[Samba] Samba4 DC is not visible in network neighborhood

Andrey Repin anrdaemon at yandex.ru
Sun Nov 22 09:14:25 UTC 2015 

Greetings, Rowland Penny!

>>>> Is there at last a solution? I've only found questions, in the list, and on
>>>> the network.
>>>>
>>>> The issue is that DC built on Samba4 does not report to network browsers
>>>> neither it is participating in election to become browser itself.
>>>> Consequently, it is not visible in the neighborhood neither on Windows, nor on
>>>> Linux.
>>>>
>>>> I've managed to force a second Linux host (member server) become a local
>>>> browser. At least, I can see it and other hosts now. But not the DC itself.
>>>>
>>>>
>>> Hi Andrey,
>>> In that case you did exactly what you were supposed to do. :)
>>> Browsing is turned off for the DC by design, and this will not change.
>>> Use member servers to implement browsing.
>> And how am I supposed to address the DC then?
>> For all my attempts, I've had to conclude that member servers can't be
>> configured to manage shares with native ACL's. No matter what I do, I always
>> get "access denied" on a member server when trying to setup share permissions
>> on a member server using Windows tools.
>> So far, the only solution was to move ACL-sensitive services to the DC.
>> But this is really not a solution. Only a workaround.
>>
>>

> What do you mean 'native ACLs' ?

Err, okay, "windows ACL's", not "native (POSIX)". Was writing in a
less-than-sane state of mind.

> you should be able to manage access to a share on a domain member from a 
> windows machine,

Should be, that much I've gathered from wiki. But it is already nine months
that I'm unable to implement it.

> see this page on the wiki:
> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs

> If you follow the various pages on the wiki, you should be able make it 
> work, if you cannot, you are doing something wrong.

So, what I'm doing wrong? I've followed the wiki multiple times to the point.
If you have any diagnostics in mind, please suggest, because this is tiring.

The smb.conf is attached, the member server do see the users correctly.

# wbinfo -i domainuser
domainuser:*:10000:513::/home/domainuser:/bin/bash

# getent passwd domainuser
domainuser:*:10000:513::/home/domainuser:/bin/bash


-- 
With best regards,
Andrey Repin
Sunday, November 22, 2015 12:01:09

Sorry for my terrible english...
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: smb.conf.txt
URL: <http://lists.samba.org/pipermail/samba/attachments/20151122/e2c54367/smb.conf.txt>

More information about the samba mailing list