samba - Sep 2022 - Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

On 27/09/2022 13:52, Alexander Harm || ApfelQ wrote:
> I was able to make some progress on the issue and I have the following 
> things working now:
> 
> - "pdbedit -v -u username" works fine now
> - ?pdbedit -L? works as well
> - ?getent passwd username? works
> - "wbinfo -g" works
> - joining and leaving the domain works fine as well
> 
> I?m still stuck on
> 
> - "wbinfo -u" does not return any users (is this important?)
Yes
> - login from Windows machines fails with error 7519 which indicates a 
> problem with RPC
> - ?net rpc join -U administrator? fails with ?Failed to join domain: 
> failed to lookup DC info for domain 'DLAN' over rpc: {Device
Timeout}
> The specified I/O operation on %hs was not completed before the time-out 
> period expired.?
> - port 135 also does not seem to be open on the machine
It looks like the rpc service isn't running.
> - "testparm --suppress-prompt -v | grep '[s]erver services?? seems
to
> return the correct list though ?server services = s3fs, rpc, nbt, wrepl, 
> ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns"
Have you upgraded to AD, if not then you can ignore that, it is only 
used by AD.
> 
> Anymore ideas?
No, a bit lost now, it has been years since I ran an NT4-style domain.

Rowland

On Tue, 2022-09-27 at 14:31 +0100, Rowland Penny via samba
wrote:
> 
> On 27/09/2022 13:52, Alexander Harm || ApfelQ wrote:
> > I was able to make some progress on the issue and I have the following
> > things working now:
> > 
> > - "pdbedit -v -u username" works fine now
> > - ?pdbedit -L? works as well
> > - ?getent passwd username? works
> > - "wbinfo -g" works
> > - joining and leaving the domain works fine as well
> > 
> > I?m still stuck on
> > 
> > - "wbinfo -u" does not return any users (is this important?)
> 
> Yes
I'm not sure this is relevant on an NT4 domain (as nsswitch is the
authority for users in this case), but I would have expected this to
work.
> > - login from Windows machines fails with error 7519 which indicates
> > a 
> > problem with RPC
> > - ?net rpc join -U administrator? fails with ?Failed to join
> > domain: 
> > failed to lookup DC info for domain 'DLAN' over rpc: {Device
> > Timeout} 
> > The specified I/O operation on %hs was not completed before the
> > time-out 
> > period expired.?
is nmbd running?
> > - port 135 also does not seem to be open on the machine
> 
> It looks like the rpc service isn't running.
Port 135 is not normally used on an NT4 DC.
> > - "testparm --suppress-prompt -v | grep '[s]erver services??
seems
> > to 
> > return the correct list though ?server services = s3fs, rpc, nbt,
> > wrepl, 
> > ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate,
dns"
> 
> Have you upgraded to AD, if not then you can ignore that, it is only 
> used by AD.
Correct.
> > 
> > Anymore ideas?
> 
> No, a bit lost now, it has been years since I ran an NT4-style
> domain.
> 
> Rowland
I'm thinking missing nmbd.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba