Andrew Bartlett
2017-Jun-15 02:37 UTC
[Samba] Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
On Wed, 2017-06-14 at 11:01 +0100, Rowland Penny via samba wrote:> On Wed, 14 Jun 2017 15:13:13 +0530 > Arjit Gupta <arjitk.gupta at gmail.com> wrote: > > > Thanks for the response. > > > > Is this xattr causing this RPC server is unavailable issue ? > > > > Arjit Kumar > > > > > > Lets be perfectly honest here, the lack of POSIX ACLs means that UX > is > never going to be suitable as a Samba AD DC. You are going to be > connecting Windows machines to the DC and they definitely require > POSIX > ACLs. > > Can I suggest you forget UX if you want a DC and use Linux instead.BTW, I've looked back at the original logs. The issue is this: single_terminate: reason[socket_get_remote_addr() failed] The reason is that we require 'credentials passing' via the getpeereid() call or SO_PEERCRED, a feature not in posix but available one way or the other on multiple unix-like systems, which allows one end of the pipe to know the UID and GID of the other end. We don't have an implementation of this for HP-UX, so the AD DC won't run. I'm sorry the build doesn't fail earlier for you. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Arjit Gupta
2017-Sep-06 07:04 UTC
[Samba] Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
Hi Andrew,
I have checked for the reason of below error
single_terminate: reason[socket_get_remote_addr() failed]
As mentioned by you earlier that it requires "credentials passing via
the getpeereid()
call or SO_PEERCRED"
On investigating it further i found below condition that fails
File :- lib/tsocket/tsocket_bsd.c
Function
int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
const struct sockaddr *sa,
size_t sa_socklen,
struct tsocket_address **_addr,
const char *location)
{
.......
if (*sa_socklen < sizeof(sa->sa_family*)) { *//sa_socklen is zero thus we
are getting above error*
errno = EINVAL;
return -1;
}
.......
}
The reason of sa_socklen in zero is below:-
File:- source4/lib/socket_socket_unix.c
Function :-
static struct socket_address *unixdom_get_peer_addr(struct socket_context
*sock, TALLOC_CTX *mem_ctx)
{
............
ret = getpeername(sock->fd, peer->sockaddr, &len); *//getpeername
return
success but not modify **peer->sockaddr and len *
............
}
*Reason for above behavior:-*
getpeername() of HP-UX doesnt fill sockaddr structure and len variable for
AF_UNIX socket unless we explicitly bind client socket path.
So, for fixing above error, we have to bind client socket path in client
module.
Can you please let me know the code/module corresponding to the client in
this context below.
[2017/09/05 18:11:58.313530, 0, pid=17113, effective(0, 3), real(0, 3)]
../source4/lib/socket/socket.c:376(socket_address_to_tsocket_address)
[2017/09/05 18:11:58.313664, 3, pid=17113, effective(0, 3), real(0, 3)]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'socket_get_remote_addr() failed'
[2017/09/05 18:11:58.313744, 3, pid=17113, effective(0, 3), real(0, 3)]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[socket_get_remote_addr() failed]
Please help with this so that we will make appropriate change to fix above
error.
Arjit Kumar
9650104435
On Thu, Jun 15, 2017 at 8:07 AM, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Wed, 2017-06-14 at 11:01 +0100, Rowland Penny via samba wrote:
> > On Wed, 14 Jun 2017 15:13:13 +0530
> > Arjit Gupta <arjitk.gupta at gmail.com> wrote:
> >
> > > Thanks for the response.
> > >
> > > Is this xattr causing this RPC server is unavailable issue ?
> > >
> > > Arjit Kumar
> > >
> > >
> >
> > Lets be perfectly honest here, the lack of POSIX ACLs means that UX
> > is
> > never going to be suitable as a Samba AD DC. You are going to be
> > connecting Windows machines to the DC and they definitely require
> > POSIX
> > ACLs.
> >
> > Can I suggest you forget UX if you want a DC and use Linux instead.
>
> BTW, I've looked back at the original logs. The issue is this:
>
> single_terminate: reason[socket_get_remote_addr() failed]
>
> The reason is that we require 'credentials passing' via the
> getpeereid() call or SO_PEERCRED, a feature not in posix but available
> one way or the other on multiple unix-like systems, which allows one
> end of the pipe to know the UID and GID of the other end.
>
> We don't have an implementation of this for HP-UX, so the AD DC
won't
> run.
>
> I'm sorry the build doesn't fail earlier for you.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>
Arjit Gupta
2017-Sep-07 11:41 UTC
[Samba] Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
Hi Team, Please let me know if any further information is required ? Arjit Kumar 9650104435 On Wed, Sep 6, 2017 at 12:34 PM, Arjit Gupta <arjitk.gupta at gmail.com> wrote:> Hi Andrew, > > I have checked for the reason of below error > single_terminate: reason[socket_get_remote_addr() failed] > > As mentioned by you earlier that it requires "credentials passing via the getpeereid() > call or SO_PEERCRED" > > On investigating it further i found below condition that fails > File :- lib/tsocket/tsocket_bsd.c > > Function > int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx, > const struct sockaddr *sa, > size_t sa_socklen, > struct tsocket_address **_addr, > const char *location) > { > ....... > if (*sa_socklen < sizeof(sa->sa_family*)) { *//sa_socklen is zero thus we > are getting above error* > errno = EINVAL; > return -1; > } > ....... > } > > The reason of sa_socklen in zero is below:- > > File:- source4/lib/socket_socket_unix.c > > Function :- > static struct socket_address *unixdom_get_peer_addr(struct socket_context > *sock, TALLOC_CTX *mem_ctx) > { > ............ > ret = getpeername(sock->fd, peer->sockaddr, &len); *//getpeername return > success but not modify **peer->sockaddr and len * > ............ > } > > *Reason for above behavior:-* > getpeername() of HP-UX doesnt fill sockaddr structure and len variable for > AF_UNIX socket unless we explicitly bind client socket path. > > So, for fixing above error, we have to bind client socket path in client > module. > > Can you please let me know the code/module corresponding to the client in > this context below. > > [2017/09/05 18:11:58.313530, 0, pid=17113, effective(0, 3), real(0, 3)] > ../source4/lib/socket/socket.c:376(socket_address_to_tsocket_address) > [2017/09/05 18:11:58.313664, 3, pid=17113, effective(0, 3), real(0, 3)] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > Terminating connection - 'socket_get_remote_addr() failed' > [2017/09/05 18:11:58.313744, 3, pid=17113, effective(0, 3), real(0, 3)] > ../source4/smbd/process_single.c:114(single_terminate) > single_terminate: reason[socket_get_remote_addr() failed] > > > Please help with this so that we will make appropriate change to fix above > error. > > > > > Arjit Kumar > 9650104435 > > On Thu, Jun 15, 2017 at 8:07 AM, Andrew Bartlett <abartlet at samba.org> > wrote: > >> On Wed, 2017-06-14 at 11:01 +0100, Rowland Penny via samba wrote: >> > On Wed, 14 Jun 2017 15:13:13 +0530 >> > Arjit Gupta <arjitk.gupta at gmail.com> wrote: >> > >> > > Thanks for the response. >> > > >> > > Is this xattr causing this RPC server is unavailable issue ? >> > > >> > > Arjit Kumar >> > > >> > > >> > >> > Lets be perfectly honest here, the lack of POSIX ACLs means that UX >> > is >> > never going to be suitable as a Samba AD DC. You are going to be >> > connecting Windows machines to the DC and they definitely require >> > POSIX >> > ACLs. >> > >> > Can I suggest you forget UX if you want a DC and use Linux instead. >> >> BTW, I've looked back at the original logs. The issue is this: >> >> single_terminate: reason[socket_get_remote_addr() failed] >> >> The reason is that we require 'credentials passing' via the >> getpeereid() call or SO_PEERCRED, a feature not in posix but available >> one way or the other on multiple unix-like systems, which allows one >> end of the pipe to know the UID and GID of the other end. >> >> We don't have an implementation of this for HP-UX, so the AD DC won't >> run. >> >> I'm sorry the build doesn't fail earlier for you. >> >> Andrew Bartlett >> >> -- >> Andrew Bartlett >> https://samba.org/~abartlet/ >> Authentication Developer, Samba Team https://samba.org >> Samba Development and Support, Catalyst IT >> https://catalyst.net.nz/services/samba >> >> >> >> >> >
Maybe Matching Threads
- Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
- Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
- Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
- samba 4.5.0 on HPUX(IA-64) make quicktest fails with error Failed to add entry for user.
- samba net ads join windows/ubuntu active directory with ldap ssl