[Samba] RPC, DCOM, 1745 and Other Errors

Thomas Mulkey tmulkey at incentafcu.org
Mon Sep 29 11:38:18 MDT 2014


James - I tried doing a chmod 777 on the shared directory and it made no difference.  

Taylor - I am fine with starting the domain over fresh if I go with Linux.  We only have about 60 pc's joined that I would need to go massage the profiles on.  We do have an exchange server, but we plan to move those to a cloud provider in short order so I don't need to keep my old domain around.  I could probably live without a domain except for compliance reasons I need to make sure password changes happen and I have a few Domain Security policies to force out.

Chan Min Wai - I created the share in the smb.conf by putting the following in the smb.conf

[Demo]
path = /DATA/Demo
read only = no

>From reading the document though it says you should then be able to manage the share via windows, which I can when it is on the Domain Controller just not from the member server.  It also says I can use the classic way of doing it all through the smb.conf (which may be an option, since I only have 3 or 4 shares totaling <200GB which I am dealing with), as long as I can get the home directories working right (which I haven't got to test yet)  I guess another option may be to just have the File server be an additional DC, but in the Microsoft World that was kind of a no no.  

I did do the SeDiskOperatorPriviledge thing originally.  However the command it gives to review does not work quite right.  

net rpc rights list accounts -Uadministrator

It seems to only show local accounts and not the domain accounts, so I haven't been able to verify it is set, but I would believe it is since I can manage the shares on the domain controller after receiving just the one error. 




-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of James
Sent: Monday, September 29, 2014 10:59 AM
To: Thomas Mulkey; samba at lists.samba.org
Subject: Re: [Samba] RPC, DCOM, 1745 and Other Errors

Hello Thomas,

     I've only been able to get shares working correctly if I gave the file share read,write, execute for all permissions(chmod 777). I then use Windows to set the ACL's. Based on the Wiki it's not needed but I've never had any luck without using it.

On 9/29/2014 9:32 AM, Thomas Mulkey wrote:
> I am evaluating Samba 4 as a replacement for our existing Windows 2003 servers, as the cost to license 2008 and CALS is not going to be in my companies budget.  Bear with me, as I have some basic experience with Linux and know a few things, I am by no means a fully trained Linux or Samba Jedi.
>
> My test environment goal is to have two Active Directory Domain 
> Controllers and one Member Server with File Shares all running on 
> Samba
>
> So far I have setup one AD Domain Controller (AD1)  I downloaded and 
> compiled the latest source code doing the git mirror thing, and am 
> running Samba 4.2.0prel-GIT-043585F on CentOS  6.5.  I used this HOWTO 
> to configure the AD DC:  
> http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-do
> main-controller
>
> This process all went smooth, and I was able to join my Windows 7 test machines to the domain and login successfully and use the RSAT tools successfully.
>
> I then setup the File server and made it a member server and joined it 
> successfully to the domain, using these instructions here:  
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> This went as expected
>
> I then setup my test share on the file server using the directions 
> here: 
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_
> Windows_ACLs
>
> I actually partitioned/formatted a second disk with ext4 and put it in 
> /etc/fstab with the user_xattr,acl support
>
> When I then go to remotely manage the share via a Win7 workstation and I go to computer manager and open the test file server (FS1) at first it looks good.  I then click on the "System Tools" section to expand it and I get "Event Viewer cannot connect to the computer FS1: The error reported is the RPC Server is unavailable"  I click OK on the error and it then say again it is connecting to FS1 and expand the section where I can see the Shared Folders.  As soon as I expand shared folders and click on shared I get the following "You do not have permissions to see the list of shares for Windows clients" and I will not let me see the shares.
>
> I then decided to make a share right on the Domain Controller itself, 
> to see if it was something on the file server or something on the 
> workstation.  When I go to computer management and connect to the DC 
> (AD1)it connects, but when I expand System Tools, I get the following 
> error "The Procedure Number is out of Range(1745)"  However after 
> clicking "OK" on this error I am able to see and manage the Share and 
> permissions as expected
>
> I have been scouring the net for 2 days to try to find and answer and I am at a standstill as to what to do next to fix or further troubleshoot the issue.  Any help or ideas would be greatly appreciated.
>
> Here is the smb.conf on my Domain Controller
>
> #Global parameters
> [global]
>          workgroup = INCENTA
>          realm = INCENTA.LOCAL
>          netbios name = AD1
>          server role = active directory domain controller
>          dns forwarder = 8.8.8.8
>          vfs objects = acl_xattr
>          map acl inherit = Yes
>          store dos attributes = Yes
>
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/incenta.local/scripts
>          read only = No
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
> [Demo]
> path = /DATA/Demo
> read only = no
>
>
>
> Here is the smb.conf on my file server
>
> [global]
>
>     netbios name = FS1
>     workgroup = INCENTA
>     security = ADS
>     realm = INCENTA.LOCAL
>     encrypt passwords = yes
>
>     idmap config *:backend = tdb
>     idmap config *:range = 70001=80000
>     idmap config INCENTA:backend = ad
>     idmap config INCENTA:schema_mode = rfc2307
>     idmap config INCENTA:range = 500-40000
>
>     winbind nss info = rfc2307
>     winbind trusted domains only = no
>     winbind use default domain = yes
>     winbind enum users = yes
>     winbind enum groups = yes
>
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
>
> [Demo]
> path = /DATA/Demo
> read only = no
>
>
>
>
>
>
>
>

--
-James

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list