Andrey Repin
2015-Mar-27 20:01 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
Greetings, All! I'm trying final steps of my long upgrade process, but I've got hit by the unexpected. When everything seemingly run fine in the end, I'm unable to browse the local shares of the DC. # smbclient -L localhost -U% Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] Sharename Type Comment --------- ---- ------- Error returning browse list: NT_STATUS_ACCESS_DENIED Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] Server Comment --------- ------- Workgroup Master --------- ------- At the same time, # wbinfo -t checking the trust secret for domain CCENTER via RPC calls succeeded and `wbinfo -u' correctly listing the domain members. I've tried to instal libnss-winbind, but that seems to not have helped. # ls -ld /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ drwxrwx---+ 2 30001 544 4096 Mar 27 21:41 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ # testparm -s Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC [global] workgroup = CCENTER realm = ads.ccenter.lan interfaces = lo, 192.168.17.0/24 server role = active directory domain controller passdb backend = samba_dsdb rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external idmap config CCENTER:range = 1000 - 50000 idmap config CCENTER:backend = ad idmap config *:range = 100000 - 999999 idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr [netlogon] path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Anything I can try to resolve the problem? Or should I try upgrade with different options? Upgrade log attached. (This is a test installation, so don't be concerned with passwords. I'd likely restart it several more times before I get the process all straight.) -- WBR, Andrey Repin (anrdaemon at yandex.ru) 27.03.2015, <22:40> Sorry for my terrible english...
Rowland Penny
2015-Mar-27 20:34 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
On 27/03/15 20:01, Andrey Repin wrote:> Greetings, All! > > I'm trying final steps of my long upgrade process, but I've got hit by the > unexpected. > > When everything seemingly run fine in the end, I'm unable to browse the local > shares of the DC. > > # smbclient -L localhost -U% > Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] > > Sharename Type Comment > --------- ---- ------- > Error returning browse list: NT_STATUS_ACCESS_DENIED > Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] > > Server Comment > --------- ------- > > Workgroup Master > --------- ------- > > At the same time, > > # wbinfo -t > checking the trust secret for domain CCENTER via RPC calls succeeded > > and `wbinfo -u' correctly listing the domain members. > > I've tried to instal libnss-winbind, but that seems to not have helped. > > # ls -ld /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ > drwxrwx---+ 2 30001 544 4096 Mar 27 21:41 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ > > # testparm -s > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[netlogon]" > Processing section "[sysvol]" > Loaded services file OK. > Server role: ROLE_ACTIVE_DIRECTORY_DC > [global] > workgroup = CCENTER > realm = ads.ccenter.lan > interfaces = lo, 192.168.17.0/24 > server role = active directory domain controller > passdb backend = samba_dsdb > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > idmap config CCENTER:range = 1000 - 50000 > idmap config CCENTER:backend = ad > idmap config *:range = 100000 - 999999 > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4, acl_xattr > > [netlogon] > path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Anything I can try to resolve the problem? Or should I try upgrade with > different options? > Upgrade log attached. > (This is a test installation, so don't be concerned with passwords. I'd > likely restart it several more times before I get the process all straight.) > > > >OK, remove most of the lines you have added, so you smb.conf looks something like this: [global] workgroup = CCENTER realm = ads.ccenter.lan netbios name = DC_NAME server role = active directory domain controller forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes interfaces = lo, 192.168.17.0/24 [netlogon] path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Check that you have these packages are installed: libnss-winbind libpam-winbind libpam-krb5 check that the passwd & group lines in /etc/nsswitch.conf have 'winbind' added to them. Rowland
Andrey Repin
2015-Mar-27 22:47 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny!>> I'm trying final steps of my long upgrade process, but I've got hit by the >> unexpected. >> >> When everything seemingly run fine in the end, I'm unable to browse the local >> shares of the DC. >> >> # smbclient -L localhost -U% >> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] >> >> Sharename Type Comment >> --------- ---- ------- >> Error returning browse list: NT_STATUS_ACCESS_DENIED >> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] >> >> Server Comment >> --------- ------- >> >> Workgroup Master >> --------- ------- >> >> At the same time, >> >> # wbinfo -t >> checking the trust secret for domain CCENTER via RPC calls succeeded >> >> and `wbinfo -u' correctly listing the domain members. >> >> I've tried to instal libnss-winbind, but that seems to not have helped. >> >> # ls -ld /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ >> drwxrwx---+ 2 30001 544 4096 Mar 27 21:41 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ >> >> # testparm -s >> Load smb config files from /etc/samba/smb.conf >> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >> Processing section "[netlogon]" >> Processing section "[sysvol]" >> Loaded services file OK. >> Server role: ROLE_ACTIVE_DIRECTORY_DC >> [global] >> workgroup = CCENTER >> realm = ads.ccenter.lan >> interfaces = lo, 192.168.17.0/24 >> server role = active directory domain controller >> passdb backend = samba_dsdb >> rpc_server:tcpip = no >> rpc_daemon:spoolssd = embedded >> rpc_server:spoolss = embedded >> rpc_server:winreg = embedded >> rpc_server:ntsvcs = embedded >> rpc_server:eventlog = embedded >> rpc_server:srvsvc = embedded >> rpc_server:svcctl = embedded >> rpc_server:default = external >> idmap config CCENTER:range = 1000 - 50000 >> idmap config CCENTER:backend = ad >> idmap config *:range = 100000 - 999999 >> idmap_ldb:use rfc2307 = yes >> idmap config * : backend = tdb >> map archive = No >> map readonly = no >> store dos attributes = Yes >> vfs objects = dfs_samba4, acl_xattr >> >> [netlogon] >> path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts >> read only = No >> >> [sysvol] >> path = /var/lib/samba/sysvol >> read only = No >> >> Anything I can try to resolve the problem? Or should I try upgrade with >> different options? >> Upgrade log attached. >> (This is a test installation, so don't be concerned with passwords. I'd >> likely restart it several more times before I get the process all straight.) >> >> >> >>> OK, remove most of the lines you have added, so you smb.conf looks > something like this:I tried with that config initially, with same results, but ok. I'll try again.> [global] > workgroup = CCENTER > realm = ads.ccenter.lan > netbios name = DC_NAME > server role = active directory domain controller > forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > interfaces = lo, 192.168.17.0/24> [netlogon] > path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts > read only = No> [sysvol] > path = /var/lib/samba/sysvol > read only = No> Check that you have these packages are installed: libnss-winbind > libpam-winbindUm. Missed! x.x> libpam-krb5No such package. Is it known by any other name? Ubuntu 12.04 here, if that matters. Samba from ppa:9v-shaun-42/samba4.> check that the passwd & group lines in /etc/nsswitch.conf have 'winbind' > added to them.I've added passwd: compat winbind group: compat winbind and restarted the migration one more time. Something... happened. # ls -ld /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ drwxrwx---+ 2 CCENTER\Administrator 544 4096 Mar 28 01:33 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ # ls -lnd /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ drwxrwx---+ 2 30001 544 4096 Mar 28 01:33 /var/lib/samba/sysvol/ads.ccenter.lan/scripts/ But # smbclient -L localhost -U% Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] Sharename Type Comment --------- ---- ------- Error returning browse list: NT_STATUS_ACCESS_DENIED Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] Server Comment --------- ------- Workgroup Master --------- ------- # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis # samba-tool testparm --suppress-prompt # Global parameters [global] workgroup = CCENTER realm = ads.ccenter.lan netbios name = DC1 interfaces = lo, 192.168.17.0/24 server role = active directory domain controller dns forwarder = 192.168.17.1 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/ads.ccenter.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No -- WBR, Andrey Repin (anrdaemon at yandex.ru) 28.03.2015, <01:20> Sorry for my terrible english...
Andrey Repin
2015-Mar-29 22:16 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny! Got some logs. But... they do not make much sense. It seems to fail to chdir to /tmp. But I can do it with sudo just fine under the same credentials. What's going on? [2015/03/30 01:05:38.027147, 3, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2015/03/30 01:05:38.027425, 3, effective(0, 0), real(0, 0)] ../source3/smbd/oplock.c:870(init_oplocks) init_oplocks: initializing messages. [2015/03/30 01:05:38.027695, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 0 of length 194 (0 toread) [2015/03/30 01:05:38.027728, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBnegprot (pid 882) conn 0x0 [2015/03/30 01:05:38.033749, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2015/03/30 01:05:38.033869, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2015/03/30 01:05:38.033930, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2015/03/30 01:05:38.033989, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [LANMAN1.0] [2015/03/30 01:05:38.034055, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [LM1.2X002] [2015/03/30 01:05:38.034116, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [DOS LANMAN2.1] [2015/03/30 01:05:38.034177, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [LANMAN2.1] [2015/03/30 01:05:38.034234, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [Samba] [2015/03/30 01:05:38.034323, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [NT LANMAN 1.0] [2015/03/30 01:05:38.034376, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [NT LM 0.12] [2015/03/30 01:05:38.066076, 2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module) Module 'samba4' loaded [2015/03/30 01:05:38.067018, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_spnego' registered [2015/03/30 01:05:38.067085, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_krb5' registered [2015/03/30 01:05:38.067129, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2015/03/30 01:05:38.067173, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'schannel' registered [2015/03/30 01:05:38.067215, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'spnego' registered [2015/03/30 01:05:38.067280, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'ntlmssp' registered [2015/03/30 01:05:38.067330, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'krb5' registered [2015/03/30 01:05:38.067371, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2015/03/30 01:05:38.068387, 3, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2015/03/30 01:05:38.069598, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'sam' registered [2015/03/30 01:05:38.069684, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'sam_ignoredomain' registered [2015/03/30 01:05:38.069729, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'anonymous' registered [2015/03/30 01:05:38.069802, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'winbind' registered [2015/03/30 01:05:38.069848, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'winbind_wbclient' registered [2015/03/30 01:05:38.069910, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'name_to_ntstatus' registered [2015/03/30 01:05:38.069958, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'unix' registered [2015/03/30 01:05:38.088423, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:384(reply_nt1) using SPNEGO [2015/03/30 01:05:38.088497, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:671(reply_negprot) Selected protocol NT LANMAN 1.0 [2015/03/30 01:05:38.088901, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 1 of length 92 (0 toread) [2015/03/30 01:05:38.088973, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBsesssetupX (pid 882) conn 0x0 [2015/03/30 01:05:38.094128, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:604(reply_sesssetup_and_X) wct=13 flg2=0xc843 [2015/03/30 01:05:38.094250, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:818(reply_sesssetup_and_X) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[null] [2015/03/30 01:05:38.094299, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:834(reply_sesssetup_and_X) sesssetupX:name=[]\[]@[127.0.0.1] [2015/03/30 01:05:38.094367, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:89(check_guest_password) Got anonymous request [2015/03/30 01:05:38.096168, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user []\[]@[] auth_check_password_send: mapped user is: [CCENTER]\[]@[] [2015/03/30 01:05:38.098786, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 2 of length 88 (0 toread) [2015/03/30 01:05:38.098854, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBtconX (pid 882) conn 0x0 [2015/03/30 01:05:38.099031, 3, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2015/03/30 01:05:38.099142, 3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:612(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2015/03/30 01:05:38.099903, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2015/03/30 01:05:38.099972, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2015/03/30 01:05:38.100022, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [acl_xattr] [2015/03/30 01:05:38.118613, 2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module) Module 'acl_xattr' loaded [2015/03/30 01:05:38.118757, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [dfs_samba4] [2015/03/30 01:05:38.125409, 2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module) Module 'dfs_samba4' loaded [2015/03/30 01:05:38.125440, 2, effective(0, 0), real(0, 0)] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ [2015/03/30 01:05:38.127532, 3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:856(make_connection_snum) 127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially as user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882) [2015/03/30 01:05:38.127627, 3, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:1024(reply_tcon_and_X) tconX service=IPC$ [2015/03/30 01:05:38.128477, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 3 of length 106 (0 toread) [2015/03/30 01:05:38.128537, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBntcreateX (pid 882) conn 0xb893b588 [2015/03/29 22:05:38.128622, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/service.c:197(set_current_service) chdir (/tmp) failed, reason: Permission denied [2015/03/29 22:05:38.128674, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/process.c(1524) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2015/03/29 22:05:38.138398, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 4 of length 118 (0 toread) [2015/03/29 22:05:38.138453, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBtrans (pid 882) conn 0xb893b588 [2015/03/29 22:05:38.138494, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/service.c:197(set_current_service) chdir (/tmp) failed, reason: Permission denied [2015/03/29 22:05:38.138529, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED [2015/03/29 22:05:38.139702, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 5 of length 39 (0 toread) [2015/03/29 22:05:38.139771, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBtdis (pid 882) conn 0xb893b588 [2015/03/30 01:05:38.139897, 3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1130(close_cnum) 127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$ [2015/03/30 01:05:38.141264, 3, effective(0, 0), real(0, 0)] ../source3/smbd/server_exit.c:221(exit_server_common) Server exit (failed to receive smb request) -- WBR, Andrey Repin (anrdaemon at yandex.ru) 30.03.2015, <01:15> Sorry for my terrible english...
Andrey Repin
2015-Apr-02 23:27 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
Greetings, All!> I'm trying final steps of my long upgrade process, but I've got hit by the > unexpected.> When everything seemingly run fine in the end, I'm unable to browse the local > shares of the DC.> # smbclient -L localhost -U% > Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]> Sharename Type Comment > --------- ---- ------- > Error returning browse list: NT_STATUS_ACCESS_DENIED > Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu]> Server Comment > --------- -------> Workgroup Master > --------- -------Turned out, the /tmp directory was not accessible to the user "nobody" for some mysterious reason. (So that sudo -u '#65534' ls -l /tmp || echo 'Fail!' resulted in "Fail!") Repeating the tests with freshly generated setup turned out successfully. At least, in this specific case. -- With best regards, Andrey Repin Friday, April 3, 2015 02:24:47 Sorry for my terrible english...
Rowland Penny
2015-Apr-03 08:45 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
On 03/04/15 00:27, Andrey Repin wrote:> Greetings, All! > >> I'm trying final steps of my long upgrade process, but I've got hit by the >> unexpected. >> When everything seemingly run fine in the end, I'm unable to browse the local >> shares of the DC. >> # smbclient -L localhost -U% >> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] >> Sharename Type Comment >> --------- ---- ------- >> Error returning browse list: NT_STATUS_ACCESS_DENIED >> Domain=[CCENTER] OS=[Unix] Server=[Samba 4.1.11-Ubuntu] >> Server Comment >> --------- ------- >> Workgroup Master >> --------- ------- > Turned out, the /tmp directory was not accessible to the user "nobody" for > some mysterious reason. (So that > > sudo -u '#65534' ls -l /tmp || echo 'Fail!' > > resulted in "Fail!") > > Repeating the tests with freshly generated setup turned out successfully. > At least, in this specific case. > >I said that you probably had a problem with /tmp 3 days ago (but not in those words) Rowland