And you did adjust you "security" settings on the samba 4.5 to be
compatible with 4.2 ? i must say, i dont know it 4.2 and 4.5 work fine together.
>> We are using BIND9_DLZ as a backend.
Uhm..
You can change this line :
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind,> ntp_signd, kcc, dnsupdate, s3fs
To
server services = -dns
Now your using bind_dlz, so are you sure both are using bind_dlz?
review this file :
http://downloads.van-belle.nl/samba4/Upgrade-info.txt
is a summ-up of all changes as of 4.1 with the needed links to the change logs
on the samba site.
Saves you searching a bit.
Can you post both smb.conf so we can see what is happening.
But my advice, updated the 4.2 also to 4.5
Saves you more problems then matching the 4.5. to 4.2
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Tom Cannaerts -
> INTRACTO via samba
> Verzonden: maandag 20 februari 2017 16:27
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] RPC Server unavailable
>
> We have migrated away from a single MS AD to a 2 server Samba AD.
>
> We have DC1, which is a samba 4.5 server, and DC2, which is a samba 4.2
> server. Everything seems to be working fine, with the exception that I
> can't connect to DC1 using Windows RSAT, where I can connect to DC2
> without
> any problems.
>
> When connecting, an pretty generic error is shown: "The following
> domaincontroller could not be contacted: DC2.<mydomain.local>. The
RPC
> Server is unavailable.", where <mydomain.local> is our local
domainname.
>
> Since it is a .local name, let me start by confirming that we are not
> using
> avahi and that mdns is not listed in /etc/nsswitch.conf, only
"files" and
> "dns".
>
> When the error occurs, nothing is added to any logfile, nor is it added to
> the eventlog on the Windows machine that's connecting to the server.
>
> We are using BIND9_DLZ as a backend.
>
> kinit / klist is working correctly
>
> I have also done a Wireshark, and it shows soms LDAP/SASL/GSS-API traffic,
> as well as some SMB2 traffic. The latter shows a STATUS_INTERNAL_ERROR
> (0xc00000e5) error in the SessionSetup command, but I didn't manage to
> find
> any usefull information on Google about that.
>
> Below are the relevant config files. They are identical on both servers,
> with the exception that everywhere DC1 is listed, it's DC2 on the
working
> server.
>
> #
> # smb.conf
> #
> [global]
> workgroup = <DOMAIN>
> realm = <DOMAIN>.LOCAL
> netbios name = DC1
> interfaces = eth0
> bind interfaces only = Yes
> server role = active directory domain controller
> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
> ntp_signd, kcc, dnsupdate, s3fs
> log level = 2
> idmap_ldb:use rfc2307 = yes
>
> tls enabled = yes
> tls keyfile = tls/dc1.<domain>.local.key
> tls certfile = tls/dc1.<domain>.local.crt
> tls cafile = tls/root.<domain>.local.crt
>
> [netlogon]
> path = /var/lib/samba/sysvol/<domain>.local/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> #
> # /etc/krb5.conf
> #
> [logging]
> default = FILE:/var/log/samba/krb5libs.log
> kdc = FILE:/var/log/samba/krb5kdc.log
> admin_server = FILE:/var/log/samba/kadmind.log
>
> [libdefaults]
> default_realm = <DOMAIN>.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> --
> Met vriendelijke groeten,
> Tom Cannaerts
>
>
> *Service and MaintenanceIntracto - digital agency*
>
> Zavelheide 15 - 2200 Herentals
> Tel: +32 14 28 29 29
> www.intracto.com
>
>
> Ben je tevreden over deze e-mail?
>
>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba