[Samba] RPC, DCOM, 1745 and Other Errors

Chan Min Wai dcmwai at gmail.com
Mon Sep 29 09:01:36 MDT 2014 

Dear Thomas,

You are on the right path.
However there are limitations that you should know. 

1. We cannot add/remove shared drive via RPC yet. (Unless I missed something, do correct me if I'm wrong I'll be happy if that run)

Adding and removing share on samba require changes on smb.conf. 

You can look on the guide below on how to add them in. 


2. Disks share access control on domain computer. 
Have a look on this guide. 
You will need that additions access 

SeDiskOperatorPrivilege

https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs

Hope these info help and may the source be with you. 


As for your upgrade path. 
You should try this. Since samba Dc is not compatible with 2003.

1. Upgrade both your windows to 2008 no R2 trial.
2. Promoting the whole dc to 2008. 
3. Join samba DC, work on the symbol replication from windows to Linux. 
4. Transfer FSMO
5. Demote your 2 DC or make them your member server/files server. 
6 done. 



Regards, 
Chan Min Wai 

> Thomas Mulkey <tmulkey at incentafcu.org> 於 29 Sep 2014 9:32 PTG 寫道:
> 
> I am evaluating Samba 4 as a replacement for our existing Windows 2003 servers, as the cost to license 2008 and CALS is not going to be in my companies budget.  Bear with me, as I have some basic experience with Linux and know a few things, I am by no means a fully trained Linux or Samba Jedi.
> 
> My test environment goal is to have two Active Directory Domain Controllers and one Member Server with File Shares all running on Samba
> 
> So far I have setup one AD Domain Controller (AD1)  I downloaded and compiled the latest source code doing the git mirror thing, and am running Samba 4.2.0prel-GIT-043585F on CentOS  6.5.  I used this HOWTO to configure the AD DC:  http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller
> 
> This process all went smooth, and I was able to join my Windows 7 test machines to the domain and login successfully and use the RSAT tools successfully.
> 
> I then setup the File server and made it a member server and joined it successfully to the domain, using these instructions here:  https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> 
> This went as expected
> 
> I then setup my test share on the file server using the directions here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
> 
> I actually partitioned/formatted a second disk with ext4 and put it in /etc/fstab with the user_xattr,acl support
> 
> When I then go to remotely manage the share via a Win7 workstation and I go to computer manager and open the test file server (FS1) at first it looks good.  I then click on the "System Tools" section to expand it and I get "Event Viewer cannot connect to the computer FS1: The error reported is the RPC Server is unavailable"  I click OK on the error and it then say again it is connecting to FS1 and expand the section where I can see the Shared Folders.  As soon as I expand shared folders and click on shared I get the following "You do not have permissions to see the list of shares for Windows clients" and I will not let me see the shares.
> 
> I then decided to make a share right on the Domain Controller itself, to see if it was something on the file server or something on the workstation.  When I go to computer management and connect to the DC (AD1)it connects, but when I expand System Tools, I get the following error "The Procedure Number is out of Range(1745)"  However after clicking "OK" on this error I am able to see and manage the Share and permissions as expected
> 
> I have been scouring the net for 2 days to try to find and answer and I am at a standstill as to what to do next to fix or further troubleshoot the issue.  Any help or ideas would be greatly appreciated.
> 
> Here is the smb.conf on my Domain Controller
> 
> #Global parameters
> [global]
>        workgroup = INCENTA
>        realm = INCENTA.LOCAL
>        netbios name = AD1
>        server role = active directory domain controller
>        dns forwarder = 8.8.8.8
>        vfs objects = acl_xattr
>        map acl inherit = Yes
>        store dos attributes = Yes
> 
> [netlogon]
>        path = /usr/local/samba/var/locks/sysvol/incenta.local/scripts
>        read only = No
> 
> [sysvol]
>        path = /usr/local/samba/var/locks/sysvol
>        read only = No
> 
> [Demo]
> path = /DATA/Demo
> read only = no
> 
> 
> 
> Here is the smb.conf on my file server
> 
> [global]
> 
>   netbios name = FS1
>   workgroup = INCENTA
>   security = ADS
>   realm = INCENTA.LOCAL
>   encrypt passwords = yes
> 
>   idmap config *:backend = tdb
>   idmap config *:range = 70001=80000
>   idmap config INCENTA:backend = ad
>   idmap config INCENTA:schema_mode = rfc2307
>   idmap config INCENTA:range = 500-40000
> 
>   winbind nss info = rfc2307
>   winbind trusted domains only = no
>   winbind use default domain = yes
>   winbind enum users = yes
>   winbind enum groups = yes
> 
>   vfs objects = acl_xattr
>   map acl inherit = Yes
>   store dos attributes = Yes
> 
> 
> [Demo]
> path = /DATA/Demo
> read only = no
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list