thr3ads.net - samba - [Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired [Jan 2024]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2024-Jan-03 16:53 UTC

[Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired

On Wed, 3 Jan 2024 13:30:48 -0300
Elias Pereira <empbilly at gmail.com> wrote:
> >
> > Is dns configured correctly ?
> 
> root at dc2:~# cat /etc/resolv.conf
> search campus.sertao.ifrs.edu.br
> nameserver 200.xxx.xxx.163 (*own IP*)
> 
> root at dc3:~# cat /etc/resolv.conf
> search campus.sertao.ifrs.edu.br
> nameserver 200.xxx.xxx.160 (*own IP*)
> 
> Is a firewall running and if so, are all the
> > required ports open ?
> 
> We use pfsense and there's a rule allow everything between the DCs.
> Anyway, I checked the logs while I was running the replicate command,
> and nothing appeared in the logs.
> 
> but strangely, some ports are closed... O.o
> 
> PORT     STATE  SERVICE      VERSION
> 53/tcp   open   domain       (unknown banner: non3)
> 88/tcp   open   kerberos-sec (server time: 2024-01-03 16:19:09Z)
> *123/tcp  closed ntp*
> 135/tcp  open   msrpc        Microsoft Windows RPC
> 
> *137/tcp  closed netbios-ns138/tcp  closed netbios-dgm*
> 139/tcp  open   netbios-ssn  Samba smbd 3.X - 4.X (workgroup: CAMPUS)
> 389/tcp  open   ldap         (Anonymous bind OK)
> 445/tcp  open   netbios-ssn  Samba smbd 3.X - 4.X (workgroup: CAMPUS)
> 464/tcp  open   kpasswd5?
> 636/tcp  open   ssl/ldap     (Anonymous bind OK)
> 3268/tcp open   ldap         (Anonymous bind OK)
> 3269/tcp open   ssl/ldap     (Anonymous bind OK)
> 
> Do closed ports affect replication?
> 
Yes and you need more than those ports, see here:

https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage	``

Where does pfsense come into this ? From my understanding, pfsense is a
firewall/router device and should be between your DCs and the internet
and not between your DCs.

Rowland

Elias Pereira

2024-Jan-03 17:37 UTC

head link

[Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired

>
> Yes and you need more than those ports, see here:
Yes, I checked the link before testing the ports. The only ones I left out in
the first test, were the 49152-65535 range.

root at dc2:~# netstat -plaunt | egrep "ntp|bind|named|samba|?mbd"
https://pastebin.com/raw/NbECKVB8

Where does pfsense come into this ? From my understanding, pfsense is
a> firewall/router device and should be between your DCs and the internet
> and not between your DCs.

By default, pfsense starts blocking everything and we have to allow/open what
we really need.

On Wed, Jan 3, 2024 at 1:54?PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 3 Jan 2024 13:30:48 -0300
> Elias Pereira <empbilly at gmail.com> wrote:
>
> > >
> > > Is dns configured correctly ?
> >
> > root at dc2:~# cat /etc/resolv.conf
> > search campus.sertao.ifrs.edu.br
> > nameserver 200.xxx.xxx.163 (*own IP*)
> >
> > root at dc3:~# cat /etc/resolv.conf
> > search campus.sertao.ifrs.edu.br
> > nameserver 200.xxx.xxx.160 (*own IP*)
> >
> > Is a firewall running and if so, are all the
> > > required ports open ?
> >
> > We use pfsense and there's a rule allow everything between the
DCs.
> > Anyway, I checked the logs while I was running the replicate command,
> > and nothing appeared in the logs.
> >
> > but strangely, some ports are closed... O.o
> >
> > PORT     STATE  SERVICE      VERSION
> > 53/tcp   open   domain       (unknown banner: non3)
> > 88/tcp   open   kerberos-sec (server time: 2024-01-03 16:19:09Z)
> > *123/tcp  closed ntp*
> > 135/tcp  open   msrpc        Microsoft Windows RPC
> >
> > *137/tcp  closed netbios-ns138/tcp  closed netbios-dgm*
> > 139/tcp  open   netbios-ssn  Samba smbd 3.X - 4.X (workgroup: CAMPUS)
> > 389/tcp  open   ldap         (Anonymous bind OK)
> > 445/tcp  open   netbios-ssn  Samba smbd 3.X - 4.X (workgroup: CAMPUS)
> > 464/tcp  open   kpasswd5?
> > 636/tcp  open   ssl/ldap     (Anonymous bind OK)
> > 3268/tcp open   ldap         (Anonymous bind OK)
> > 3269/tcp open   ssl/ldap     (Anonymous bind OK)
> >
> > Do closed ports affect replication?
> >
>
> Yes and you need more than those ports, see here:
>
> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage ``
>
> Where does pfsense come into this ? From my understanding, pfsense is a
> firewall/router device and should be between your DCs and the internet
> and not between your DCs.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Elias Pereira

samba - Jan 2024 - {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired

[Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired

[Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired