samba - Jun 2018 - Samba 4.8 RODC not working

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:
> Hi Rowland, 
> 
> 
> Same, as said; winbind isn't started :-) 
> 
> 
> 
> [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" 
> 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g 
> 1205 ? Ss 0:00 /usr/sbin/samba -D 
> 1225 ? S 0:00 /usr/sbin/samba -D 
> 1226 ? S 0:00 /usr/sbin/samba -D 
> 1227 ? S 0:00 /usr/sbin/samba -D 
> 1228 ? S 0:00 /usr/sbin/samba -D 
> 1229 ? S 0:00 /usr/sbin/samba -D 
> 1230 ? S 0:00 /usr/sbin/samba -D 
> 1231 ? S 0:00 /usr/sbin/samba -D 
> 1232 ? S 0:00 /usr/sbin/samba -D 
> 1233 ? S 0:00 /usr/sbin/samba -D 
> 1235 ? S 0:00 /usr/sbin/samba -D 
> 1236 ? S 0:00 /usr/sbin/samba -D 
> 1237 ? S 0:00 /usr/sbin/samba -D 
> 1238 ? S 0:00 /usr/sbin/samba -D 
> 12187 pts/0 S+ 0:00 grep -E --color=auto ntp|bind|named|samba|?mbd 
> 
The output when I run the command is this:

ps ax | egrep "ntp|bind|named|samba|?mbd" 
 1544 ?        Ssl   18:58 /usr/sbin/named -u bind
 7142 ?        S      0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
 7184 ?        S      0:00 samba: conn[rpc] c[ipv4:192.168.0.53:36870]
s[ipv4:192.168.0.6:49153] server_id[7184]
11917 ?        Ss     0:00 /sbin/rpcbind -w
16828 pts/0    R+     0:00 grep -E ntp|bind|named|samba|?mbd
23980 ?        Ss     0:00 samba: root process
23998 ?        S      0:00 samba: task[s3fs_parent]
23999 ?        S      2:45 samba: task[dcesrv]
24000 ?        S      0:00 samba: tfork waiter process
24001 ?        S      0:03 samba: task[nbtd]
24002 ?        Ss     0:01 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
24003 ?        S      0:00 samba: task[wrepl]
24004 ?        S      0:01 samba: task[ldapsrv]
24005 ?        S      0:02 samba: task[cldapd]
24006 ?        S      0:08 samba: conn[kdc_tcp] c[ipv4:192.168.0.88:40340]
s[ipv4:192.168.0.6:88] server_id[24006.42]
24007 ?        S      5:47 samba: task[dreplsrv]
24008 ?        S      0:00 samba: task[winbindd_parent]
24009 ?        S      0:00 samba: tfork waiter process
24010 ?        S      0:00 samba: task[ntp_signd]
24011 ?        S      0:06 samba: task[kccsrv]
24012 ?        Ss     0:49 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
24013 ?        S      0:16 samba: task[dnsupdate]
24020 ?        S      0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
24021 ?        S      0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
24022 ?        S      0:01 winbindd: domain child [SAMDOM]
24023 ?        S      0:00 winbindd: idmap child
24039 ?        S      0:00 winbindd: domain child [BUILTIN]

The out put of 'pstree', produces this (cropped):

init─┬─chronyd
     ├─named───4*[{named}]
     ├─samba─┬─samba───samba───smbd─┬─cleanupd
     │       │                      ├─smbd
     │       │                      └─smbd-notifyd
     │       ├─2*[samba───samba]
     │       ├─8*[samba]
     │       └─samba───samba───winbindd───3*[winbindd]

Not only is 'winbind' not running on your DC, it looks like
'smbd'
isn't either.

How did you join the RODC to the domain ?
What is the domain (Samba or Windows) ?

Rowland

Hi Louis, Hi Rowland, 


I will respond to both in this mail. 


Yes winbind is installed : 



[root at dmzrodc ~]# which winbindd 
/usr/sbin/winbindd 
[root at dmzrodc ~]# rpm -qa |grep winbind 
sernet-samba-winbind-4.8.2-10.el7.x86_64 


I know about *mbd processes. so strange.. This is why I'm posting here :-) 


I joined the RODC following the procedure available on the wiki page
https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC :


samba-tool domain join ads.MYDOMAIN.be RODC -U MYDOMAIN\\Administrator
--dns-backend=SAMBA_INTERNAL


This is a Samba AD domain. But other DC are 4.7.7. Cannot upgrade to 4.8 but I
don't think this is the issue. I had exactly same issue with 4.6 and 4.7
versions where a dev told me to wait for next release to get better RODC
support. This did not solved the issue and it becomes "urgent" to have
this RODC :-(


Thanks ! 
----- Mail original -----

De: "Rowland Penny via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 13 Juin 2018 10:27:21 
Objet : Re: [Samba] Samba 4.8 RODC not working 

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST) 
Gaetan SLONGO <gslongo at it-optics.com> wrote: 
> Hi Rowland, 
> 
> 
> Same, as said; winbind isn't started :-) 
> 
> 
> 
> [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" 
> 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g 
> 1205 ? Ss 0:00 /usr/sbin/samba -D 
> 1225 ? S 0:00 /usr/sbin/samba -D 
> 1226 ? S 0:00 /usr/sbin/samba -D 
> 1227 ? S 0:00 /usr/sbin/samba -D 
> 1228 ? S 0:00 /usr/sbin/samba -D 
> 1229 ? S 0:00 /usr/sbin/samba -D 
> 1230 ? S 0:00 /usr/sbin/samba -D 
> 1231 ? S 0:00 /usr/sbin/samba -D 
> 1232 ? S 0:00 /usr/sbin/samba -D 
> 1233 ? S 0:00 /usr/sbin/samba -D 
> 1235 ? S 0:00 /usr/sbin/samba -D 
> 1236 ? S 0:00 /usr/sbin/samba -D 
> 1237 ? S 0:00 /usr/sbin/samba -D 
> 1238 ? S 0:00 /usr/sbin/samba -D 
> 12187 pts/0 S+ 0:00 grep -E --color=auto ntp|bind|named|samba|?mbd 
> 
The output when I run the command is this: 

ps ax | egrep "ntp|bind|named|samba|?mbd" 
1544 ? Ssl 18:58 /usr/sbin/named -u bind 
7142 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
7184 ? S 0:00 samba: conn[rpc] c[ipv4:192.168.0.53:36870]
s[ipv4:192.168.0.6:49153] server_id[7184]
11917 ? Ss 0:00 /sbin/rpcbind -w 
16828 pts/0 R+ 0:00 grep -E ntp|bind|named|samba|?mbd 
23980 ? Ss 0:00 samba: root process 
23998 ? S 0:00 samba: task[s3fs_parent] 
23999 ? S 2:45 samba: task[dcesrv] 
24000 ? S 0:00 samba: tfork waiter process 
24001 ? S 0:03 samba: task[nbtd] 
24002 ? Ss 0:01 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
24003 ? S 0:00 samba: task[wrepl] 
24004 ? S 0:01 samba: task[ldapsrv] 
24005 ? S 0:02 samba: task[cldapd] 
24006 ? S 0:08 samba: conn[kdc_tcp] c[ipv4:192.168.0.88:40340]
s[ipv4:192.168.0.6:88] server_id[24006.42]
24007 ? S 5:47 samba: task[dreplsrv] 
24008 ? S 0:00 samba: task[winbindd_parent] 
24009 ? S 0:00 samba: tfork waiter process 
24010 ? S 0:00 samba: task[ntp_signd] 
24011 ? S 0:06 samba: task[kccsrv] 
24012 ? Ss 0:49 /usr/sbin/winbindd -D --option=server role check:inhibit=yes
--foreground
24013 ? S 0:16 samba: task[dnsupdate] 
24020 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
24021 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
24022 ? S 0:01 winbindd: domain child [SAMDOM] 
24023 ? S 0:00 winbindd: idmap child 
24039 ? S 0:00 winbindd: domain child [BUILTIN] 

The out put of 'pstree', produces this (cropped): 

init─┬─chronyd 
├─named───4*[{named}] 
├─samba─┬─samba───samba───smbd─┬─cleanupd 
│ │ ├─smbd 
│ │ └─smbd-notifyd 
│ ├─2*[samba───samba] 
│ ├─8*[samba] 
│ └─samba───samba───winbindd───3*[winbindd] 

Not only is 'winbind' not running on your DC, it looks like
'smbd'
isn't either. 

How did you join the RODC to the domain ? 
What is the domain (Samba or Windows) ? 

Rowland 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



-- 




www.it-optics.com 
	
Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 
	

- Please consider your environmental responsibility before printing this e-mail
-

 If its really urgent then u would really suggest, invest in samba a bit and
pay them to get this working.
Thats what sernet can do for you. Get commercial support. 
 
Im pretty much out of options, execpt upgrade to 4.8 and try it again. 
 
 
Greetz, 
 
Louis
 
 

Van: Gaetan SLONGO [mailto:gslongo at it-optics.com] 
Verzonden: woensdag 13 juni 2018 10:40
Aan: Rowland Penny; L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4.8 RODC not working



Hi Louis, Hi Rowland, 

I will respond to both in this mail.


Yes winbind is installed :


[root at dmzrodc ~]# which winbindd
/usr/sbin/winbindd
[root at dmzrodc ~]# rpm -qa |grep winbind
sernet-samba-winbind-4.8.2-10.el7.x86_64


I know about *mbd processes. so strange.. This is why I'm posting here :-)


I joined the RODC following the procedure available on the wiki
page https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC :


samba-tool domain join ads.MYDOMAIN.be RODC -U MYDOMAIN\\Administrator
--dns-backend=SAMBA_INTERNAL


This is a Samba AD domain. But other DC are 4.7.7. Cannot upgrade to 4.8 but I
don't think this is the issue. I had exactly same issue with 4.6 and 4.7
versions where a dev told me to wait for next release to get better RODC
support. This did not solved the issue and it becomes "urgent" to have
this RODC :-(


Thanks !

De: "Rowland Penny via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Mercredi 13 Juin 2018 10:27:21
Objet : Re: [Samba] Samba 4.8 RODC not working

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:
> Hi Rowland, 
> 
> 
> Same, as said; winbind isn't started :-) 
> 
> 
> 
> [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" 
> 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g 
> 1205 ? Ss 0:00 /usr/sbin/samba -D 
> 1225 ? S 0:00 /usr/sbin/samba -D 
> 1226 ? S 0:00 /usr/sbin/samba -D 
> 1227 ? S 0:00 /usr/sbin/samba -D 
> 1228 ? S 0:00 /usr/sbin/samba -D 
> 1229 ? S 0:00 /usr/sbin/samba -D 
> 1230 ? S 0:00 /usr/sbin/samba -D 
> 1231 ? S 0:00 /usr/sbin/samba -D 
> 1232 ? S 0:00 /usr/sbin/samba -D 
> 1233 ? S 0:00 /usr/sbin/samba -D 
> 1235 ? S 0:00 /usr/sbin/samba -D 
> 1236 ? S 0:00 /usr/sbin/samba -D 
> 1237 ? S 0:00 /usr/sbin/samba -D 
> 1238 ? S 0:00 /usr/sbin/samba -D 
> 12187 pts/0 S+ 0:00 grep -E --color=auto ntp|bind|named|samba|?mbd 
> 
The output when I run the command is this:

ps ax | egrep "ntp|bind|named|samba|?mbd" 
 1544 ?        Ssl   18:58 /usr/sbin/named -u bind
 7142 ?        S      0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
 7184 ?        S      0:00 samba: conn[rpc] c[ipv4:192.168.0.53:36870]
s[ipv4:192.168.0.6:49153] server_id[7184]
11917 ?        Ss     0:00 /sbin/rpcbind -w
16828 pts/0    R+     0:00 grep -E ntp|bind|named|samba|?mbd
23980 ?        Ss     0:00 samba: root process
23998 ?        S      0:00 samba: task[s3fs_parent]
23999 ?        S      2:45 samba: task[dcesrv]
24000 ?        S      0:00 samba: tfork waiter process
24001 ?        S      0:03 samba: task[nbtd]
24002 ?        Ss     0:01 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
24003 ?        S      0:00 samba: task[wrepl]
24004 ?        S      0:01 samba: task[ldapsrv]
24005 ?        S      0:02 samba: task[cldapd]
24006 ?        S      0:08 samba: conn[kdc_tcp] c[ipv4:192.168.0.88:40340]
s[ipv4:192.168.0.6:88] server_id[24006.42]
24007 ?        S      5:47 samba: task[dreplsrv]
24008 ?        S      0:00 samba: task[winbindd_parent]
24009 ?        S      0:00 samba: tfork waiter process
24010 ?        S      0:00 samba: task[ntp_signd]
24011 ?        S      0:06 samba: task[kccsrv]
24012 ?        Ss     0:49 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
24013 ?        S      0:16 samba: task[dnsupdate]
24020 ?        S      0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
24021 ?        S      0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
24022 ?        S      0:01 winbindd: domain child [SAMDOM]
24023 ?        S      0:00 winbindd: idmap child
24039 ?        S      0:00 winbindd: domain child [BUILTIN]

The out put of 'pstree', produces this (cropped):

init─┬─chronyd
     ├─named───4*[{named}]
     ├─samba─┬─samba───samba───smbd─┬─cleanupd
     │       │                      â”œâ”€smbd
     │       │                      â””─smbd-notifyd
     │       ├─2*[samba───samba]
     │       ├─8*[samba]
     │       └─samba───samba───winbindd───3*[winbindd]

Not only is 'winbind' not running on your DC, it looks like
'smbd'
isn't either.

How did you join the RODC to the domain ?
What is the domain (Samba or Windows) ?

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




-- 


www.it-optics.com 

	Gaëtan SLONGO | Head of Infrastructure Department
Boulevard Initialis, 28 - 7000 Mons, BELGIUM
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 

	

- Please consider your environmental responsibility before printing this e-mail
-

Hi, 


Not sure sernet can help. It really looks like a samba issue to me..? 
Just found this in logs when starting the RODC : 



[2018/06/13 10:59:11.546077, 3, pid=12673, effective(0, 0), real(0, 0)]
../lib/util/util_runcmd.c:291(samba_runcmd_io_handler)
samba_runcmd_io_handler: Child /usr/sbin/winbindd exited 1 
[2018/06/13 10:59:11.546131, 0, pid=12673, effective(0, 0), real(0, 0)]
../source4/winbind/winbindd.c:47(winbindd_done)
winbindd daemon died with exit status 1 
[2018/06/13 10:59:11.546268, 0, pid=12673, effective(0, 0), real(0, 0)]
../source4/smbd/service_task.c:36(task_server_terminate)
task_server_terminate: task_server_terminate: [winbindd child process exited] 




But no details about the crash :-/ 







----- Mail original -----

De: "L.P.H. van Belle via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 13 Juin 2018 10:49:10 
Objet : Re: [Samba] Samba 4.8 RODC not working 

 If its really urgent then u would really suggest, invest in samba a bit and
pay them to get this working.
Thats what sernet can do for you. Get commercial support. 

Im pretty much out of options, execpt upgrade to 4.8 and try it again. 


Greetz, 

Louis 



Van: Gaetan SLONGO [mailto:gslongo at it-optics.com] 
Verzonden: woensdag 13 juni 2018 10:40 
Aan: Rowland Penny; L.P.H. van Belle 
CC: samba at lists.samba.org 
Onderwerp: Re: [Samba] Samba 4.8 RODC not working 



Hi Louis, Hi Rowland, 

I will respond to both in this mail. 


Yes winbind is installed : 


[root at dmzrodc ~]# which winbindd 
/usr/sbin/winbindd 
[root at dmzrodc ~]# rpm -qa |grep winbind 
sernet-samba-winbind-4.8.2-10.el7.x86_64 


I know about *mbd processes. so strange.. This is why I'm posting here :-) 


I joined the RODC following the procedure available on the wiki page
https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC :


samba-tool domain join ads.MYDOMAIN.be RODC -U MYDOMAIN\\Administrator
--dns-backend=SAMBA_INTERNAL


This is a Samba AD domain. But other DC are 4.7.7. Cannot upgrade to 4.8 but I
don't think this is the issue. I had exactly same issue with 4.6 and 4.7
versions where a dev told me to wait for next release to get better RODC
support. This did not solved the issue and it becomes "urgent" to have
this RODC :-(


Thanks ! 

De: "Rowland Penny via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 13 Juin 2018 10:27:21 
Objet : Re: [Samba] Samba 4.8 RODC not working 

On Wed, 13 Jun 2018 10:05:23 +0200 (CEST) 
Gaetan SLONGO <gslongo at it-optics.com> wrote: 
> Hi Rowland, 
> 
> 
> Same, as said; winbind isn't started :-) 
> 
> 
> 
> [root at dmzrodc ~]# ps ax | egrep "ntp|bind|named|samba|?mbd" 
> 650 ? Ss 0:00 /usr/sbin/ntpd -u ntp:ntp -g 
> 1205 ? Ss 0:00 /usr/sbin/samba -D 
> 1225 ? S 0:00 /usr/sbin/samba -D 
> 1226 ? S 0:00 /usr/sbin/samba -D 
> 1227 ? S 0:00 /usr/sbin/samba -D 
> 1228 ? S 0:00 /usr/sbin/samba -D 
> 1229 ? S 0:00 /usr/sbin/samba -D 
> 1230 ? S 0:00 /usr/sbin/samba -D 
> 1231 ? S 0:00 /usr/sbin/samba -D 
> 1232 ? S 0:00 /usr/sbin/samba -D 
> 1233 ? S 0:00 /usr/sbin/samba -D 
> 1235 ? S 0:00 /usr/sbin/samba -D 
> 1236 ? S 0:00 /usr/sbin/samba -D 
> 1237 ? S 0:00 /usr/sbin/samba -D 
> 1238 ? S 0:00 /usr/sbin/samba -D 
> 12187 pts/0 S+ 0:00 grep -E --color=auto ntp|bind|named|samba|?mbd 
> 
The output when I run the command is this: 

ps ax | egrep "ntp|bind|named|samba|?mbd" 
1544 ? Ssl 18:58 /usr/sbin/named -u bind 
7142 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
7184 ? S 0:00 samba: conn[rpc] c[ipv4:192.168.0.53:36870]
s[ipv4:192.168.0.6:49153] server_id[7184]
11917 ? Ss 0:00 /sbin/rpcbind -w 
16828 pts/0 R+ 0:00 grep -E ntp|bind|named|samba|?mbd 
23980 ? Ss 0:00 samba: root process 
23998 ? S 0:00 samba: task[s3fs_parent] 
23999 ? S 2:45 samba: task[dcesrv] 
24000 ? S 0:00 samba: tfork waiter process 
24001 ? S 0:03 samba: task[nbtd] 
24002 ? Ss 0:01 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
24003 ? S 0:00 samba: task[wrepl] 
24004 ? S 0:01 samba: task[ldapsrv] 
24005 ? S 0:02 samba: task[cldapd] 
24006 ? S 0:08 samba: conn[kdc_tcp] c[ipv4:192.168.0.88:40340]
s[ipv4:192.168.0.6:88] server_id[24006.42]
24007 ? S 5:47 samba: task[dreplsrv] 
24008 ? S 0:00 samba: task[winbindd_parent] 
24009 ? S 0:00 samba: tfork waiter process 
24010 ? S 0:00 samba: task[ntp_signd] 
24011 ? S 0:06 samba: task[kccsrv] 
24012 ? Ss 0:49 /usr/sbin/winbindd -D --option=server role check:inhibit=yes
--foreground
24013 ? S 0:16 samba: task[dnsupdate] 
24020 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
24021 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
24022 ? S 0:01 winbindd: domain child [SAMDOM] 
24023 ? S 0:00 winbindd: idmap child 
24039 ? S 0:00 winbindd: domain child [BUILTIN] 

The out put of 'pstree', produces this (cropped): 

init─┬─chronyd 
├─named───4*[{named}] 
├─samba─┬─samba───samba───smbd─┬─cleanupd 
│ │ ├─smbd 
│ │ └─smbd-notifyd 
│ ├─2*[samba───samba] 
│ ├─8*[samba] 
│ └─samba───samba───winbindd───3*[winbindd] 

Not only is 'winbind' not running on your DC, it looks like
'smbd'
isn't either. 

How did you join the RODC to the domain ? 
What is the domain (Samba or Windows) ? 

Rowland 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 




-- 


www.it-optics.com 

Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : +32 (0)65 84 23 85 
Direct : +32 (0)65 32 85 88 
Fax : +32 (0)65 84 66 76 
Skype ID : gslongo.pro 
GPG Key : gslongo-gpg_key.asc 



- Please consider your environmental responsibility before printing this e-mail
-













-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



-- 




www.it-optics.com 
	
Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 
	

- Please consider your environmental responsibility before printing this e-mail
-

On Wed, 13 Jun 2018 10:40:28 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:
> Hi Louis, Hi Rowland, 
> 
> 
> I will respond to both in this mail. 
> 
> 
> Yes winbind is installed : 
> 
> 
> 
> [root at dmzrodc ~]# which winbindd 
> /usr/sbin/winbindd 
> [root at dmzrodc ~]# rpm -qa |grep winbind 
> sernet-samba-winbind-4.8.2-10.el7.x86_64 
> 
What does '/usr/sbin/winbindd -V' produce ?
> 
> I know about *mbd processes. so strange.. This is why I'm posting
> here :-)
I have never used an RODC, but would image you need both smbd &
winbindd to run
 
> 
> 
> I joined the RODC following the procedure available on the wiki page
> https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC : 
> 
> 
> samba-tool domain join ads.MYDOMAIN.be RODC -U
> MYDOMAIN\\Administrator --dns-backend=SAMBA_INTERNAL 
> 
> 
> This is a Samba AD domain. But other DC are 4.7.7. Cannot upgrade to
> 4.8 but I don't think this is the issue. I had exactly same issue
> with 4.6 and 4.7 versions where a dev told me to wait for next
> release to get better RODC support. This did not solved the issue and
> it becomes "urgent" to have this RODC :-( 
> 
As Louis as said, if it is that urgent, you may have to ask Sernet for
help, perhaps Volker might care to comment on this problem.

Rowland