[Samba] RPC, DCOM, 1745 and Other Errors

Taylor, Jonn jonnt at taylortelephone.com
Mon Sep 29 10:07:31 MDT 2014 

On 09/29/2014 10:01 AM, Chan Min Wai wrote:
> Dear Thomas,
>
> You are on the right path.
> However there are limitations that you should know. 
>
> 1. We cannot add/remove shared drive via RPC yet. (Unless I missed something, do correct me if I'm wrong I'll be happy if that run)
>
> Adding and removing share on samba require changes on smb.conf. 
>
> You can look on the guide below on how to add them in. 
>
>
> 2. Disks share access control on domain computer. 
> Have a look on this guide. 
> You will need that additions access 
>
> SeDiskOperatorPrivilege
>
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
>
> Hope these info help and may the source be with you. 
>
>
> As for your upgrade path. 
> You should try this. Since samba Dc is not compatible with 2003.
>
> 1. Upgrade both your windows to 2008 no R2 trial.
> 2. Promoting the whole dc to 2008. 
> 3. Join samba DC, work on the symbol replication from windows to Linux. 
> 4. Transfer FSMO
> 5. Demote your 2 DC or make them your member server/files server. 
The only problem with this is that you can not demote the 2 DC's once
you join a samba 4 AD server to your domain. This is a BUG that has been
a real problem for a long time. I did this same thing a year ago with
our domain and had to rebuild it from scratch.


> 6 done. 
>
>
>
> Regards, 
> Chan Min Wai 
>
>> Thomas Mulkey <tmulkey at incentafcu.org> 於 29 Sep 2014 9:32 PTG 寫道:
>>
>> I am evaluating Samba 4 as a replacement for our existing Windows 2003 servers, as the cost to license 2008 and CALS is not going to be in my companies budget.  Bear with me, as I have some basic experience with Linux and know a few things, I am by no means a fully trained Linux or Samba Jedi.
>>
>> My test environment goal is to have two Active Directory Domain Controllers and one Member Server with File Shares all running on Samba
>>
>> So far I have setup one AD Domain Controller (AD1)  I downloaded and compiled the latest source code doing the git mirror thing, and am running Samba 4.2.0prel-GIT-043585F on CentOS  6.5.  I used this HOWTO to configure the AD DC:  http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller
>>
>> This process all went smooth, and I was able to join my Windows 7 test machines to the domain and login successfully and use the RSAT tools successfully.
>>
>> I then setup the File server and made it a member server and joined it successfully to the domain, using these instructions here:  https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>
>> This went as expected
>>
>> I then setup my test share on the file server using the directions here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
>>
>> I actually partitioned/formatted a second disk with ext4 and put it in /etc/fstab with the user_xattr,acl support
>>
>> When I then go to remotely manage the share via a Win7 workstation and I go to computer manager and open the test file server (FS1) at first it looks good.  I then click on the "System Tools" section to expand it and I get "Event Viewer cannot connect to the computer FS1: The error reported is the RPC Server is unavailable"  I click OK on the error and it then say again it is connecting to FS1 and expand the section where I can see the Shared Folders.  As soon as I expand shared folders and click on shared I get the following "You do not have permissions to see the list of shares for Windows clients" and I will not let me see the shares.
>>
>> I then decided to make a share right on the Domain Controller itself, to see if it was something on the file server or something on the workstation.  When I go to computer management and connect to the DC (AD1)it connects, but when I expand System Tools, I get the following error "The Procedure Number is out of Range(1745)"  However after clicking "OK" on this error I am able to see and manage the Share and permissions as expected
>>
>> I have been scouring the net for 2 days to try to find and answer and I am at a standstill as to what to do next to fix or further troubleshoot the issue.  Any help or ideas would be greatly appreciated.
>>
>> Here is the smb.conf on my Domain Controller
>>
>> #Global parameters
>> [global]
>>        workgroup = INCENTA
>>        realm = INCENTA.LOCAL
>>        netbios name = AD1
>>        server role = active directory domain controller
>>        dns forwarder = 8.8.8.8
>>        vfs objects = acl_xattr
>>        map acl inherit = Yes
>>        store dos attributes = Yes
>>
>> [netlogon]
>>        path = /usr/local/samba/var/locks/sysvol/incenta.local/scripts
>>        read only = No
>>
>> [sysvol]
>>        path = /usr/local/samba/var/locks/sysvol
>>        read only = No
>>
>> [Demo]
>> path = /DATA/Demo
>> read only = no
>>
>>
>>
>> Here is the smb.conf on my file server
>>
>> [global]
>>
>>   netbios name = FS1
>>   workgroup = INCENTA
>>   security = ADS
>>   realm = INCENTA.LOCAL
>>   encrypt passwords = yes
>>
>>   idmap config *:backend = tdb
>>   idmap config *:range = 70001=80000
>>   idmap config INCENTA:backend = ad
>>   idmap config INCENTA:schema_mode = rfc2307
>>   idmap config INCENTA:range = 500-40000
>>
>>   winbind nss info = rfc2307
>>   winbind trusted domains only = no
>>   winbind use default domain = yes
>>   winbind enum users = yes
>>   winbind enum groups = yes
>>
>>   vfs objects = acl_xattr
>>   map acl inherit = Yes
>>   store dos attributes = Yes
>>
>>
>> [Demo]
>> path = /DATA/Demo
>> read only = no
>>
>>
>>
>>
>>
>>
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list