[Samba] Unable to browse system shares of a newly migrated AD DC
Rowland Penny
rowlandpenny at googlemail.com
Fri Mar 27 14:34:23 MDT 2015
On 27/03/15 20:01, Andrey Repin wrote:
> Greetings, All!
>
> I'm trying final steps of my long upgrade process, but I've got hit by the
> unexpected.
>
> When everything seemingly run fine in the end, I'm unable to browse the local
> shares of the DC.
>
> # smbclient -L localhost -U%
> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]
>
> Sharename Type Comment
> --------- ---- -------
> Error returning browse list: NT_STATUS_ACCESS_DENIED
> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]
>
> Server Comment
> --------- -------
>
> Workgroup Master
> --------- -------
>
> At the same time,
>
> # wbinfo -t
> checking the trust secret for domain CCENTER via RPC calls succeeded
>
> and `wbinfo -u' correctly listing the domain members.
>
> I've tried to instal libnss-winbind, but that seems to not have helped.
>
> # ls -ld /var/lib/samba/sysvol/ads.ccenter.lan/scripts/
> drwxrwx---+ 2 30001 544 4096 Mar 27 21:41 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/
>
> # testparm -s
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Loaded services file OK.
> Server role: ROLE_ACTIVE_DIRECTORY_DC
> [global]
> workgroup = CCENTER
> realm = ads.ccenter.lan
> interfaces = lo, 192.168.17.0/24
> server role = active directory domain controller
> passdb backend = samba_dsdb
> rpc_server:tcpip = no
> rpc_daemon:spoolssd = embedded
> rpc_server:spoolss = embedded
> rpc_server:winreg = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:eventlog = embedded
> rpc_server:srvsvc = embedded
> rpc_server:svcctl = embedded
> rpc_server:default = external
> idmap config CCENTER:range = 1000 - 50000
> idmap config CCENTER:backend = ad
> idmap config *:range = 100000 - 999999
> idmap_ldb:use rfc2307 = yes
> idmap config * : backend = tdb
> map archive = No
> map readonly = no
> store dos attributes = Yes
> vfs objects = dfs_samba4, acl_xattr
>
> [netlogon]
> path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> Anything I can try to resolve the problem? Or should I try upgrade with
> different options?
> Upgrade log attached.
> (This is a test installation, so don't be concerned with passwords. I'd
> likely restart it several more times before I get the process all straight.)
>
>
>
>
OK, remove most of the lines you have added, so you smb.conf looks
something like this:
[global]
workgroup = CCENTER
realm = ads.ccenter.lan
netbios name = DC_NAME
server role = active directory domain controller
forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
interfaces = lo, 192.168.17.0/24
[netlogon]
path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Check that you have these packages are installed: libnss-winbind
libpam-winbind libpam-krb5
check that the passwd & group lines in /etc/nsswitch.conf have 'winbind'
added to them.
Rowland
More information about the samba
mailing list