[Samba] AD DC eventually not browsable without restart

Kevin Field kev at brantaero.com
Tue Aug 20 08:38:32 MDT 2013 

I have a SerNet Samba 4.0.8 AD DC running on CentOS 6.4 (newdc) 
replicating from a W2K3 DC (olddc).  When I first launch Samba using 
`sudo samba`, I can go to the Windows server and browse to \\newdc in 
Explorer, and I see mytestshare, netlogon, printers, sysvol, and 
"Printers and Faxes".

After a while (I'm not sure how long precisely, but under 24 hours) I 
could not navigate to \\newdc without the following error:

---------------------------
\\newdc
---------------------------
\\newdc is not accessible. You might not have permission to use this 
network resource. Contact the administrator of this server to find out 
if you have access permissions.

The Server service is not started.
---------------------------
OK
---------------------------

But in the interim, I had not been doing anything in the system, so I'm 
not sure what might have caused it.  One time it even happened on a 
weekend when no backup or anything particularly special is scheduled 
while I was away.

Anyway, running `sudo killall samba` and then `sudo samba` makes it 
suddenly browsable again.

This is happening every day.  I guess it would be best to figure this 
problem out before we make Samba the only DC.

Here's my smb.conf, mostly set up by samba-tool, and now a work in 
progress to add the extras we will use:

# Global parameters
[global]
         workgroup = MYDOMAIN
         realm = mydomain.lan
         netbios name = NEWDC
         server role = active directory domain controller
         server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate, smb, dns
         allow dns updates = true
         dns forwarder = 192.168.1.1
#        dns recursive queries = yes
         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
eventlog6, backupkey, dnsserver, winreg, srvsvc
#       dcerpc endpoint servers = winreg srvsvc
         load printers = yes
         printing = cups

[netlogon]
         path = /var/lib/samba/sysvol/mydomain.lan/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[printers]
      comment = All Printers
      path = /var/spool/samba
      browseable = Yes
      read only = No
      printable = Yes

[print$]
      comment = Point and Print Printer Drivers
      path = /var/lib/samba/printing
      read only = No

[mytestshare]
         path = /srv/mytestshare/
         read only = No


Any ideas?

Thanks,
Kev

More information about the samba mailing list