thr3ads.net - samba - [Samba] RPC Server is unavailable [Jun 2017]

If this information is useful, please help other people find it:
Share via:

samba at 3eb.pl

2017-Jun-01 12:55 UTC

[Samba] RPC Server is unavailable

Hello All,

I have big problem. I don't know how can i resolve it.

Design:

|server Samba AD 4.6.2|    <----------    | Samba File Server 
v4.6.2/v4.6.4 |  <---------  | Windows 7 client |


-----------------------
On Windows & client:

  User can open files in share.
  Problem is when he wants to change privileges 
(Proporties>Security>Edit>Add).
  "Application can't open required window...".
  Next windows: "The user selection dialog can not be displayed. RPC 
Server is unavailable.".


-----------------------
On Samba File Server:

- server is connected to domain:
net ads testjoin -k
Join is OK
- wbinfo -i  (show users correctly),
- wbinfo -g  (show groups corrsctly),
- users have access to files on share,
- files/directories have right privileges

getfacl example_dir
# file: example_dir
# owner: xxx
# group: xxy
user::rwx
user:root:rwx
user:50000:rwx
user:50002:rwx
user:51151:rwx
user:58522:rwx
group::---
group:50000:rwx
group:50002:rwx
group:50068:rwx
group:58522:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:50000:rwx
default:user:50002:rwx
default:user:51151:rwx
default:user:58522:rwx
default:group::---
default:group:50000:rwx
default:group:50002:rwx
default:group:50068:rwx
default:group:58522:rwx
default:mask::rwx
default:other::---



config samba file share:
[global]
         workgroup = XYZ
         server string = %h server (Samba)
         realm = XYZ.LOCAL

         password server = pdc.xyz.local
         interfaces = lo, eth0

         kerberos method = secrets and keytab

         template shell = /bin/bash
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = Yes

         security = ads

         domain master = no
         local master = no
         preferred master = no
         domain logons = no

         allow trusted domains = yes
         idmap config * : range = 50000-60000
         idmap config * : backend = tdb
         idmap config EMEA : range = 50000-60000
         idmap config EMEA : backend = rid

         idmap config * : unix_primary_group = yes

         map acl inherit = yes
         store dos attributes = yes
         inherit acls = yes
         inherit permissions = yes
         acl group control = yes
         acl map full control = true
         nt acl support = yes
         ea support = yes
         idmap_ldb:use rfc2307 = yes

         template homedir = /home/%U

         rpc_server:tcpip = no
         rpc_daemon:spoolssd = embedded
         rpc_server:spoolss = embedded
         rpc_server:winreg = embedded
         rpc_server:ntsvcs = embedded
         rpc_server:eventlog = embedded
         rpc_server:srvsvc = embedded
         rpc_server:svcctl = embedded
         rpc_server:default = external

         full_audit:prefix = %u|%I|%M|%S
         full_audit:priority = notice
         full_audit:facility = local5
         map archive = No
         map readonly = no

         username map = /etc/samba/user.map

         client use spnego = yes
         client ntlmv2 auth = yes

         load printers = no

         server role = member server

[share]
         comment = share
         path = /share
         browseable = Yes
         read only = No
         force create mode = 0660
         force directory mode = 0660
         vfs objects = dfs_samba4 acl_xattr full_audit
         acl_xattr:ignore system acls = yes
         full_audit:success = connect opendir disconnect unlink mkdir 
rmdir open rename
         full_audit:failure = connect opendir disconnect unlink mkdir 
rmdir open rename


---------------------------------
On Samba AD:

[global]
         netbios name = PDC
         realm = XYZ.LOCAL
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = XYZ
         server role = active directory domain controller
         ntlm auth = yes
         winbind enum users = Yes
         winbind enum groups = Yes

         winbind use default domain = yes
         winbind nested groups = yes
         winbind refresh tickets = yes

         client ldap sasl wrapping = plain
         client signing = if_required

         idmap_ldb:use rfc2307 = yes

         ntlm auth = yes
         client use spnego = yes

         load printers = no

         log file = /var/log/samba/samba.log
         log level = 2
         max log size = 1000

[netlogon]
         path = /var/lib/samba/sysvol/xyz.local/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No


Do you have any suggestions how can i resolve my issue ?

Best Regards,
Supporter 3eb

Rowland Penny

2017-Jun-01 13:48 UTC

head link

[Samba] RPC Server is unavailable

On Thu, 01 Jun 2017 14:55:40 +0200
Supporter via samba <samba at lists.samba.org> wrote:
> Hello All,
> 
> I have big problem. I don't know how can i resolve it.
> 
> Design:
> 
> |server Samba AD 4.6.2|    <----------    | Samba File Server 
> v4.6.2/v4.6.4 |  <---------  | Windows 7 client |
> 
> 
> -----------------------
> On Windows & client:
> 
>   User can open files in share.
>   Problem is when he wants to change privileges 
> (Proporties>Security>Edit>Add).
>   "Application can't open required window...".
>   Next windows: "The user selection dialog can not be displayed. RPC 
> Server is unavailable.".
> 
> 
> -----------------------
> On Samba File Server:
> 
> - server is connected to domain:
> net ads testjoin -k
> Join is OK
> - wbinfo -i  (show users correctly),
> - wbinfo -g  (show groups corrsctly),
> - users have access to files on share,
> - files/directories have right privileges
> 
> getfacl example_dir
> # file: example_dir
> # owner: xxx
> # group: xxy
> user::rwx
> user:root:rwx
> user:50000:rwx
> user:50002:rwx
> user:51151:rwx
> user:58522:rwx
> group::---
> group:50000:rwx
> group:50002:rwx
> group:50068:rwx
> group:58522:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:50000:rwx
> default:user:50002:rwx
> default:user:51151:rwx
> default:user:58522:rwx
> default:group::---
> default:group:50000:rwx
> default:group:50002:rwx
> default:group:50068:rwx
> default:group:58522:rwx
> default:mask::rwx
> default:other::---
> 
> 
It looks like either /etc/nsswitch.conf or libnss_winbind isn't set up
correctly, or possibly both.
You should get names not numbers.
> 
> config samba file share:
> [global]
>          workgroup = XYZ
>          server string = %h server (Samba)
>          realm = XYZ.LOCAL
> 
>          password server = pdc.xyz.local
I suggest you remove the 'password server line.

>          idmap config * : range = 50000-60000
>          idmap config * : backend = tdb
>          idmap config EMEA : range = 50000-60000
>          idmap config EMEA : backend = rid
The ranges shouldn't overlap
> 
>          idmap config * : unix_primary_group = yes
I think you can only use the above line with the 'ad' backend.

Rowland

Maybe Matching Threads

Search for more maybe matching threads

samba - Jun 2017 - RPC Server is unavailable

[Samba] RPC Server is unavailable

[Samba] RPC Server is unavailable

Maybe Matching Threads