[Samba] Unable to browse system shares of a newly migrated AD DC

Andrey Repin anrdaemon at yandex.ru
Fri Mar 27 14:01:02 MDT 2015 

Greetings, All!

I'm trying final steps of my long upgrade process, but I've got hit by the
unexpected.

When everything seemingly run fine in the end, I'm unable to browse the local
shares of the DC.

# smbclient -L localhost -U%
Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]

        Sharename       Type      Comment
        ---------       ----      -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------

At the same time,

# wbinfo -t
checking the trust secret for domain CCENTER via RPC calls succeeded

and `wbinfo -u' correctly listing the domain members.

I've tried to instal libnss-winbind, but that seems to not have helped.

# ls -ld /var/lib/samba/sysvol/ads.ccenter.lan/scripts/
drwxrwx---+ 2 30001 544 4096 Mar 27 21:41 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/

# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
[global]
        workgroup = CCENTER
        realm = ads.ccenter.lan
        interfaces = lo, 192.168.17.0/24
        server role = active directory domain controller
        passdb backend = samba_dsdb
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        idmap config CCENTER:range = 1000 - 50000
        idmap config CCENTER:backend = ad
        idmap config *:range = 100000 - 999999
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4, acl_xattr

[netlogon]
        path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

Anything I can try to resolve the problem? Or should I try upgrade with
different options?
Upgrade log attached.
(This is a test installation, so don't be concerned with passwords. I'd
likely restart it several more times before I get the process all straight.)


-- 
WBR,
Andrey Repin (anrdaemon at yandex.ru) 27.03.2015, <22:40>

Sorry for my terrible english...

More information about the samba mailing list