Fresh install of 4.0.6 from source on CentOS 6 minimal. Provisioning
worked fine as did adding a Win7 Pro machine to the domain. Now trying
to use the RSAT (Remote System Administration Tools), specifically the
Active Directory Users and Computers tool.
When looking at the properties for the "Administrator" account, clicking
on the "Member Of" tab results in a 30 second wait, then the error
message of "global catalog (GC) cannot be contacted".
Once I click through the error message, it displays the groups that the
account is a member of.
Config file is:
# Global parameters
[global]
workgroup = EXAMPLE
realm = HQ.EXAMPLE.COM
netbios name = ATHENS
server role = active directory domain controller
dns forwarder = 172.30.0.1
[netlogon]
path = /usr/local/samba/var/locks/sysvol/hq.example.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
My guess is that this is an iptables error, although I followed the
instructions on the wiki to open up the appropriate ports. Not sure
what port/protocol I missed.
https://wiki.samba.org/index.php/Configure_your_firewall
/etc/sysconfig/iptables:
# Generated by iptables-save v1.4.7 on Fri May 24 21:51:36 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [48:6932]
:NFSCHECK - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 88 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 135 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 389 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 464 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 464 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 631 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 636 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1024 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5353 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT
-A INPUT -j NFSCHECK
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A NFSCHECK -s 172.30.0.0/24 -p tcp -m multiport --dports
2049,32803,892,662,111 -m comment --comment "TCP for nfs, lockd, mountd,
statd, portmap" -j ACCEPT
-A NFSCHECK -s 172.30.0.0/24 -p udp -m multiport --dports
2049,32769,892,662,111 -m comment --comment "UDP for nfs, lockd, mountd,
statd, portmap" -j ACCEPT
-A NFSCHECK -j RETURN
COMMIT
# Completed on Fri May 24 21:51:36 2013
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba