Marcio Vogel Merlone dos Santos
2018-Sep-04 14:46 UTC
[Samba] ADUC: RPC Server is unavailable
Hi, Setting up a new AD DC on Ubuntu 18.04, samba 4.7 from ubuntu's repos and BIND_DLZ. Did a samba-tool domain classicupgrade from an old NT3.x domain, imported users and groups ok. I am able to join windows workstations, can login with a domain user, etc. Problem is my user A1\mmerlone, member of 'domain admins' group, cannot open ADUC with the error RPC server is unavailable. If I login with A1\Administrator it works fine. root at araucaria:/etc/samba# cat smb.conf [global] netbios name = ARAUCARIA realm = AD.A1.IND.BR server role = active directory domain controller workgroup = A1 server services = -dns dns forwarder = 192.168.0.254 log file = /var/log/samba/%m.log log level = 1 auth_audit:3 auth_json_audit:3 include = /etc/samba/smb.conf.client-%I username map = /etc/samba/user.map idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb [netlogon] path = /var/lib/samba/sysvol/ad.a1.ind.br/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No root at araucaria:/etc/samba# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.0.253 araucaria.ad.a1.ind.br araucaria root at araucaria:/etc/samba# cat /etc/krb5.conf [libdefaults] default_realm = AD.A1.IND.BR dns_lookup_realm = false dns_lookup_kdc = true root at araucaria:/etc/samba# cat /etc/nsswitch.conf | grep -v "^\s*#\|^\s*$" passwd: compat winbind group: compat winbind shadow: compat gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis root at araucaria:/etc/samba# dpkg -l | grep winbind ii libnss-winbind:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba nameservice integration plugins ii libpam-winbind:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Windows domain authentication integration plugin ii libwbclient0:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba winbind client library ii winbind 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 service to resolve user and group information from Windows NT servers Thanks in advance, let me know if you need further info. Best regards, -- *Marcio Merlone*
On Tue, 4 Sep 2018 11:46:07 -0300 Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote:> Hi, > > Setting up a new AD DC on Ubuntu 18.04, samba 4.7 from ubuntu's repos > and BIND_DLZ. Did a samba-tool domain classicupgrade from an old > NT3.x domain, imported users and groups ok. > > I am able to join windows workstations, can login with a domain user, > etc. > > Problem is my user A1\mmerlone, member of 'domain admins' group, > cannot open ADUC with the error RPC server is unavailable. If I login > with A1\Administrator it works fine.Have you given 'Domain Admins' the required privileges ? See here: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs> > root at araucaria:/etc/samba# cat smb.conf > [global] > netbios name = ARAUCARIA > realm = AD.A1.IND.BR > server role = active directory domain controller > workgroup = A1 > server services = -dns > dns forwarder = 192.168.0.254As you are using Bind9, you shouldn't have the dns forwarder line> > log file = /var/log/samba/%m.log > log level = 1 auth_audit:3 auth_json_audit:3 > include = /etc/samba/smb.conf.client-%IWhat is in the 'include' file ?> username map = /etc/samba/user.mapA DC already has a user.map , it is called idmap.ldb> > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > > [netlogon] > path = /var/lib/samba/sysvol/ad.a1.ind.br/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > root at araucaria:/etc/samba# cat /etc/hosts > 127.0.0.1 localhost.localdomain localhostI would replace the above line with '127.0.0.1 localhost'> 192.168.0.253 araucaria.ad.a1.ind.br araucaria >Rowland