[Samba] AD DC eventually not browsable without restart

Kevin Field kev at brantaero.com
Tue Aug 20 19:49:37 MDT 2013 

Okay, I'm not sure, but I don't *think* it's that bug.  First, I don't 
know much about winbind, and never meant to set it up (although it's 
possible I did by accident) but I'm not using NetBIOS, if that makes a 
difference.  Second, wbinfo still worked after \\newdc ceased to be 
browsable.

Some more detail from log.samba.

I was not here for this and I'm not sure when browsability ceased, but 
it's the only other entry:

../source4/dsdb/repl/drepl_out_helpers.c:833(dreplsrv_update_refs_done)
   UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for 
fb9ec5fd-28a7-44a0-a784-933a41dd830a._msdcs.mydomain.lan 
CN=Configuration,DC=mydomain,DC=lan

After I logged in and tried to browse \\newdc -- it does this every time 
I try to browse right now:

  ../source4/smb_server/smb/service.c:127(make_connection)
   make_connection: couldn't find service *.: 
NT_STATUS_OBJECT_NAME_NOT_FOUND
  ../source4/smb_server/smb/service.c:127(make_connection)
   make_connection: couldn't find service DESKTOP.INI: 
NT_STATUS_OBJECT_NAME_NOT_FOUND

The bug linked to doesn't mention either of these error codes, so I 
think it might not be related.

I also found that whenever I run the AD Replication Status Tool on the 
Windows server, everything succeeds even right now while browsability is 
broken, but the log says this (also from times when browsability wasn't 
broken and I ran it):

  ../source4/dsdb/common/util.c:3118(dsdb_forest_functional_level)
   ../source4/dsdb/common/util.c:3118: WARNING: forestFunctionality not 
setup
  ../source4/dsdb/common/util.c:3118(dsdb_forest_functional_level)
   ../source4/dsdb/common/util.c:3118: WARNING: forestFunctionality not 
setup

I guess the errors are fine.  It's strange the status tool says 
replication is fine even though the log says it had problems.  But maybe 
it just had one problem, and now replication is working again but 
whatever that problem was somehow put Samba in a state where browsing 
\\newdc would not work.

Kev

On 2013-08-20 11:40 AM, Kristofer Pettijohn wrote:
> You may want to see if it is this bug, which is fixed in 4.0.9:
> https://bugzilla.samba.org/show_bug.cgi?id=9820
>
>
>
> ------------------------------------------------------------------------
> *From: *"Kevin Field" <kev at mydomain.com>
> *To: *samba at lists.samba.org
> *Sent: *Tuesday, August 20, 2013 9:38:32 AM
> *Subject: *[Samba] AD DC eventually not browsable without restart
>
> I have a SerNet Samba 4.0.8 AD DC running on CentOS 6.4 (newdc)
> replicating from a W2K3 DC (olddc).  When I first launch Samba using
> `sudo samba`, I can go to the Windows server and browse to \\newdc in
> Explorer, and I see mytestshare, netlogon, printers, sysvol, and
> "Printers and Faxes".
>
> After a while (I'm not sure how long precisely, but under 24 hours) I
> could not navigate to \\newdc without the following error:
>
> ---------------------------
> \\newdc
> ---------------------------
> \\newdc is not accessible. You might not have permission to use this
> network resource. Contact the administrator of this server to find out
> if you have access permissions.
>
> The Server service is not started.
> ---------------------------
> OK
> ---------------------------
>
> But in the interim, I had not been doing anything in the system, so I'm
> not sure what might have caused it.  One time it even happened on a
> weekend when no backup or anything particularly special is scheduled
> while I was away.
>
> Anyway, running `sudo killall samba` and then `sudo samba` makes it
> suddenly browsable again.
>
> This is happening every day.  I guess it would be best to figure this
> problem out before we make Samba the only DC.
>
> Here's my smb.conf, mostly set up by samba-tool, and now a work in
> progress to add the extras we will use:
>
> # Global parameters
> [global]
>           workgroup = MYDOMAIN
>           realm = mydomain.lan
>           netbios name = NEWDC
>           server role = active directory domain controller
>           server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, smb, dns
>           allow dns updates = true
>           dns forwarder = 192.168.1.1
> #        dns recursive queries = yes
>           dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> eventlog6, backupkey, dnsserver, winreg, srvsvc
> #       dcerpc endpoint servers = winreg srvsvc
>           load printers = yes
>           printing = cups
>
> [netlogon]
>           path = /var/lib/samba/sysvol/mydomain.lan/scripts
>           read only = No
>
> [sysvol]
>           path = /var/lib/samba/sysvol
>           read only = No
>
> [printers]
>        comment = All Printers
>        path = /var/spool/samba
>        browseable = Yes
>        read only = No
>        printable = Yes
>
> [print$]
>        comment = Point and Print Printer Drivers
>        path = /var/lib/samba/printing
>        read only = No
>
> [mytestshare]
>           path = /srv/mytestshare/
>           read only = No
>
>
> Any ideas?
>
> Thanks,
> Kev
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list