[Samba] Unable to browse system shares of a newly migrated AD DC

Rowland Penny rowlandpenny at googlemail.com
Fri Mar 27 14:34:23 MDT 2015


On 27/03/15 20:01, Andrey Repin wrote:
> Greetings, All!
>
> I'm trying final steps of my long upgrade process, but I've got hit by the
> unexpected.
>
> When everything seemingly run fine in the end, I'm unable to browse the local
> shares of the DC.
>
> # smbclient -L localhost -U%
> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]
>
>          Sharename       Type      Comment
>          ---------       ----      -------
> Error returning browse list: NT_STATUS_ACCESS_DENIED
> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]
>
>          Server               Comment
>          ---------            -------
>
>          Workgroup            Master
>          ---------            -------
>
> At the same time,
>
> # wbinfo -t
> checking the trust secret for domain CCENTER via RPC calls succeeded
>
> and `wbinfo -u' correctly listing the domain members.
>
> I've tried to instal libnss-winbind, but that seems to not have helped.
>
> # ls -ld /var/lib/samba/sysvol/ads.ccenter.lan/scripts/
> drwxrwx---+ 2 30001 544 4096 Mar 27 21:41 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/
>
> # testparm -s
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Loaded services file OK.
> Server role: ROLE_ACTIVE_DIRECTORY_DC
> [global]
>          workgroup = CCENTER
>          realm = ads.ccenter.lan
>          interfaces = lo, 192.168.17.0/24
>          server role = active directory domain controller
>          passdb backend = samba_dsdb
>          rpc_server:tcpip = no
>          rpc_daemon:spoolssd = embedded
>          rpc_server:spoolss = embedded
>          rpc_server:winreg = embedded
>          rpc_server:ntsvcs = embedded
>          rpc_server:eventlog = embedded
>          rpc_server:srvsvc = embedded
>          rpc_server:svcctl = embedded
>          rpc_server:default = external
>          idmap config CCENTER:range = 1000 - 50000
>          idmap config CCENTER:backend = ad
>          idmap config *:range = 100000 - 999999
>          idmap_ldb:use rfc2307 = yes
>          idmap config * : backend = tdb
>          map archive = No
>          map readonly = no
>          store dos attributes = Yes
>          vfs objects = dfs_samba4, acl_xattr
>
> [netlogon]
>          path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts
>          read only = No
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> Anything I can try to resolve the problem? Or should I try upgrade with
> different options?
> Upgrade log attached.
> (This is a test installation, so don't be concerned with passwords. I'd
> likely restart it several more times before I get the process all straight.)
>
>
>
>

OK, remove most of the lines you have added, so you smb.conf looks 
something like this:

[global]
         workgroup = CCENTER
         realm = ads.ccenter.lan
         netbios name = DC_NAME
         server role = active directory domain controller
         forwarder = 8.8.8.8
         idmap_ldb:use rfc2307 = yes
         interfaces = lo, 192.168.17.0/24

[netlogon]
         path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No


Check that you have these packages are installed: libnss-winbind 
libpam-winbind libpam-krb5

check that the passwd & group lines in /etc/nsswitch.conf have 'winbind' 
added to them.

Rowland


More information about the samba mailing list