Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
Hi ,


We have configured and run SAMBA-4.5 AD DC on Itanium HP UX 11iv3.



We have tried to join the windows server 2008 DC to samba AD with the steps
mentioned in the below link



https://wiki.samba.org/index.php/Joining_a_Windows_Server_
2008_/_2008_R2_DC_to_a_Samba_AD



While i am trying to execute the steps mentioned in section "Joining the
Windows Server to the Domain"



1. invoked dcpromo.exe

2. select advanced mode installation

3. Select Existing forest

   Add a domain to an existing domain



   Getting the below error ..



   The RPC server is unavailable



   Active Directory Domain Services Installation Wizard : The wizard cannot
gain access to the list of domains in the forest.



   This condition may be caused by a DNS lookup problem. For information
about troubleshooting common DNS lookup problems,

   please see the following Microsoft Web site: http://go.microsoft.com/
fwlink/?LinkId=5171





Logs :



*Log.smbd:*

========

[2017/06/13 17:54:21.708701,  1] ../source3/rpc_server/rpc_
ncacn_np.c:772(make_external_rpc_pipe)

  tstream_npa_connect_recv  to /var/opt/samba/run/ncalrpc/np for pipe
NETLOGON and user DCTIA13DOM\Administrator failed: Broken pipe



*log.samba:*

*========*

[2017/06/13 17:54:21.340006,  3] ../source4/auth/kerberos/krb5_
init_context.c:80(smb_krb5_debug_wrapper)

  Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable

[2017/06/13 17:54:21.344718,  3] ../source4/smbd/service_
stream.c:66(stream_terminate_connection)

  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'

[2017/06/13 17:54:21.344829,  3] ../source4/smbd/process_
single.c:114(single_terminate)

  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]

[2017/06/13 17:54:21.348804,  3] ../source4/auth/kerberos/krb5_
init_context.c:80(smb_krb5_debug_wrapper)

  Kerberos: TGS-REQ [hidden email] from ipv4:
15.213.163.103:49171 for cifs/[hidden email]
[canonicalize, renewable, forwardable]

[2017/06/13 17:54:21.385671,  3] ../source4/auth/kerberos/krb5_
init_context.c:80(smb_krb5_debug_wrapper)

  Kerberos: TGS-REQ authtime: 2017-06-13T17:54:21 starttime:
2017-06-13T17:54:21 endtime: 2017-06-14T03:54:21 renew till:
2017-06-20T17:54:21

[2017/06/13 17:54:21.388809,  3] ../source4/smbd/service_
stream.c:66(stream_terminate_connection)

 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'

[2017/06/13 17:54:21.388907,  3] ../source4/smbd/process_
single.c:114(single_terminate)

  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]

[2017/06/13 17:54:21.395346,  3] ../source4/auth/kerberos/krb5_
init_context.c:80(smb_krb5_debug_wrapper)

  Kerberos: TGS-REQ [hidden email] from ipv4:
15.213.163.103:49172 for krbtgt/[hidden email]
[renewable-ok, canonicalize, renewable, forwarded, forwardable]

[2017/06/13 17:54:21.411618,  3] ../source4/auth/kerberos/krb5_
init_context.c:80(smb_krb5_debug_wrapper)

  Kerberos: TGS-REQ authtime: 2017-06-13T17:54:21 starttime:
2017-06-13T17:54:21 endtime: 2017-06-14T03:54:21 renew till:
2017-06-20T17:54:21

[2017/06/13 17:54:21.414363,  3] ../source4/smbd/service_
stream.c:66(stream_terminate_connection)

  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'

[2017/06/13 17:54:21.414468,  3] ../source4/smbd/process_
single.c:114(single_terminate)

  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]

[2017/06/13 17:54:21.707864,  3] ../source4/smbd/service_
stream.c:66(stream_terminate_connection)

  Terminating connection - 'socket_get_remote_addr() failed'

[2017/06/13 17:54:21.707999,  3] ../source4/smbd/process_
single.c:114(single_terminate)

  single_terminate: reason[socket_get_remote_addr() failed]





Please help me on resolving this issue.

Thanks,
Arjit
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
On Tue, 13 Jun 2017 20:09:30 +0530
Arjit Gupta via samba <[hidden email]> wrote:

> Hi ,
>
>
> We have configured and run SAMBA-4.5 AD DC on Itanium HP UX 11iv3.
>
>

How did you configure Samba ?
What Samba packages do you have installed (if you are using your OS
packages) ?

Can you post your smb.conf

I have never used UX, but Linux has the pstree command which shows all
running processes, does UX have something similar ? and if so can you
post the output for the relevant Samba processes ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
Hi Rowland,


*>> How did you configure Samba ?*

atca13 [/opt/samba/bin]# ./samba --show-build
Samba version: 4.5.0-HPE CIFS SERVER 4.5.0.0
Build environment:
   Build host:  HP-UX atca7 B.11.31 U ia64 3395706695 unlimited-user license
Paths:
   BINDIR: /opt/samba/bin
   SBINDIR: /opt/samba/bin
   CONFIGFILE: /etc/opt/samba/smb.conf
   NCALRPCDIR: /var/opt/samba/run/ncalrpc
   LOGFILEBASE: /var/opt/samba
   LMHOSTSFILE: /etc/opt/samba/lmhosts
   DATADIR: /opt/samba/share
   MODULESDIR: /opt/samba/lib/samba
   LOCKDIR: /var/opt/samba/locks
   STATEDIR: /var/opt/samba/locks
   CACHEDIR: /var/opt/samba/cache
   PIDDIR: /var/opt/samba/run
   PRIVATE_DIR: /var/opt/samba/private
   CODEPAGEDIR: /opt/samba/share/codepages
   SETUPDIR: /opt/samba/share/setup
   WINBINDD_SOCKET_DIR: /var/opt/samba/run/winbindd
   WINBINDD_PRIVILEGED_SOCKET_DIR: /opt/samba/lib/samba/winbindd_privileged
   NTP_SIGND_SOCKET_DIR: /opt/samba/lib/samba/ntp_signd
atca13 [/opt/samba/bin]#

*We have configured samba ad dc with below steps*

atca13 [/var/opt/samba/private]# /opt/samba/bin/samba-tool domain provision
--use-rfc2307 --interactive
Realm [ATCA13DOM.COM]:
 Domain [ATCA13DOM]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [x.x.x.x]:
8.8.8.8
Administrator password:
Retype password:
You are not root or your system do not support xattr, using tdb backend for
attributes.
not using extended attributes to store ACLs and other metadata. If you
intend to use this provision in production, rerun the script as root on a
system supporting xattrs.
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=ATCA13DOM,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
xattr_tdb_removexattr() failed to get vfs_handle->data!
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=ATCA13DOM,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/var/opt/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              atca13
NetBIOS Domain:        ATCA13DOM
DNS Domain:            ATCA13DOM.com
DOMAIN SID:            S-1-5-21-50425708-2301055408-3617724870

atca13 [/var/opt/samba/private]# ln -sf /var/opt/samba/private/krb5.conf
/etc/krb5.conf
atca13 [/var/opt/samba/private]#
atca13 [/opt/samba/bin]# ./samba -D


atca13 [/]# /opt/samba/bin/smbclient -L localhost -U%
*Domain=[ATCA13DOM] OS=[Windows 6.1] Server=[Samba 4.5.0-HPE CIFS SERVER
4.5.0.0]*
*tree connect failed: NT_STATUS_CONNECTION_DISCONNECTED*
atca13 [/]#
atca13 [/opt/samba/bin]#  ./smbclient //localhost/netlogon -UAdministrator
-c 'ls'
Enter Administrator's password:
*Domain=[ATCA13DOM] OS=[Windows 6.1] Server=[Samba 4.5.0-HPE CIFS SERVER
4.5.0.0]*
*  .                                   D        0  Thu Dec  8 16:56:15 2016*
*  ..                                  D        0  Thu Dec  8 16:57:03 2016*

*                25985024 blocks of size 1024. 12311120 blocks available*
atca13 [/opt/samba/bin]# host -t SRV _ldap._tcp.ATCA13DOM.COM
_ldap._tcp.ATCA13DOM.COM has SRV record 0 100 389 atca13.ATCA13DOM.com.
atca13 [/opt/samba/bin]#  host -t SRV _kerberos._udp.ATCA13DOM.COM
_kerberos._udp.ATCA13DOM.COM has SRV record 0 100 88 atca13.ATCA13DOM.com.
atca13 [/opt/samba/bin]# host -t A atca13.ATCA13DOM.com
atca13.ATCA13DOM.com has address x.x.x.x
atca13 [/opt/samba/bin]# kinit administrator
Password for [hidden email]:
Warning: Your password will expire in 41 days on Fri Jul 14 16:03:14 2017
atca13 [/opt/samba/bin]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [hidden email]

Valid starting     Expires            Service principal
06/02/17 16:08:22  06/03/17 02:08:19  krbtgt/[hidden email]
atca13 [/opt/samba/bin]# ./wbinfo --ping-dc
checking the NETLOGON for domain[ATCA13DOM] dc connection to "
atca13.ATCA13DOM.com" succeeded
atca13 [/opt/samba/bin]#


*>> What Samba packages do you have installed (if you are using your OS*
*packages) ?*

We have built the Samba 4.5.0 on Itanium HP UX 11iv3


*>> smb.conf*
======
# Global parameters
[global]
        netbios name = atca13
        realm = ATCA13DOM.COM
        workgroup = ATCA13DOM
        dns forwarder = 8.8.8.8
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        xattr_tdb:file = /var/opt/samba/locks/xattr.tdb
        guest account = smbnull
        log level = 5


[netlogon]
        path = /var/opt/samba/locks/sysvol/ATCA13DOM.com/scripts
        read only = No

[sysvol]
        path = /var/opt/samba/locks/sysvol
        read only = No


*Running Samba process :*
=============
atca13 [/opt/samba/bin]# ps -ef | grep -i samba
    root 16486 16480  0 22:42:11 ?         0:00 /opt/samba/bin/winbindd -D
--option=server role check:inhibit=yes --foreground
    root 16477 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16489 16471  0 22:42:11 ?         0:00 /opt/samba/bin/smbd -D
--option=server role check:inhibit=yes --foreground
    root 16475 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16469 16468  0 22:42:06 ?         0:00 ./samba -D
    root 16483 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16487 16471  0 22:42:11 ?         0:00 /opt/samba/bin/smbd -D
--option=server role check:inhibit=yes --foreground
    root 16488 16471  0 22:42:11 ?         0:00 /opt/samba/bin/smbd -D
--option=server role check:inhibit=yes --foreground
    root 16480 16478  0 22:42:07 ?         0:00 /opt/samba/bin/winbindd -D
--option=server role check:inhibit=yes --foreground
    root 16482 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16470 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16481 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16478 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16476 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16474 16468  0 22:42:07 ?         0:15 ./samba -D
    root 16471 16469  0 22:42:07 ?         0:00 /opt/samba/bin/smbd -D
--option=server role check:inhibit=yes --foreground
    root 16468     1  0 22:42:05 ?         0:01 ./samba -D
    root 16479 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16473 16468  0 22:42:07 ?         0:00 ./samba -D
    root 16472 16468  0 22:42:07 ?         0:00 ./samba -D
atca13 [/opt/samba/bin]# ptree 16468
16468      ./samba -D
 16469      ./samba -D
  16471      /opt/samba/bin/smbd -D --option=server role check:inhibit=yes -
   16487      /opt/samba/bin/smbd -D --option=server role check:inhibit=yes
-
   16488      /opt/samba/bin/smbd -D --option=server role check:inhibit=yes
-
   16489      /opt/samba/bin/smbd -D --option=server role check:inhibit=yes
-
 16470      ./samba -D
 16472      ./samba -D
 16473      ./samba -D
 16474      ./samba -D
 16475      ./samba -D
 16476      ./samba -D
 16477      ./samba -D
 16478      ./samba -D
  16480      /opt/samba/bin/winbindd -D --option=server role check:inhibit=y
   16486      /opt/samba/bin/winbindd -D --option=server role
check:inhibit=y
 16479      ./samba -D
 16481      ./samba -D
 16482      ./samba -D
 16483      ./samba -D
atca13 [/opt/samba/bin]#

*Please let us know if any other details required.*


Arjit Kumar

On Tue, Jun 13, 2017 at 8:42 PM, Rowland Penny <[hidden email]> wrote:

> On Tue, 13 Jun 2017 20:09:30 +0530
> Arjit Gupta via samba <[hidden email]> wrote:
>
> > Hi ,
> >
> >
> > We have configured and run SAMBA-4.5 AD DC on Itanium HP UX 11iv3.
> >
> >
>
> How did you configure Samba ?
> What Samba packages do you have installed (if you are using your OS
> packages) ?
>
> Can you post your smb.conf
>
> I have never used UX, but Linux has the pstree command which shows all
> running processes, does UX have something similar ? and if so can you
> post the output for the relevant Samba processes ?
>
> Rowland
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
On Wed, 14 Jun 2017 10:43:50 +0530
Arjit Gupta <[hidden email]> wrote:


If you read the output from your provision command, there is this:

> You are not root or your system do not support xattr, using tdb
> backend for attributes.
> not using extended attributes to store ACLs and other metadata. If you
> intend to use this provision in production, rerun the script as root
> on a system supporting xattrs.

Followed by this:

> xattr_tdb_removexattr() failed to get vfs_handle->data!

Sorry, but in my opinion, you cannot reliably and safely run a Samba AD
DC on your OS unless you can fix the lack of xattr and ACLs on the
system.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
In reply to this post by Samba - General mailing list
Thanks for the response.

Is this xattr causing this RPC server is unavailable issue ?

Arjit Kumar


On Wed, Jun 14, 2017 at 12:57 PM, Rowland Penny via samba <
[hidden email]> wrote:

> On Wed, 14 Jun 2017 10:43:50 +0530
> Arjit Gupta <[hidden email]> wrote:
>
>
> If you read the output from your provision command, there is this:
>
> > You are not root or your system do not support xattr, using tdb
> > backend for attributes.
> > not using extended attributes to store ACLs and other metadata. If you
> > intend to use this provision in production, rerun the script as root
> > on a system supporting xattrs.
>
> Followed by this:
>
> > xattr_tdb_removexattr() failed to get vfs_handle->data!
>
> Sorry, but in my opinion, you cannot reliably and safely run a Samba AD
> DC on your OS unless you can fix the lack of xattr and ACLs on the
> system.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
On Wed, 14 Jun 2017 15:13:13 +0530
Arjit Gupta <[hidden email]> wrote:

> Thanks for the response.
>
> Is this xattr causing this RPC server is unavailable issue ?
>
> Arjit Kumar
>
>

Lets be perfectly honest here, the lack of POSIX ACLs means that UX is
never going to be suitable as a Samba AD DC. You are going to be
connecting Windows machines to the DC and they definitely require POSIX
ACLs.

Can I suggest you forget UX if you want a DC and use Linux instead.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
On Wed, 2017-06-14 at 11:01 +0100, Rowland Penny via samba wrote:

> On Wed, 14 Jun 2017 15:13:13 +0530
> Arjit Gupta <[hidden email]> wrote:
>
> > Thanks for the response.
> >
> > Is this xattr causing this RPC server is unavailable issue ?
> >
> > Arjit Kumar
> >
> >
>
> Lets be perfectly honest here, the lack of POSIX ACLs means that UX
> is
> never going to be suitable as a Samba AD DC. You are going to be
> connecting Windows machines to the DC and they definitely require
> POSIX
> ACLs.
>
> Can I suggest you forget UX if you want a DC and use Linux instead.

BTW, I've looked back at the original logs.  The issue is this:

single_terminate: reason[socket_get_remote_addr() failed]

The reason is that we require 'credentials passing' via the
getpeereid() call or SO_PEERCRED, a feature not in posix but available
one way or the other on multiple unix-like systems, which allows one
end of the pipe to know the UID and GID of the other end.  

We don't have an implementation of this for HP-UX, so the AD DC won't
run.

I'm sorry the build doesn't fail earlier for you.

Andrew Bartlett

--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT  
https://catalyst.net.nz/services/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
Hi Andrew,

I have checked for the reason of below error
single_terminate: reason[socket_get_remote_addr() failed]

As mentioned by you earlier that it requires "credentials passing via
the getpeereid()
call or SO_PEERCRED"

On investigating it further i found below condition that fails
File :- lib/tsocket/tsocket_bsd.c

Function
int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
      const struct sockaddr *sa,
      size_t sa_socklen,
      struct tsocket_address **_addr,
      const char *location)
{
.......
if (*sa_socklen < sizeof(sa->sa_family*)) { *//sa_socklen is zero thus we
are getting above error*
errno = EINVAL;
return -1;
}
.......
}

The reason of sa_socklen in zero is below:-

File:- source4/lib/socket_socket_unix.c

Function :-
static struct socket_address *unixdom_get_peer_addr(struct socket_context
*sock, TALLOC_CTX *mem_ctx)
{
............
ret = getpeername(sock->fd, peer->sockaddr, &len); *//getpeername return
success but not modify **peer->sockaddr and len *
............
}

*Reason for above behavior:-*
getpeername() of HP-UX doesnt fill sockaddr structure and len variable for
AF_UNIX socket unless we explicitly  bind client socket path.

So, for fixing above error, we have to bind client socket path in client
module.

Can you please let me know the code/module corresponding to the client in
this context below.

[2017/09/05 18:11:58.313530,  0, pid=17113, effective(0, 3), real(0, 3)]
../source4/lib/socket/socket.c:376(socket_address_to_tsocket_address)
[2017/09/05 18:11:58.313664,  3, pid=17113, effective(0, 3), real(0, 3)]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
  Terminating connection - 'socket_get_remote_addr() failed'
[2017/09/05 18:11:58.313744,  3, pid=17113, effective(0, 3), real(0, 3)]
../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[socket_get_remote_addr() failed]


Please help with this so that we will make appropriate change to fix above
error.




Arjit Kumar
9650104435

On Thu, Jun 15, 2017 at 8:07 AM, Andrew Bartlett <[hidden email]> wrote:

> On Wed, 2017-06-14 at 11:01 +0100, Rowland Penny via samba wrote:
> > On Wed, 14 Jun 2017 15:13:13 +0530
> > Arjit Gupta <[hidden email]> wrote:
> >
> > > Thanks for the response.
> > >
> > > Is this xattr causing this RPC server is unavailable issue ?
> > >
> > > Arjit Kumar
> > >
> > >
> >
> > Lets be perfectly honest here, the lack of POSIX ACLs means that UX
> > is
> > never going to be suitable as a Samba AD DC. You are going to be
> > connecting Windows machines to the DC and they definitely require
> > POSIX
> > ACLs.
> >
> > Can I suggest you forget UX if you want a DC and use Linux instead.
>
> BTW, I've looked back at the original logs.  The issue is this:
>
> single_terminate: reason[socket_get_remote_addr() failed]
>
> The reason is that we require 'credentials passing' via the
> getpeereid() call or SO_PEERCRED, a feature not in posix but available
> one way or the other on multiple unix-like systems, which allows one
> end of the pipe to know the UID and GID of the other end.
>
> We don't have an implementation of this for HP-UX, so the AD DC won't
> run.
>
> I'm sorry the build doesn't fail earlier for you.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team         https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable

Samba - General mailing list
Hi Team,

Please let me know if any further information is required ?

Arjit Kumar
9650104435

On Wed, Sep 6, 2017 at 12:34 PM, Arjit Gupta <[hidden email]> wrote:

> Hi Andrew,
>
> I have checked for the reason of below error
> single_terminate: reason[socket_get_remote_addr() failed]
>
> As mentioned by you earlier that it requires "credentials passing via the getpeereid()
> call or SO_PEERCRED"
>
> On investigating it further i found below condition that fails
> File :- lib/tsocket/tsocket_bsd.c
>
> Function
> int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
>       const struct sockaddr *sa,
>       size_t sa_socklen,
>       struct tsocket_address **_addr,
>       const char *location)
> {
> .......
> if (*sa_socklen < sizeof(sa->sa_family*)) { *//sa_socklen is zero thus we
> are getting above error*
> errno = EINVAL;
> return -1;
> }
> .......
> }
>
> The reason of sa_socklen in zero is below:-
>
> File:- source4/lib/socket_socket_unix.c
>
> Function :-
> static struct socket_address *unixdom_get_peer_addr(struct socket_context
> *sock, TALLOC_CTX *mem_ctx)
> {
> ............
> ret = getpeername(sock->fd, peer->sockaddr, &len); *//getpeername return
> success but not modify **peer->sockaddr and len *
> ............
> }
>
> *Reason for above behavior:-*
> getpeername() of HP-UX doesnt fill sockaddr structure and len variable for
> AF_UNIX socket unless we explicitly  bind client socket path.
>
> So, for fixing above error, we have to bind client socket path in client
> module.
>
> Can you please let me know the code/module corresponding to the client in
> this context below.
>
> [2017/09/05 18:11:58.313530,  0, pid=17113, effective(0, 3), real(0, 3)]
> ../source4/lib/socket/socket.c:376(socket_address_to_tsocket_address)
> [2017/09/05 18:11:58.313664,  3, pid=17113, effective(0, 3), real(0, 3)]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>   Terminating connection - 'socket_get_remote_addr() failed'
> [2017/09/05 18:11:58.313744,  3, pid=17113, effective(0, 3), real(0, 3)]
> ../source4/smbd/process_single.c:114(single_terminate)
>   single_terminate: reason[socket_get_remote_addr() failed]
>
>
> Please help with this so that we will make appropriate change to fix above
> error.
>
>
>
>
> Arjit Kumar
> 9650104435
>
> On Thu, Jun 15, 2017 at 8:07 AM, Andrew Bartlett <[hidden email]>
> wrote:
>
>> On Wed, 2017-06-14 at 11:01 +0100, Rowland Penny via samba wrote:
>> > On Wed, 14 Jun 2017 15:13:13 +0530
>> > Arjit Gupta <[hidden email]> wrote:
>> >
>> > > Thanks for the response.
>> > >
>> > > Is this xattr causing this RPC server is unavailable issue ?
>> > >
>> > > Arjit Kumar
>> > >
>> > >
>> >
>> > Lets be perfectly honest here, the lack of POSIX ACLs means that UX
>> > is
>> > never going to be suitable as a Samba AD DC. You are going to be
>> > connecting Windows machines to the DC and they definitely require
>> > POSIX
>> > ACLs.
>> >
>> > Can I suggest you forget UX if you want a DC and use Linux instead.
>>
>> BTW, I've looked back at the original logs.  The issue is this:
>>
>> single_terminate: reason[socket_get_remote_addr() failed]
>>
>> The reason is that we require 'credentials passing' via the
>> getpeereid() call or SO_PEERCRED, a feature not in posix but available
>> one way or the other on multiple unix-like systems, which allows one
>> end of the pipe to know the UID and GID of the other end.
>>
>> We don't have an implementation of this for HP-UX, so the AD DC won't
>> run.
>>
>> I'm sorry the build doesn't fail earlier for you.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett
>> https://samba.org/~abartlet/
>> Authentication Developer, Samba Team         https://samba.org
>> Samba Development and Support, Catalyst IT
>> https://catalyst.net.nz/services/samba
>>
>>
>>
>>
>>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba