samba - Sep 2022 - Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

On Tue, 2022-09-27 at 14:31 +0100, Rowland Penny via samba
wrote:
> 
> On 27/09/2022 13:52, Alexander Harm || ApfelQ wrote:
> > I was able to make some progress on the issue and I have the following
> > things working now:
> > 
> > - "pdbedit -v -u username" works fine now
> > - ?pdbedit -L? works as well
> > - ?getent passwd username? works
> > - "wbinfo -g" works
> > - joining and leaving the domain works fine as well
> > 
> > I?m still stuck on
> > 
> > - "wbinfo -u" does not return any users (is this important?)
> 
> Yes
I'm not sure this is relevant on an NT4 domain (as nsswitch is the
authority for users in this case), but I would have expected this to
work.
> > - login from Windows machines fails with error 7519 which indicates
> > a 
> > problem with RPC
> > - ?net rpc join -U administrator? fails with ?Failed to join
> > domain: 
> > failed to lookup DC info for domain 'DLAN' over rpc: {Device
> > Timeout} 
> > The specified I/O operation on %hs was not completed before the
> > time-out 
> > period expired.?
is nmbd running?
> > - port 135 also does not seem to be open on the machine
> 
> It looks like the rpc service isn't running.
Port 135 is not normally used on an NT4 DC.
> > - "testparm --suppress-prompt -v | grep '[s]erver services??
seems
> > to 
> > return the correct list though ?server services = s3fs, rpc, nbt,
> > wrepl, 
> > ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate,
dns"
> 
> Have you upgraded to AD, if not then you can ignore that, it is only 
> used by AD.
Correct.
> > 
> > Anymore ideas?
> 
> No, a bit lost now, it has been years since I ran an NT4-style
> domain.
> 
> Rowland
I'm thinking missing nmbd.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba

On 27/09/2022 18:49, Andrew Bartlett wrote:
> On Tue, 2022-09-27 at 14:31 +0100, Rowland Penny via samba wrote:
>>
>> On 27/09/2022 13:52, Alexander Harm || ApfelQ wrote:
>>> I was able to make some progress on the issue and I have the
following
>>> things working now:
>>>
>>> - "pdbedit -v -u username" works fine now
>>> - ?pdbedit -L? works as well
>>> - ?getent passwd username? works
>>> - "wbinfo -g" works
>>> - joining and leaving the domain works fine as well
>>>
>>> I?m still stuck on
>>>
>>> - "wbinfo -u" does not return any users (is this
important?)
>>
>> Yes
> 
> I'm not sure this is relevant on an NT4 domain (as nsswitch is the
> authority for users in this case), but I would have expected this to
> work.
Well yes, but doesn't it ultimately as winbind ?
> 
>>> - login from Windows machines fails with error 7519 which indicates
>>> a
>>> problem with RPC
>>> - ?net rpc join -U administrator? fails with ?Failed to join
>>> domain:
>>> failed to lookup DC info for domain 'DLAN' over rpc:
{Device
>>> Timeout}
>>> The specified I/O operation on %hs was not completed before the
>>> time-out
>>> period expired.?
> 
> is nmbd running?
> 
>>> - port 135 also does not seem to be open on the machine
>>
>> It looks like the rpc service isn't running.
> 
> Port 135 is not normally used on an NT4 DC.
Then why does the Samba wiki list port 135 as being required on an 
NT4-style domain PDC ?
> 
>>> - "testparm --suppress-prompt -v | grep '[s]erver
services?? seems
>>> to
>>> return the correct list though ?server services = s3fs, rpc, nbt,
>>> wrepl,
>>> ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate,
dns"
>>
>> Have you upgraded to AD, if not then you can ignore that, it is only
>> used by AD.
> 
> Correct.
> 
>>>
>>> Anymore ideas?
>>
>> No, a bit lost now, it has been years since I ran an NT4-style
>> domain.
>>
>> Rowland
> 
> I'm thinking missing nmbd.

Possibly, I believe that smbd, nmbd and winbind should all be running.
As I said, it has been a long time since I ran an NT4 PDC, AD is so much 
easier, once you get your head around the 'idmap config' lines.

Rowland