samba - Aug 2013 - AD DC eventually not browsable without restart

I have a SerNet Samba 4.0.8 AD DC running on CentOS 6.4 (newdc) 
replicating from a W2K3 DC (olddc).  When I first launch Samba using 
`sudo samba`, I can go to the Windows server and browse to \\newdc in 
Explorer, and I see mytestshare, netlogon, printers, sysvol, and 
"Printers and Faxes".

After a while (I'm not sure how long precisely, but under 24 hours) I 
could not navigate to \\newdc without the following error:

---------------------------
\\newdc
---------------------------
\\newdc is not accessible. You might not have permission to use this 
network resource. Contact the administrator of this server to find out 
if you have access permissions.

The Server service is not started.
---------------------------
OK
---------------------------

But in the interim, I had not been doing anything in the system, so I'm 
not sure what might have caused it.  One time it even happened on a 
weekend when no backup or anything particularly special is scheduled 
while I was away.

Anyway, running `sudo killall samba` and then `sudo samba` makes it 
suddenly browsable again.

This is happening every day.  I guess it would be best to figure this 
problem out before we make Samba the only DC.

Here's my smb.conf, mostly set up by samba-tool, and now a work in 
progress to add the extras we will use:

# Global parameters
[global]
         workgroup = MYDOMAIN
         realm = mydomain.lan
         netbios name = NEWDC
         server role = active directory domain controller
         server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate, smb, dns
         allow dns updates = true
         dns forwarder = 192.168.1.1
#        dns recursive queries = yes
         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
eventlog6, backupkey, dnsserver, winreg, srvsvc
#       dcerpc endpoint servers = winreg srvsvc
         load printers = yes
         printing = cups

[netlogon]
         path = /var/lib/samba/sysvol/mydomain.lan/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[printers]
      comment = All Printers
      path = /var/spool/samba
      browseable = Yes
      read only = No
      printable = Yes

[print$]
      comment = Point and Print Printer Drivers
      path = /var/lib/samba/printing
      read only = No

[mytestshare]
         path = /srv/mytestshare/
         read only = No


Any ideas?

Thanks,
Kev

You may want to see if it is this bug, which is fixed in 4.0.9:
https://bugzilla.samba.org/show_bug.cgi?id=9820



----- Original Message -----

From: "Kevin Field" <kev at brantaero.com> 
To: samba at lists.samba.org 
Sent: Tuesday, August 20, 2013 9:38:32 AM 
Subject: [Samba] AD DC eventually not browsable without restart 

I have a SerNet Samba 4.0.8 AD DC running on CentOS 6.4 (newdc) 
replicating from a W2K3 DC (olddc). When I first launch Samba using 
`sudo samba`, I can go to the Windows server and browse to \\newdc in 
Explorer, and I see mytestshare, netlogon, printers, sysvol, and 
"Printers and Faxes". 

After a while (I'm not sure how long precisely, but under 24 hours) I 
could not navigate to \\newdc without the following error: 

--------------------------- 
\\newdc 
--------------------------- 
\\newdc is not accessible. You might not have permission to use this 
network resource. Contact the administrator of this server to find out 
if you have access permissions. 

The Server service is not started. 
--------------------------- 
OK 
--------------------------- 

But in the interim, I had not been doing anything in the system, so I'm 
not sure what might have caused it. One time it even happened on a 
weekend when no backup or anything particularly special is scheduled 
while I was away. 

Anyway, running `sudo killall samba` and then `sudo samba` makes it 
suddenly browsable again. 

This is happening every day. I guess it would be best to figure this 
problem out before we make Samba the only DC. 

Here's my smb.conf, mostly set up by samba-tool, and now a work in 
progress to add the extras we will use: 

# Global parameters 
[global] 
workgroup = MYDOMAIN 
realm = mydomain.lan 
netbios name = NEWDC 
server role = active directory domain controller 
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate, smb, dns 
allow dns updates = true 
dns forwarder = 192.168.1.1 
# dns recursive queries = yes 
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
eventlog6, backupkey, dnsserver, winreg, srvsvc 
# dcerpc endpoint servers = winreg srvsvc 
load printers = yes 
printing = cups 

[netlogon] 
path = /var/lib/samba/sysvol/mydomain.lan/scripts 
read only = No 

[sysvol] 
path = /var/lib/samba/sysvol 
read only = No 

[printers] 
comment = All Printers 
path = /var/spool/samba 
browseable = Yes 
read only = No 
printable = Yes 

[print$] 
comment = Point and Print Printer Drivers 
path = /var/lib/samba/printing 
read only = No 

[mytestshare] 
path = /srv/mytestshare/ 
read only = No 


Any ideas? 

Thanks, 
Kev 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba