[Samba] RPC, DCOM, 1745 and Other Errors
Taylor, Jonn
jonnt at taylortelephone.com
Mon Sep 29 10:07:31 MDT 2014
On 09/29/2014 10:01 AM, Chan Min Wai wrote:
> Dear Thomas,
>
> You are on the right path.
> However there are limitations that you should know.
>
> 1. We cannot add/remove shared drive via RPC yet. (Unless I missed something, do correct me if I'm wrong I'll be happy if that run)
>
> Adding and removing share on samba require changes on smb.conf.
>
> You can look on the guide below on how to add them in.
>
>
> 2. Disks share access control on domain computer.
> Have a look on this guide.
> You will need that additions access
>
> SeDiskOperatorPrivilege
>
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
>
> Hope these info help and may the source be with you.
>
>
> As for your upgrade path.
> You should try this. Since samba Dc is not compatible with 2003.
>
> 1. Upgrade both your windows to 2008 no R2 trial.
> 2. Promoting the whole dc to 2008.
> 3. Join samba DC, work on the symbol replication from windows to Linux.
> 4. Transfer FSMO
> 5. Demote your 2 DC or make them your member server/files server.
The only problem with this is that you can not demote the 2 DC's once
you join a samba 4 AD server to your domain. This is a BUG that has been
a real problem for a long time. I did this same thing a year ago with
our domain and had to rebuild it from scratch.
> 6 done.
>
>
>
> Regards,
> Chan Min Wai
>
>> Thomas Mulkey <tmulkey at incentafcu.org> 於 29 Sep 2014 9:32 PTG 寫道:
>>
>> I am evaluating Samba 4 as a replacement for our existing Windows 2003 servers, as the cost to license 2008 and CALS is not going to be in my companies budget. Bear with me, as I have some basic experience with Linux and know a few things, I am by no means a fully trained Linux or Samba Jedi.
>>
>> My test environment goal is to have two Active Directory Domain Controllers and one Member Server with File Shares all running on Samba
>>
>> So far I have setup one AD Domain Controller (AD1) I downloaded and compiled the latest source code doing the git mirror thing, and am running Samba 4.2.0prel-GIT-043585F on CentOS 6.5. I used this HOWTO to configure the AD DC: http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller
>>
>> This process all went smooth, and I was able to join my Windows 7 test machines to the domain and login successfully and use the RSAT tools successfully.
>>
>> I then setup the File server and made it a member server and joined it successfully to the domain, using these instructions here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>
>> This went as expected
>>
>> I then setup my test share on the file server using the directions here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
>>
>> I actually partitioned/formatted a second disk with ext4 and put it in /etc/fstab with the user_xattr,acl support
>>
>> When I then go to remotely manage the share via a Win7 workstation and I go to computer manager and open the test file server (FS1) at first it looks good. I then click on the "System Tools" section to expand it and I get "Event Viewer cannot connect to the computer FS1: The error reported is the RPC Server is unavailable" I click OK on the error and it then say again it is connecting to FS1 and expand the section where I can see the Shared Folders. As soon as I expand shared folders and click on shared I get the following "You do not have permissions to see the list of shares for Windows clients" and I will not let me see the shares.
>>
>> I then decided to make a share right on the Domain Controller itself, to see if it was something on the file server or something on the workstation. When I go to computer management and connect to the DC (AD1)it connects, but when I expand System Tools, I get the following error "The Procedure Number is out of Range(1745)" However after clicking "OK" on this error I am able to see and manage the Share and permissions as expected
>>
>> I have been scouring the net for 2 days to try to find and answer and I am at a standstill as to what to do next to fix or further troubleshoot the issue. Any help or ideas would be greatly appreciated.
>>
>> Here is the smb.conf on my Domain Controller
>>
>> #Global parameters
>> [global]
>> workgroup = INCENTA
>> realm = INCENTA.LOCAL
>> netbios name = AD1
>> server role = active directory domain controller
>> dns forwarder = 8.8.8.8
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/incenta.local/scripts
>> read only = No
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>>
>> [Demo]
>> path = /DATA/Demo
>> read only = no
>>
>>
>>
>> Here is the smb.conf on my file server
>>
>> [global]
>>
>> netbios name = FS1
>> workgroup = INCENTA
>> security = ADS
>> realm = INCENTA.LOCAL
>> encrypt passwords = yes
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 70001=80000
>> idmap config INCENTA:backend = ad
>> idmap config INCENTA:schema_mode = rfc2307
>> idmap config INCENTA:range = 500-40000
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>>
>> [Demo]
>> path = /DATA/Demo
>> read only = no
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list