dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr ### Configuration required by OpenChange server ### mapistore:namedproperties = mysql namedproperties:mysql_user = openchange-user namedproperties:mysql_pass = $Passwd namedproperties:mysql_host = localhost namedproperties:mysql_db = openchange mapistore:indexing_backend = mysql://openchange-user:$Passwd at localhost/openchange mapiproxy:openchangedb = mysql://openchange-user:$Passwd at localhost/openchange [netlogon] path = /var/lib/samba/sysvol/smbdomain.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No adam at sogo:~$ It's when I "uncomment" the DCERPC lines that OpenChange "shuts down" Samba-AD-DC So, the answer to the question is the 'winbind' binary is NOT running (thx for that) On the SOGo mailing list, someone suggested "de-provisioning" a non-working OpenChange server and starting again. I just wanted to know if the 'winbind' packages might hinder what I'm trying to do. Otherwise, I'm continuing to build the "side-by-side" server (at Ludovic's suggestion) thx, Rowland I've learned I can always count on your insight.
On 10/10/15 14:39, Steve Ankeny wrote:> On 10/10/2015 09:05 AM, Rowland Penny wrote: >> On 10/10/15 13:44, Steve Ankeny wrote: >>> I have an existing Samba-AD-DC built from Inverse packages, >>> v.4.1.18+dfsg-3~inverse1 >>> >>> I have OpenChangeServer installed on that machine, v.2.4-zentyal6 >>> >>> When I start OpenChange, it "shuts down" my Samba-AD-DC so that no >>> one can login. >>> >>> To troubleshoot my problem, I've built a "new" Samba-AD-DC from the >>> same Inverse packages, but I see a slight difference in the >>> installed packages, and my question is whether they might be causing >>> my problem. >>> >>> *Specifically, could the presence of 'winbind' be causing my problem?* >>> >>> on the original server (with the OpenChange problem) -- >>> >>> adam at sogo:~$ sudo dpkg --get-selections | egrep 'samba|smb|nmb|winbind' >>> libnss-winbind:amd64 install >>> libpam-winbind:amd64 install >>> libsmbclient:amd64 install >>> python-samba install >>> samba install >>> samba-common install >>> samba-common-bin install >>> samba-dev install >>> samba-dsdb-modules install >>> samba-libs:amd64 install >>> samba-vfs-modules install >>> smbclient install >>> winbind install >>> adam at sogo:~$ >>> >>> on the "new" server (without OpenChange at the moment) -- >>> >>> adam at eagle:~$ sudo dpkg --get-selections | egrep >>> 'samba|smb|nmb|winbind' >>> python-samba install >>> samba install >>> samba-common install >>> samba-common-bin install >>> samba-dev install >>> samba-dsdb-modules install >>> samba-libs:amd64 install >>> samba-vfs-modules install >>> adam at eagle:~$ >>> >>> The difference is in the 'winbind' and 'smbclient' packages. >>> >>> I realize that Samba-AD-DC runs its own version of 'winbind' and I'm >>> not currently using it otherwise. >>> >>> on the original server -- >>> >>> adam at sogo:~$ ./samba >>> nmbd start/running >>> winbind stop/waiting >>> smbd stop/waiting >>> reload-smbd stop/waiting >>> samba-ad-dc start/running, process 927 >>> adam at sogo:~$ >>> >>> on the "new" server -- >>> >>> adam at eagle:~$ ./samba >>> nmbd start/running >>> smbd stop/waiting >>> reload-smbd stop/waiting >>> samba-ad-dc start/running, process 889 >>> adam at eagle:~$ >>> >>> >> >> Having a package installed is a lot different from the binaries it >> contains being run, what does 'ps ax | grep [w]inbind' return? >> >> What is your 'server services' line in smb.conf and what are the >> openchange lines in smb.conf >> >> Rowland >> >> >> > > on the original server -- > > adam at sogo:~$ sudo ps ax | grep [w]inbind > adam at sogo:~$ sudo ps ax | grep winbind > 6241 pts/0 S+ 0:00 grep --color=auto winbind > adam at sogo:~$ > > adam at sogo:~$ cat /etc/samba/smb.conf > # Global parameters > [global] > workgroup = SMBDOMAIN > realm = smbdomain.com > netbios name = SOGO > server role = active directory domain controller > dns forwarder = 192.168.121.1 > idmap_ldb:use rfc2307 = yes > passdb backend = samba > allow dns updates = nonsecure > > ### Configuration required by OpenChange server ### > dsb:schema update allowed = true > #dcerpc endpoint servers = +mapiproxy > #dcerpc endpoint servers = +epmapper, +mapiproxy > #dcerpc_mapiproxy:server = true > #dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, > exchange_ds_rfr > ### Configuration required by OpenChange server ### > > mapistore:namedproperties = mysql > namedproperties:mysql_user = openchange-user > namedproperties:mysql_pass = $Passwd > namedproperties:mysql_host = localhost > namedproperties:mysql_db = openchange > mapistore:indexing_backend = > mysql://openchange-user:$Passwd at localhost/openchange > mapiproxy:openchangedb = > mysql://openchange-user:$Passwd at localhost/openchange > > [netlogon] > path = /var/lib/samba/sysvol/smbdomain.com/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > adam at sogo:~$ > > It's when I "uncomment" the DCERPC lines that OpenChange "shuts down" > Samba-AD-DC > > So, the answer to the question is the 'winbind' binary is NOT running > (thx for that) > > On the SOGo mailing list, someone suggested "de-provisioning" a > non-working OpenChange server and starting again. I just wanted to > know if the 'winbind' packages might hinder what I'm trying to do. > > Otherwise, I'm continuing to build the "side-by-side" server (at > Ludovic's suggestion) > > thx, Rowland I've learned I can always count on your insight. > > >Well on my debian samba 4.1.17 DC, when I run 'samba-tool testparm -v' amongst everything else I get this: dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver Which, as you can see, already has epmapper and dnsserver running. I also cannot understand why openchange tell you to have this line: dsb:schema update allowed = true which should be: dsdb:schema update allowed = true either way, you only need it if you are adding something to the schema, is openchange permanently updating the schema ?? With samba4 when you change the server services and dcerpc endpoint servers lines, you need to do as you have done, add a + to the service you want to add, or enter the complete line including the new service. Just adding the service by itself (without the +) will turn off everything else. It doesn't help that page 5 in the Native Microsoft Outlook Configuration Guide for version 2.3.2 show you one thing and then page 6 shows it differently. Rowland
On 10/10/2015 10:32 AM, Rowland Penny wrote:> Well on my debian samba 4.1.17 DC, when I run 'samba-tool testparm -v' > amongst everything else I get this: > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, > lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, dnsserver > > Which, as you can see, already has epmapper and dnsserver running. > > I also cannot understand why openchange tell you to have this line: > > dsb:schema update allowed = true > > which should be: > > dsdb:schema update allowed = true > > either way, you only need it if you are adding something to the > schema, is openchange permanently updating the schema ?? > > With samba4 when you change the server services and dcerpc endpoint > servers lines, you need to do as you have done, add a + to the service > you want to add, or enter the complete line including the new service. > Just adding the service by itself (without the +) will turn off > everything else. > > It doesn't help that page 5 in the Native Microsoft Outlook > Configuration Guide for version 2.3.2 show you one thing and then page > 6 shows it differently. > > RowlandI'll implement your suggestions once I get to that point in my troubleshooting. Like you, I'm running the lot -- adam at sogo:~$ samba-tool testparm -v | grep 'dcerpc endpoint servers' dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver adam at sogo:~$ 'dsb:schema update allowed = true' was a typo which I've corrected to 'dsdb:schema update allowed = true'