[Samba] AD DC eventually not browsable without restart

Kevin Field kev at brantaero.com
Tue Aug 20 19:51:30 MDT 2013 

One other thing, I just noticed that while \\newdc is still unbrowsable, 
\\newdc\mytestshare works fine, as does \\newdc\netlogon.

Kev

On 2013-08-20 9:49 PM, Kevin Field wrote:
> Okay, I'm not sure, but I don't *think* it's that bug.  First, I don't
> know much about winbind, and never meant to set it up (although it's
> possible I did by accident) but I'm not using NetBIOS, if that makes a
> difference.  Second, wbinfo still worked after \\newdc ceased to be
> browsable.
>
> Some more detail from log.samba.
>
> I was not here for this and I'm not sure when browsability ceased, but
> it's the only other entry:
>
> ../source4/dsdb/repl/drepl_out_helpers.c:833(dreplsrv_update_refs_done)
>    UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for
> fb9ec5fd-28a7-44a0-a784-933a41dd830a._msdcs.mydomain.lan
> CN=Configuration,DC=mydomain,DC=lan
>
> After I logged in and tried to browse \\newdc -- it does this every time
> I try to browse right now:
>
>   ../source4/smb_server/smb/service.c:127(make_connection)
>    make_connection: couldn't find service *.:
> NT_STATUS_OBJECT_NAME_NOT_FOUND
>   ../source4/smb_server/smb/service.c:127(make_connection)
>    make_connection: couldn't find service DESKTOP.INI:
> NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> The bug linked to doesn't mention either of these error codes, so I
> think it might not be related.
>
> I also found that whenever I run the AD Replication Status Tool on the
> Windows server, everything succeeds even right now while browsability is
> broken, but the log says this (also from times when browsability wasn't
> broken and I ran it):
>
>   ../source4/dsdb/common/util.c:3118(dsdb_forest_functional_level)
>    ../source4/dsdb/common/util.c:3118: WARNING: forestFunctionality not
> setup
>   ../source4/dsdb/common/util.c:3118(dsdb_forest_functional_level)
>    ../source4/dsdb/common/util.c:3118: WARNING: forestFunctionality not
> setup
>
> I guess the errors are fine.  It's strange the status tool says
> replication is fine even though the log says it had problems.  But maybe
> it just had one problem, and now replication is working again but
> whatever that problem was somehow put Samba in a state where browsing
> \\newdc would not work.
>
> Kev
>
> On 2013-08-20 11:40 AM, Kristofer Pettijohn wrote:
>> You may want to see if it is this bug, which is fixed in 4.0.9:
>> https://bugzilla.samba.org/show_bug.cgi?id=9820
>>
>>
>>
>> ------------------------------------------------------------------------
>> *From: *"Kevin Field" <kev at mydomain.com>
>> *To: *samba at lists.samba.org
>> *Sent: *Tuesday, August 20, 2013 9:38:32 AM
>> *Subject: *[Samba] AD DC eventually not browsable without restart
>>
>> I have a SerNet Samba 4.0.8 AD DC running on CentOS 6.4 (newdc)
>> replicating from a W2K3 DC (olddc).  When I first launch Samba using
>> `sudo samba`, I can go to the Windows server and browse to \\newdc in
>> Explorer, and I see mytestshare, netlogon, printers, sysvol, and
>> "Printers and Faxes".
>>
>> After a while (I'm not sure how long precisely, but under 24 hours) I
>> could not navigate to \\newdc without the following error:
>>
>> ---------------------------
>> \\newdc
>> ---------------------------
>> \\newdc is not accessible. You might not have permission to use this
>> network resource. Contact the administrator of this server to find out
>> if you have access permissions.
>>
>> The Server service is not started.
>> ---------------------------
>> OK
>> ---------------------------
>>
>> But in the interim, I had not been doing anything in the system, so I'm
>> not sure what might have caused it.  One time it even happened on a
>> weekend when no backup or anything particularly special is scheduled
>> while I was away.
>>
>> Anyway, running `sudo killall samba` and then `sudo samba` makes it
>> suddenly browsable again.
>>
>> This is happening every day.  I guess it would be best to figure this
>> problem out before we make Samba the only DC.
>>
>> Here's my smb.conf, mostly set up by samba-tool, and now a work in
>> progress to add the extras we will use:
>>
>> # Global parameters
>> [global]
>>           workgroup = MYDOMAIN
>>           realm = mydomain.lan
>>           netbios name = NEWDC
>>           server role = active directory domain controller
>>           server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbind, ntp_signd, kcc, dnsupdate, smb, dns
>>           allow dns updates = true
>>           dns forwarder = 192.168.1.1
>> #        dns recursive queries = yes
>>           dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>> eventlog6, backupkey, dnsserver, winreg, srvsvc
>> #       dcerpc endpoint servers = winreg srvsvc
>>           load printers = yes
>>           printing = cups
>>
>> [netlogon]
>>           path = /var/lib/samba/sysvol/mydomain.lan/scripts
>>           read only = No
>>
>> [sysvol]
>>           path = /var/lib/samba/sysvol
>>           read only = No
>>
>> [printers]
>>        comment = All Printers
>>        path = /var/spool/samba
>>        browseable = Yes
>>        read only = No
>>        printable = Yes
>>
>> [print$]
>>        comment = Point and Print Printer Drivers
>>        path = /var/lib/samba/printing
>>        read only = No
>>
>> [mytestshare]
>>           path = /srv/mytestshare/
>>           read only = No
>>
>>
>> Any ideas?
>>
>> Thanks,
>> Kev
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

More information about the samba mailing list