[Samba] RPC, DCOM, 1745 and Other Errors

Chan Min Wai dcmwai at gmail.com
Mon Sep 29 11:28:38 MDT 2014 

Hi Taylor,

Well I've my win2k8 DC partially removed.
What I hate most is that samba will fill up the win2k8 Dc was not found in
both the syslog and also the samba log.

Other than that...

I think it work well.

Is there other issue I'm not aware of?

Thank You.

On Tue, Sep 30, 2014 at 12:07 AM, Taylor, Jonn <jonnt at taylortelephone.com>
wrote:

> On 09/29/2014 10:01 AM, Chan Min Wai wrote:
> > Dear Thomas,
> >
> > You are on the right path.
> > However there are limitations that you should know.
> >
> > 1. We cannot add/remove shared drive via RPC yet. (Unless I missed
> something, do correct me if I'm wrong I'll be happy if that run)
> >
> > Adding and removing share on samba require changes on smb.conf.
> >
> > You can look on the guide below on how to add them in.
> >
> >
> > 2. Disks share access control on domain computer.
> > Have a look on this guide.
> > You will need that additions access
> >
> > SeDiskOperatorPrivilege
> >
> >
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
> >
> > Hope these info help and may the source be with you.
> >
> >
> > As for your upgrade path.
> > You should try this. Since samba Dc is not compatible with 2003.
> >
> > 1. Upgrade both your windows to 2008 no R2 trial.
> > 2. Promoting the whole dc to 2008.
> > 3. Join samba DC, work on the symbol replication from windows to Linux.
> > 4. Transfer FSMO
> > 5. Demote your 2 DC or make them your member server/files server.
> The only problem with this is that you can not demote the 2 DC's once
> you join a samba 4 AD server to your domain. This is a BUG that has been
> a real problem for a long time. I did this same thing a year ago with
> our domain and had to rebuild it from scratch.
>
>
> > 6 done.
> >
> >
> >
> > Regards,
> > Chan Min Wai
> >
> >> Thomas Mulkey <tmulkey at incentafcu.org> 於 29 Sep 2014 9:32 PTG 寫道:
> >>
> >> I am evaluating Samba 4 as a replacement for our existing Windows 2003
> servers, as the cost to license 2008 and CALS is not going to be in my
> companies budget.  Bear with me, as I have some basic experience with Linux
> and know a few things, I am by no means a fully trained Linux or Samba Jedi.
> >>
> >> My test environment goal is to have two Active Directory Domain
> Controllers and one Member Server with File Shares all running on Samba
> >>
> >> So far I have setup one AD Domain Controller (AD1)  I downloaded and
> compiled the latest source code doing the git mirror thing, and am running
> Samba 4.2.0prel-GIT-043585F on CentOS  6.5.  I used this HOWTO to configure
> the AD DC:
> http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller
> >>
> >> This process all went smooth, and I was able to join my Windows 7 test
> machines to the domain and login successfully and use the RSAT tools
> successfully.
> >>
> >> I then setup the File server and made it a member server and joined it
> successfully to the domain, using these instructions here:
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> >>
> >> This went as expected
> >>
> >> I then setup my test share on the file server using the directions
> here:
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
> >>
> >> I actually partitioned/formatted a second disk with ext4 and put it in
> /etc/fstab with the user_xattr,acl support
> >>
> >> When I then go to remotely manage the share via a Win7 workstation and
> I go to computer manager and open the test file server (FS1) at first it
> looks good.  I then click on the "System Tools" section to expand it and I
> get "Event Viewer cannot connect to the computer FS1: The error reported is
> the RPC Server is unavailable"  I click OK on the error and it then say
> again it is connecting to FS1 and expand the section where I can see the
> Shared Folders.  As soon as I expand shared folders and click on shared I
> get the following "You do not have permissions to see the list of shares
> for Windows clients" and I will not let me see the shares.
> >>
> >> I then decided to make a share right on the Domain Controller itself,
> to see if it was something on the file server or something on the
> workstation.  When I go to computer management and connect to the DC
> (AD1)it connects, but when I expand System Tools, I get the following error
> "The Procedure Number is out of Range(1745)"  However after clicking "OK"
> on this error I am able to see and manage the Share and permissions as
> expected
> >>
> >> I have been scouring the net for 2 days to try to find and answer and I
> am at a standstill as to what to do next to fix or further troubleshoot the
> issue.  Any help or ideas would be greatly appreciated.
> >>
> >> Here is the smb.conf on my Domain Controller
> >>
> >> #Global parameters
> >> [global]
> >>        workgroup = INCENTA
> >>        realm = INCENTA.LOCAL
> >>        netbios name = AD1
> >>        server role = active directory domain controller
> >>        dns forwarder = 8.8.8.8
> >>        vfs objects = acl_xattr
> >>        map acl inherit = Yes
> >>        store dos attributes = Yes
> >>
> >> [netlogon]
> >>        path = /usr/local/samba/var/locks/sysvol/incenta.local/scripts
> >>        read only = No
> >>
> >> [sysvol]
> >>        path = /usr/local/samba/var/locks/sysvol
> >>        read only = No
> >>
> >> [Demo]
> >> path = /DATA/Demo
> >> read only = no
> >>
> >>
> >>
> >> Here is the smb.conf on my file server
> >>
> >> [global]
> >>
> >>   netbios name = FS1
> >>   workgroup = INCENTA
> >>   security = ADS
> >>   realm = INCENTA.LOCAL
> >>   encrypt passwords = yes
> >>
> >>   idmap config *:backend = tdb
> >>   idmap config *:range = 70001=80000
> >>   idmap config INCENTA:backend = ad
> >>   idmap config INCENTA:schema_mode = rfc2307
> >>   idmap config INCENTA:range = 500-40000
> >>
> >>   winbind nss info = rfc2307
> >>   winbind trusted domains only = no
> >>   winbind use default domain = yes
> >>   winbind enum users = yes
> >>   winbind enum groups = yes
> >>
> >>   vfs objects = acl_xattr
> >>   map acl inherit = Yes
> >>   store dos attributes = Yes
> >>
> >>
> >> [Demo]
> >> path = /DATA/Demo
> >> read only = no
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list