samba - Mar 2014 - Managing Samba4 shares from Windows "Security Tab Missing"

When I try to manage samba shares from windows, I cannot reliably get the
Security Tab to show up.  I have tried many reprovisions, sometimes it works,
sometimes not.  I cannot figure out what I'm doing wrong.

How the domain is provisioned...

samba-tool domain provision \
    --domain=avails \
    --host-name=fs.avails.com \
    --host-ip=10.2.2.1 \
    --adminpass='not2forget!' \
    --dns-backend=BIND9_DLZ \
    --next-rid=10000 \
    --use-xattrs=yes \
    --use-rfc2307 \
    --realm=avails.avails.com \

chgrp bind /var/lib/samba/private/named.conf
net rpc rights grant 'avails\Domain Admins' SeDiskOperatorPrivilege
-Uadministrator%'not2forget!'
net rpc rights grant 'avails\Domain Admins' SePrintOperatorPrivilege
-Uadministrator%'not2forget!'

smb.conf
[global]
        workgroup = AVAILS
        realm = avails.avails.com
        netbios name = FS.AVAILS.COM
        server role = active directory domain controller
        passdb backend = samba_dsdb
        log file = /var/log/samba/%m.log
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
        idmap_ldb:use rfc2307 = yes
        rpc_server:default = external
        rpc_server:svcctl = embedded
        rpc_server:srvsvc = embedded
        rpc_server:eventlog = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:winreg = embedded
        rpc_server:spoolss = embedded
        rpc_daemon:spoolssd = embedded
        rpc_server:tcpip = no
        idmap config * : backend = tdb
        map acl inherit = Yes
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4, acl_xattr

[netlogon]
        path = /var/lib/samba/sysvol/avails.avails.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[home]
        comment = Home Directories
        path = /smbshares/home
        admin users = Administrator
        read only = No

[Profiles]
        comment = Roaming Profile Share
        path = /smbshares/profiles
        admin users = Administrator
        read only = No



-- 
Bo Kersey 
VirCIO - managed network solutions 
4314 Avenue C 
Austin, TX 78751 
phone: (512)374-0500

Embarrassing to find the solution right after posting....
I'm running Version 4.1.6-SerNet-Ubuntu-7.precise

The security tab does NOT show up if I use the default setting of:
vfs objects = dfs_samba4, acl_xattr
If I change this to:
vfs objects = acl_xattr

The Security tab show up.  Now the question is, could someone tell me why? Do I
need dfs_samba4?

Thanks!
Bo


----- Original Message -----
> From: "Bo Kersey" <bo at vircio.com>
> To: "samba" <samba at lists.samba.org>
> Sent: Wednesday, March 26, 2014 8:13:07 AM
> Subject: [Samba] Managing Samba4 shares from Windows "Security Tab
Missing"
> 
> When I try to manage samba shares from windows, I cannot reliably get the
> Security Tab to show up.  I have tried many reprovisions, sometimes it
> works, sometimes not.  I cannot figure out what I'm doing wrong.
> 
> How the domain is provisioned...
> 
> samba-tool domain provision \
>     --domain=avails \
>     --host-name=fs.avails.com \
>     --host-ip=10.2.2.1 \
>     --adminpass='not2forget!' \
>     --dns-backend=BIND9_DLZ \
>     --next-rid=10000 \
>     --use-xattrs=yes \
>     --use-rfc2307 \
>     --realm=avails.avails.com \
> 
> chgrp bind /var/lib/samba/private/named.conf
> net rpc rights grant 'avails\Domain Admins' SeDiskOperatorPrivilege
> -Uadministrator%'not2forget!'
> net rpc rights grant 'avails\Domain Admins'
SePrintOperatorPrivilege
> -Uadministrator%'not2forget!'
> 
> smb.conf
> [global]
>         workgroup = AVAILS
>         realm = avails.avails.com
>         netbios name = FS.AVAILS.COM
>         server role = active directory domain controller
>         passdb backend = samba_dsdb
>         log file = /var/log/samba/%m.log
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>         winbind, ntp_signd, kcc, dnsupdate
>         idmap_ldb:use rfc2307 = yes
>         rpc_server:default = external
>         rpc_server:svcctl = embedded
>         rpc_server:srvsvc = embedded
>         rpc_server:eventlog = embedded
>         rpc_server:ntsvcs = embedded
>         rpc_server:winreg = embedded
>         rpc_server:spoolss = embedded
>         rpc_daemon:spoolssd = embedded
>         rpc_server:tcpip = no
>         idmap config * : backend = tdb
>         map acl inherit = Yes
>         map archive = No
>         map readonly = no
>         store dos attributes = Yes
>         vfs objects = dfs_samba4, acl_xattr
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/avails.avails.com/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> [home]
>         comment = Home Directories
>         path = /smbshares/home
>         admin users = Administrator
>         read only = No
> 
> [Profiles]
>         comment = Roaming Profile Share
>         path = /smbshares/profiles
>         admin users = Administrator
>         read only = No
> 
> 
> 
> --
> Bo Kersey
> VirCIO - managed network solutions
> 4314 Avenue C
> Austin, TX 78751
> phone: (512)374-0500
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
-- 
Bo Kersey 
VirCIO - managed network solutions 
4314 Avenue C 
Austin, TX 78751 
phone: (512)374-0500