[Samba] smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET
I'm running samba4 as an AD DC, built from git (built ~3 days ago), with about ~20 Windows 8 clients. I've noticed a number of errors in the logs, pasted below. That group of errors repeats pretty consistently for a lot of different client machines. [2013/09/08 08:12:14.539679, 2] ../source3/smbd/reply.c:592(reply_special) netbios connect: name1=SERVER-NAME 0x20 name2=RANDOM-DESKTOP 0x0 [2013/09/08 08:12:14.539809, 2] ../source3/smbd/reply.c:633(reply_special) netbios connect: local=server-name remote=random-desktop, name type = 0 [2013/09/08 08:12:14.561779, 2] ../lib/util/modules.c:191(do_smb_load_module) Module 'acl_xattr' loaded [2013/09/08 08:12:14.561813, 2] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ [2013/09/08 08:12:14.568974, 2] ../source3/smbd/reply.c:592(reply_special) netbios connect: name1=SERVER-NAME 0x20 name2=RANDOM-DESKTOP 0x0 [2013/09/08 08:12:14.569116, 2] ../source3/smbd/reply.c:633(reply_special) netbios connect: local=server-name remote=random-desktop, name type = 0 [2013/09/08 08:12:14.578691, 2] ../source3/smbd/sesssetup.c:542(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/09/08 08:12:14.582980, 2] ../source3/smbd/sesssetup.c:542(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/09/08 08:12:14.586679, 2] ../lib/util/modules.c:191(do_smb_load_module) Module 'acl_xattr' loaded [2013/09/08 08:12:14.586728, 2] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ [2013/09/08 08:12:25.252719, 2] ../source3/smbd/smb2_server.c:3250(smbd_smb2_request_incoming) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_DISCONNECTED [2013/09/08 08:12:58.311420, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 20701 -- ignoring [2013/09/08 08:13:58.373941, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 20707 -- ignoring [2013/09/08 08:14:58.436376, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 20708 -- ignoring [2013/09/08 08:15:58.498762, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21281 -- ignoring [2013/09/08 08:16:58.552461, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21282 -- ignoring [2013/09/08 08:17:58.556197, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21287 -- ignoring [2013/09/08 08:18:58.568045, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21294 -- ignoring [2013/09/08 08:19:58.630414, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21296 -- ignoring [2013/09/08 08:20:58.692823, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21886 -- ignoring [2013/09/08 08:21:58.755215, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21887 -- ignoring [2013/09/08 08:22:58.814452, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21890 -- ignoring [2013/09/08 08:23:58.830416, 2] ../source3/smbd/server.c:437(remove_child_pid) Could not find child 21896 -- ignoring Not sure if this is something I should be concerned about. smb.conf: [global] workgroup = CORP realm = CORP.EXAMPLE.COM netbios name = SERVER-NAME server role = active directory domain controller dns forwarder = 192.168.0.1 guest account = nobody load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes panic action = /home/semenko/panic-action %d log level = 2 smb:10 log file = /ramcache/log.%U [netlogon] path = /usr/local/samba/var/locks/sysvol/corp.example.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [profiles] path = /srv/samba/profiles read only = Yes writeable = No browseable = No vfs objects = fake_perms [homes] path = /home/CORP read only = No browseable = No -- Nick Semenkovich Laboratory of Dr. Jeffrey I. Gordon Medical Scientist Training Program School of Medicine Washington University in St. Louis http://nick.semenkovich.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Please Help! Dynamic DNS just will not work: failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure
Looks like bug https://bugzilla.samba.org/show_bug.cgi?id=9559 which looks like it'll be fixed in git momentarily. On Sat, Jun 1, 2013 at 1:59 AM, Gary Maurizi garymaur...@gmail.com wrote: I just can't seem to get dynamic DNS updates working on CentOS 6.4 with samba 4.0 .tar.gz from samba.org using BIND9_DLZ. If I run bind 9.8.2.rc1 in debug mode and go to a domain joined windows client and run 'ipconfig /registerdns' this is what I get in my console: 31-May-2013 23:51:06.520 client 10.0.0.106#54352: new TCP connection 31-May-2013 23:51:06.520 client 10.0.0.106#54352: replace 31-May-2013 23:51:06.520 clientmgr @0x7fe0575b5010: createclients 31-May-2013 23:51:06.520 clientmgr @0x7fe0575b5010: recycle 31-May-2013 23:51:06.520 client 10.0.0.106#54352: read 31-May-2013 23:51:06.520 client @0x7fe04c159600: accept 31-May-2013 23:51:06.529 client 10.0.0.106#54352: TCP request 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: using view 'internal-view' 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: request is not signed 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: recursion available 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: query 31-May-2013 23:51:06.529 failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Success. 31-May-2013 23:51:06.573 gss-api source name (accept) is gm-bed-desktop$@MTOLYMPUS.LOCAL 31-May-2013 23:51:06.573 process_gsstkey(): dns_tsigerror_noerror 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: send 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: sendto 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: senddone 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: next 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: endrequest 31-May-2013 23:51:06.573 client 10.0.0.106#54352: read 31-May-2013 23:51:06.609 client 10.0.0.106#54352: next 31-May-2013 23:51:06.609 client 10.0.0.106#54352: request failed: end of file 31-May-2013 23:51:06.609 client 10.0.0.106#54352: endrequest 31-May-2013 23:51:06.609 client 10.0.0.106#54352: closetcp ^C31-May-2013 23:51:29.665 shutting down 31-May-2013 23:51:29.665 stopping command channel on 127.0.0.1#953 31-May-2013 23:51:29.665 res 0x7fe0575c3010: shutdown 31-May-2013 23:51:29.665 res 0x7fe0575c3010: exiting I have checked file permissions everywhere I can think of, this is my 7th time following the official samba.org samba 4 primary domain controller tutorial and this has happened every single time. Everything else seems to be functioning, I can manage everything from a windows client with the AD snap-ins and the computer shows up in 'Computers and Users' snap in, it just does NOT have a DNS A record! Thank You! --GM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getfacl - winbind
Cool -- may be related to a similar issue I'm having with RSAT-created directors and getfacl: https://bugzilla.samba.org/show_bug.cgi?id=9842 On Fri, May 31, 2013 at 3:20 AM, Sandbox sandbox...@gmail.com wrote: Hi, LIttle update. As I discovered this problem happens only when you make the users home directory from RSAT (profiles - Start directory I'm not sure this is the correct name in the RSAT). When you let the system make the home directories the problem was not came up! I made a mkhomedir file to /usr/shares/pam-configs ; ran pam-aut-config Then su - user and the system creates the user's homedir. After this you can set the permissions with setflac and (re)set your user's start directory. Regards, Robert 2013/5/30 Sandbox sandbox...@gmail.com Hi, A nice problem came up. If I want to set directory permissions with getfacl or ls -la that directory or wbinfo --uid-info winbind is dieing and I got this error message in samba.log: == samba/samba.log == [2013/05/30 15:03:31, 0] ../lib/util/fault.c:72(fault_report) === [2013/05/30 15:03:31, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 3658 (4.0.5) Please read the Trouble-Shooting section of the Samba HOWTO [2013/05/30 15:03:31, 0] ../lib/util/fault.c:75(fault_report) === [2013/05/30 15:03:31, 0] ../lib/util/fault.c:144(smb_panic_default) PANIC: internal error The weird thing is getfacl working smooth on the directories in the domain root eg: TEST.DOMAIN/group01, but winbind?? dies when I want to list any subdirectory eg: TEST.DOMAIN/group01/user01 Regards, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Developmen state Samba as ADDC?
Not sure about documentation -- is there a particular feature you're looking for? I've been running Samba4 as an AD DC for a few months now with ~20 Windows 8 clients users. Minus one big issue (crashing bug 9822 which was patched quickly), it's been incredibly stable and easy to use. Samba4 is running with mapped home directories lots of group policies, perfectly fine. The only issues I have are relatively minor. They're: * A few rare crashes in smbd, which I see every week or two. ** https://bugzilla.samba.org/show_bug.cgi?id=9853 ** https://bugzilla.samba.org/show_bug.cgi?id=9873 Though these sound bad, they just crash one thread. The clients seem to work fine (worst case, one client will stall during a user logon, but is fine after restarting the client). * DNS updates w/ DHCP-assigned IPs don't work: ** https://bugzilla.samba.org/show_bug.cgi?id=9559 Looks like this is being worked on now. * Winbind crashes a lot: ** Repeatable crashes with ls -lha: https://bugzilla.samba.org/show_bug.cgi?id=9820 ** Repeatable crashes with getfacl: https://bugzilla.samba.org/show_bug.cgi?id=9842 * Samba has a few random errors in the log, which I'm not sure how to interpret ** Failed to modify SPNs: https://bugzilla.samba.org/show_bug.cgi?id=9848 All those issues are pretty rare or minor. Samba4 has been working great as an AD DC! Plus, the dev team is super responsive if you have a real, significant bug. - Nick On Sat, May 25, 2013 at 9:09 AM, Ulrich Schneider m...@ulrichschneider.de wrote: Hi everybody, I read about the development state ... samba as an ad domain controller and that many functions / group policies have been implemented. Still, there is some work in progress. Is there a documentation where I can look up the functions not implemented yet? Regards, Ulrich Schneider -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Developmen state Samba as ADDC?
Sure, hope my smb.conf is helpful: [global] workgroup = CORP realm = CORP.EXAMPLE.COM netbios name = SERVERNAME server role = active directory domain controller dns forwarder = 192.168.0.1 guest account = nobody load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes panic action = /bin/sleep [netlogon] path = /usr/local/samba/var/locks/sysvol/corp.example.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [homes] path = /home/CORP read only = No browseable = No [dropbox] path = /srv/samba/dropbox read only = No browseable = Yes create mask = 664 directory mask = 775 guest ok = Yes On Sat, May 25, 2013 at 12:08 PM, Ulrich Schneider m...@ulrichschneider.dewrote: Could you please post your smb.conf? That would be great. Thanks Am 25.05.13 16:29, schrieb Nick Semenkovich: Not sure about documentation -- is there a particular feature you're looking for? I've been running Samba4 as an AD DC for a few months now with ~20 Windows 8 clients users. Minus one big issue (crashing bug 9822 which was patched quickly), it's been incredibly stable and easy to use. Samba4 is running with mapped home directories lots of group policies, perfectly fine. The only issues I have are relatively minor. They're: * A few rare crashes in smbd, which I see every week or two. ** https://bugzilla.samba.org/**show_bug.cgi?id=9853https://bugzilla.samba.org/show_bug.cgi?id=9853 ** https://bugzilla.samba.org/**show_bug.cgi?id=9873https://bugzilla.samba.org/show_bug.cgi?id=9873 Though these sound bad, they just crash one thread. The clients seem to work fine (worst case, one client will stall during a user logon, but is fine after restarting the client). * DNS updates w/ DHCP-assigned IPs don't work: ** https://bugzilla.samba.org/**show_bug.cgi?id=9559https://bugzilla.samba.org/show_bug.cgi?id=9559 Looks like this is being worked on now. * Winbind crashes a lot: ** Repeatable crashes with ls -lha: https://bugzilla.samba.org/**show_bug.cgi?id=9820https://bugzilla.samba.org/show_bug.cgi?id=9820 ** Repeatable crashes with getfacl: https://bugzilla.samba.org/**show_bug.cgi?id=9842https://bugzilla.samba.org/show_bug.cgi?id=9842 * Samba has a few random errors in the log, which I'm not sure how to interpret ** Failed to modify SPNs: https://bugzilla.samba.org/** show_bug.cgi?id=9848 https://bugzilla.samba.org/show_bug.cgi?id=9848 All those issues are pretty rare or minor. Samba4 has been working great as an AD DC! Plus, the dev team is super responsive if you have a real, significant bug. - Nick On Sat, May 25, 2013 at 9:09 AM, Ulrich Schneider m...@ulrichschneider.de wrote: Hi everybody, I read about the development state ... samba as an ad domain controller and that many functions / group policies have been implemented. Still, there is some work in progress. Is there a documentation where I can look up the functions not implemented yet? Regards, Ulrich Schneider -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Dynamic DNS Updates
I think this depends on whether Register this connection's address in DNS is checked. See the screenshot at: http://serverfault.com/questions/303026/what-do-all-the-settings-in-the-advanced-tcp-ip-properties-dns-tab-mean On Wed, May 15, 2013 at 3:46 PM, Chris Rowson christopherrow...@gmail.comwrote: Having reconfigured Samba4 to use BIND as a DNS server to get dynamic DNS updates working, I'm still working to understand the system. The Windows client I'm testing only seems up update DNS if I run ipconfig /registerdns. It doesn't update DNS at startup or IP change OOTB. Is it expected that Windows clients run a startup script running ipconfig /registerdns or have dynamic updates enforced in Group Policy? Additionally, timestamps against dynamically updated DNS A records always read as today's date 12:00:00 PM - the time never changes. Just checking whether or not these are expected behaviours, Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 and Samba 4 - network path not found
I've been using Windows 8 with samba4 as an AD DC for a while (on ubuntu 13.04) with no big issues. Did you install using the git repo or apt? My biggest issues were with DNS -- perhaps double-check that DNS entries are correct and clients are also using the DNS server (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS ) On Fri, May 10, 2013 at 5:26 PM, Carsten Laun-De Lellis carsten.delel...@delellis.net wrote: Hi list I have a problem and I hope anyone here can provide me a solution to my problem. I have a Samba4 Server installed on a hosted platform with bind9 flatfile backend. The OS is Ubuntu 12.04 LTS. All tests on the server succeeded. Name resolution works fine and also the sambaclient -L localhost -U% is successful. Whenever I try to join the domain with my Win8 machine I get the error message: Network path not found. Does Win8 works with Samba4 in general ? Where to look at when getting the error message ? Thankx in advance. My smb.conf file looks at follows: [global] workgroup = DELELLIS realm = DELELLIS.LAN netbios name = RV1325 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /var/lib/samba/sysvol/delellis.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Regards, Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email:mailto:carsten.delel...@delellis.net carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4, NT_STATUS_INVALID_SERVER_STATE
I'm running the latest samba4 (git HEAD) After trying a samba_upgradeprovision (no errors reported) and samba-tool dbcheck (no errors reported), I now see this error repeating in the logs: [2013/05/09 23:12:48.671178, 0] ../lib/util/util.c:232(directory_create_or_exist_strict) invalid ownership on directory /usr/local/samba/private/smbd.tmp/msg [2013/05/09 23:12:48.671325, 0] ../source3/rpc_server/dcesrv_auth_generic.c:40(auth_generic_server_authtype_start) ../source3/rpc_server/dcesrv_auth_generic.c:40: auth_generic_prepare failed: NT_STATUS_INVALID_SERVER_STATE [2013/05/09 23:12:48.671617, 0] ../source3/rpc_server/srv_pipe.c:555(pipe_auth_generic_bind) ../source3/rpc_server/srv_pipe.c:555: auth_generic_server_authtype_start failed: NT_STATUS_INVALID_SERVER_STATE [2013/05/09 23:12:49.248271, 0] ../lib/util/util.c:232(directory_create_or_exist_strict) Any thoughts on this error? Is this ... bad? OK? Ignorable? - Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 no longer installing samba_upgradeprovision?
From the latest samba4 git HEAD, I was trying to run samba_upgradeprovision, but didn't see it in /sbin/ (Actually, I saw an older version that wasn't working due to new python imports). I've tried completely reinstalling (using git clean -x -f -d; make clean), though I don't see /sbin/samba_upgradeprovision Is this tool no longer installed? (Should I file a bug against the build/install system?) - Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba4] Build requires libncurses-dev
+1 for this. Looks like a new dependency that just popped up in the last few commits. On Fri, May 3, 2013 at 6:02 AM, Michael De Groote i...@sint-pietersschool.be wrote: I tried building the latest master from git on debian wheezy. It seems to require libncurses-dev. I thought to add it into the wiki as a required package to install, but it seems one needs to ask for a login to the wiki. No prob ;) Could someone add it to the wiki? Or is this an unintentional dependency that will be removed? -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 / Lots of Oplock break failed for file errors
On samba4 (git, from 5/2/13 version 5f82641553) I see a number of errors in the smbd log, like: [2013/05/03 14:16:15.431156, 0] ../source3/smbd/oplock.c:333(oplock_timeout_handler) Oplock break failed for file user1/AppData/Roaming/Microsoft/Templates/NormalEmail.dotm -- replying anyway Any thoughts on debugging / addressing these errors? I've seen a number of suggestions regarding Samba 3, though I'm not sure what's applicable to locking in Samba 4. - Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failed to modify SPNs on … error in module acl: insufficient access rights error
My samba4 (latest git, @ 5f826415) logs seem to be littered with this error: [2013/05/02 13:10:39, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=AIO6,CN=Computers,DC=corp,DC=example,DC=com: error in module acl: insufficient access rights (50) Any thoughts on debugging this / fixing this issue? It's only this one machine CN (AIO6). None of the other ~15 identical machines show up in the logs, only this one. I see a few (old) threads suggesting this error/bug was fixed, e.g. https://bugzilla.samba.org/show_bug.cgi?id=7366 https://lists.samba.org/archive/samba-technical/2011-January/075596.html Best, Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Wrong local DNS responses from samba4
FWIW, this policy is called Register this connection's addresses in DNS This turned out to be enabled, and doesn't update the entries. The permissions on the DNS entries seem correct (with the domain computers able to update the entries). With debug mode I see: Got a dns update request. Update not allowed for unsigned packet. Tkey handshake completed Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Got a dns update request. update count is 3 Looking at record: discard_const(update): struct dns_res_rec name : 'aio2.corp.example.com' rr_type : DNS_QTYPE_ (0x1C) rr_class : DNS_QCLASS_ANY (0xFF) ttl : 0x (0) length : 0x (0) rdata: union dns_rdata(case 0x1C) ipv6_record : (null) unexpected : DATA_BLOB length=0 Looking at record: discard_const(update): struct dns_res_rec name : 'aio2.corp.example.com' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_ANY (0xFF) ttl : 0x (0) length : 0x (0) rdata: union dns_rdata(case 0x1) ipv4_record : (null) unexpected : DATA_BLOB length=0 Looking at record: discard_const(update): struct dns_res_rec name : 'aio2.corp.example.com' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x04b0 (1200) length : 0x0004 (4) rdata: union dns_rdata(case 0x1) ipv4_record : 192.168.0.152 unexpected : DATA_BLOB length=0 Got a dns update request. Update not allowed for unsigned packet. Got a dns update request. update count is 3 Looking at record: discard_const(update): struct dns_res_rec name : 'aio2.corp.example.com' rr_type : DNS_QTYPE_ (0x1C) rr_class : DNS_QCLASS_ANY (0xFF) ttl : 0x (0) length : 0x (0) rdata: union dns_rdata(case 0x1C) ipv6_record : (null) unexpected : DATA_BLOB length=0 Looking at record: discard_const(update): struct dns_res_rec name : 'aio2.corp.example.com' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_ANY (0xFF) ttl : 0x (0) length : 0x (0) rdata: union dns_rdata(case 0x1) ipv4_record : (null) unexpected : DATA_BLOB length=0 Looking at record: discard_const(update): struct dns_res_rec name : 'aio2.corp.example.com' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x04b0 (1200) length : 0x0004 (4) rdata: union dns_rdata(case 0x1) ipv4_record : 192.168.0.152 unexpected : DATA_BLOB length=0 On Wed, Apr 10, 2013 at 2:28 PM, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Am 10.04.2013 20:29, schrieb Nick Semenkovich: I'll take a look -- by what mechanism do clients update the AD with their current IPs? (I think these were the IPs the machines had during domain creation). In the settings of the IP protocol of the network adapter you can find in the DNS tab a checkbox 'register adresses of this connection in DNS' (don't know the exact english wording). Here is a description about dynamic DNS update: http://technet.microsoft.com/en-us/library/cc784052%28v=ws.10%29.aspx You can try forcing your machine to update the DNS registration: # ipconfig /registerdns [Can I force samba to pass any missing record requests up to the relay DNS? I'm not sure if you can do this. The samba DNS is authorative for the zone. Why should not resolvable records of it's own zone forwarded to a foreign server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 internal dns update
Hey Cristian: This sounds exactly like the issue I had, documented in: https://lists.samba.org/archive/samba/2013-April/172611.html When computers are first joined, it appears as though samba sets *static* DNS entries for them, even though their IPs are likely to change. I haven't yet had a chance to check the proposed fixes (either deleting/updating the entries via the Windows DNS console, or setting each client to update their DNS). The DNS settings is called Register this connection's addresses in DNS and looks like: http://imgur.com/B33UYhI Not sure if this is a bug -- seems odd, since many clients are DHCP assigned. - Nick On Wed, Apr 17, 2013 at 10:28 AM, Cristian Saavedra c...@asualcance.comwrote: Hello Last week we changed our ip range, every computer was shutdown and everything is working, but we are still getting the old ip address on the dns, my version is samba 4.0.3 and i am using internal dns This is the actual smb.conf [global] workgroup = MYCOMPANY realm = MYCOMPANY.COM.CO netbios name = DOMINIO server role = active directory domain controller idmap_ldb:use rfc2307 = yes dns forwarder = 8.8.8.8 wins support = Yes log level = 1 allow dns updates = True Any suggestions? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind problem
I also have this problem, using a very recent version from git. (see also: http://www.mail-archive.com/samba@lists.samba.org/msg124657.html ) Periodically, winbind seems to simply crash, and getent passwd other ops (e.g. htop) stall. I'd also be happy to provide any debugging information needed. On Tue, Apr 16, 2013 at 11:29 AM, sa...@nisx.de wrote: Hi, I have a problem with winbind, could anyone help me? Version: root@leela:~# samba -V Version 4.0.5 root@leela:~# uname -a Linux leela 3.2.0-40-generic #64-Ubuntu SMP Mon Mar 25 21:22:10 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux - First everything went fine: root@leela:~# getent passwd root:x:0:0:root:/root:/bin/bash [...] FUTURAMA+Administrator:*:0:513::/home/FUTURAMA/Administrator:/bin/bash FUTURAMA+svtn:*:1008:513:Thomas Nolte as SV:/home/FUTURAMA/svtn:/bin/bash - For example I change a files owner to root: root@leela:~# chown 0 /opt/samba/var/shares/profiles/svtn/ntuser.dat - Everything is still fine: root@leela:~# ll /opt/samba/var/shares/profiles/svtn/ insgesamt 3224 drwxrws--- 33 FUTURAMA+svtn FUTURAMA+gf4096 Apr 6 13:39 Anwendungsdaten [...] -rw-rw 1 root FUTURAMA+gf 3145728 Apr 8 06:54 ntuser.dat [...] - Now changing owner to 300 (Buildin/Administrator): root@leela:~# chown 300 /opt/samba/var/shares/profiles/svtn/ntuser.dat - It needs many seconds to work. root@leela:~# ll /opt/samba/var/shares/profiles/svtn/ insgesamt 3224 drwxrws--- 33 FUTURAMA+svtn FUTURAMA+gf4096 Apr 6 13:39 Anwendungsdaten [...] -rw-rw 1 300 FUTURAMA+gf 3145728 Apr 8 06:54 ntuser.dat [...] - And if I look again, all users shown as numbers, not names: root@leela:~# ll /opt/samba/var/shares/profiles/svtn/ insgesamt 3224 drwxrws--- 331008 10164096 Apr 6 13:39 Anwendungsdaten [...] -rw-rw 1 300 1016 3145728 Apr 8 06:54 ntuser.dat [...] root@leela:~# - And now all samba users gone. winbind -u is empty too. root@leela:~# getent passwd root:x:0:0:root:/root:/bin/bash [...] - in the logfile I found this: [2013/04/16 15:44:09, 0] ../lib/util/fault.c:72(fault_report) === [2013/04/16 15:44:09, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 26194 (4.0.5) Please read the Trouble-Shooting section of the Samba HOWTO [2013/04/16 15:44:09, 0] ../lib/util/fault.c:75(fault_report) === [2013/04/16 15:44:09, 0] ../lib/util/fault.c:144(smb_panic_default) PANIC: internal error - After restart samba root@leela:~# stop samba4 root@leela:~# start samba4 - Alll users back now... root@leela:~# getent passwd root:x:0:0:root:/root:/bin/bash [...] FUTURAMA+Administrator:*:0:513::/home/FUTURAMA/Administrator:/bin/bash FUTURAMA+svtn:*:1008:513:Thomas Nolte as SV:/home/FUTURAMA/svtn:/bin/bash Does anyone has an Idea? I've tried an older version (4.0.1) of samba too, same problem. Regards Thomas Nolte -- Nolte Infosysteme, Im Sikfeld 8, 38304 Wolfenbuettel Tel 05331-946210, Fax 05331-946211, Handy 0170-5508198 Computer, Netzwerk, Kommunikation www.nisx.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba crash (while logging in as administrator?)
Is there any way we can get a backtrace from this? Also, which platform are you running on? invalid opcode, that kindof sounds like a compiler bug. I know that usually all compiler bugs turn out to be just plain program defects, so would it be possible that you run it under valgrind, just to make sure we don't overwrite memory we are not supposed to overwrite? Unfortunately, not for that crash. I'm trying to see if I can reproduce it. The machine is Ubuntu Raring Linux runway 3.8.0-17-generic #27-Ubuntu SMP Sun Apr 7 19:39:35 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux GCC: 4.7.2-1ubuntu8 - Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Wrong local DNS responses from samba4
On Wed, Apr 10, 2013 at 1:00 PM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: Am 10.04.2013 04:54, schrieb Nick Semenkovich: - If you look into the zone via the windows DNS snap-in - do you see the correct IP for this record there? No, it shows the incorrect record. If you see the wrong IP in the DNS snap-in too, the it's really inside the AD database and doesn't come from somewhere outside. If you correct the record inside the DNS snap-in by hand, does it switch back to the wrong one after a while (e.g. reboot)? Or if you add new machines to the domain? I'll take a look -- by what mechanism do clients update the AD with their current IPs? (I think these were the IPs the machines had during domain creation). [Can I force samba to pass any missing record requests up to the relay DNS? e.g. if I delete aio1.corp.example.com from the AD database, and there's a DNS lookup to samba, can I make samba ask its upstream DNS? Last I tried this (with some printers that aren't AD members), samba simply returned NXDOMAIN, rather than asking upstream. ] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba crash (while logging in as administrator?)
I just had samba4 (git 69b3d19 from yesterday) crash while logging in as administrator. The login stalled, and on the samba4 AD DC, winbind stopped responding -- getent passwd stopped showing the domain entries, and commands that showed some samba users (e.g. ls in a directory with domain owners, htop, etc.) would hang. dmesg shows: traps: samba[3728] trap invalid opcode ip:7fbaaff2e780 sp:7fff6859f158 error:0 in libservice.so[7fbaaff29000+7000] I'll follow up if I can reproduce this, just wanted to start a thread in case anyone else sees this. - Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Wrong local DNS responses from samba4
I just updated samba4 to git master from a few hours ago (69b3d1944501f), and the problem persists. - If you look into the zone via the windows DNS snap-in - do you see the correct IP for this record there? No, it shows the incorrect record. - If you comment out the 'dns forwarder' line in smb.conf (+ restart samba), what does $ dig +short @192.168.0.2 aio1.corp.example.com tells you now? The same, incorrect record. - Does the following output shows you the correct IP for this record? $ samba-tool dns query 192.168.0.2 corp.example.com aio1 ALL Sadly, it's also the incorrect record. With the original configuration (dns forwarder is in smb.conf), it shows: $ /usr/local/samba/bin/samba-tool dns query 192.168.0.2 corp.example.comaio1 ALL -U Administrator Password for [CORP\Administrator]: Name=, Records=1, Children=0 A: 192.168.0.168 (flags=f0, serial=110, ttl=1200) Any thoughts? The machine (aio1) is definitely at .171 (not .168) and has been for days, per the DHCP server logs. Same situation for the ~10 other Windows 8 clients connected to the AD DC. - Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Wrong local DNS responses from samba4
I'm running samba4 (compiled via git a few days ago, off 5530cc481653) on Ubuntu, as an AD DC. Everything works perfectly with the domain, /except/ that Samba seems to be returning incorrect DNS entries for the local domain computers -- any thoughts on how to debug this (or where Samba is getting its IPs from?). As an example: router/dhcp/upstream DNS is at 192.168.0.1 samba4 is at 192.168.0.2 aio1.corp.example.com is at 192.168.0.171 (and has been for 48+ hours) [ask upstream router/DHCP for the IP] $ dig +short @192.168.0.1 aio1.corp.example.com 192.168.0.171 ^^ correct ^^ [ask samba4 for the IP] $ dig +short @192.168.0.2 aio1.corp.example.com 192.168.0.168 ^^ wrong ^^ The samba4 server's resolv.conf is: nameserver 192.168.0.2 nameserver 192.168.0.1 search corp.example.com smb.conf contains: dns forwarder = 192.168.0.1 Any thoughts on how to debug this? Best, Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to re-connect to roaming profile in samba4
In case this helps anyone else with this issue: Both these problems were resolved by switching from the Ubuntu/Debian package (4.0.0+dfsg1-1) to the current git head (c932b139c8). - Nick On Fri, Feb 8, 2013 at 7:22 PM, Nick Semenkovich seme...@syndetics.net wrote: Still can't figure this out. The client-side logs show two entries: 1. The error in the first message The processing of Group Policy failed. 2. A DNS processing failure: The system failed to register host (A or ) resource records (RRs) for network adapter with settings ... At debug level 5, Samba4 shows no DNS problems, and says Got a dns update request. All updates allowed. http://pastebin.com/fYrd9F1W - Nick On Thu, Feb 7, 2013 at 8:59 PM, Nick Semenkovich seme...@syndetics.net wrote: I've just configured Samba4 on Ubuntu (4.0.0+dfsg1-1), and can't seem to get roaming profiles working (I followed the guide at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO ) 1. Logons work just fine. 2. DNS is configured and working, running through SAMBA_INTERNAL 3. Clients can talk to the server and see/access shares at \\server.corp.domain.com 4. Clients are all Windows 8 and NTP time synced 5. Permissions seem OK (the profiles directory is currently chmod 777 -- without that, only the Administrator seemed to be able to create their own profile ...) 6. General users can log in/out (which creates a profile, if profiles is chmod 777) but a subsequent login can't access it, with a generic Windows 8 roaming profile error. Not really sure where to go from here. I've tried: - Rebuilding the domain re-joining machines - Ultra-lax permissions - Adding users via the samba-tool versus AD tools in Windows At client logon, the samba4 logs (with a debug level of 4) show a collection of: Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] and a few Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] (Not sure if they're related) Notably, the client machines (all on Win 8) show nearly nothing in the Event Log, except a Group Policy failure: The processing of Group Policy failed. Windows attempted to read the file \\corp.domain.com\sysvol\corp.domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. (Manually connecting to that gpi.ini file works perfectly) Not really sure what's going on here. The only oddities I see are: * I can't get the old add user script function to work. As a result, client usernames seem to just have a UID on the linux side (their profiles show up as: drwxr-xr-x 14 315 users 4.0K Feb 7 20:34 test.V2) Any way around that? * When profiles are created, they're appended with .V2 -- Do I need to add .V2 to the profile path setting, e.g. %USERNAME%.V2? (I can't imagine that's the case ...) I've pasted my smb.conf to: http://pastebin.com/DQDkGxsv Any advice? Thanks! Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to re-connect to roaming profile in samba4
Still can't figure this out. The client-side logs show two entries: 1. The error in the first message The processing of Group Policy failed. 2. A DNS processing failure: The system failed to register host (A or ) resource records (RRs) for network adapter with settings ... At debug level 5, Samba4 shows no DNS problems, and says Got a dns update request. All updates allowed. http://pastebin.com/fYrd9F1W - Nick On Thu, Feb 7, 2013 at 8:59 PM, Nick Semenkovich seme...@syndetics.net wrote: I've just configured Samba4 on Ubuntu (4.0.0+dfsg1-1), and can't seem to get roaming profiles working (I followed the guide at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO ) 1. Logons work just fine. 2. DNS is configured and working, running through SAMBA_INTERNAL 3. Clients can talk to the server and see/access shares at \\server.corp.domain.com 4. Clients are all Windows 8 and NTP time synced 5. Permissions seem OK (the profiles directory is currently chmod 777 -- without that, only the Administrator seemed to be able to create their own profile ...) 6. General users can log in/out (which creates a profile, if profiles is chmod 777) but a subsequent login can't access it, with a generic Windows 8 roaming profile error. Not really sure where to go from here. I've tried: - Rebuilding the domain re-joining machines - Ultra-lax permissions - Adding users via the samba-tool versus AD tools in Windows At client logon, the samba4 logs (with a debug level of 4) show a collection of: Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] and a few Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] (Not sure if they're related) Notably, the client machines (all on Win 8) show nearly nothing in the Event Log, except a Group Policy failure: The processing of Group Policy failed. Windows attempted to read the file \\corp.domain.com\sysvol\corp.domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. (Manually connecting to that gpi.ini file works perfectly) Not really sure what's going on here. The only oddities I see are: * I can't get the old add user script function to work. As a result, client usernames seem to just have a UID on the linux side (their profiles show up as: drwxr-xr-x 14 315 users 4.0K Feb 7 20:34 test.V2) Any way around that? * When profiles are created, they're appended with .V2 -- Do I need to add .V2 to the profile path setting, e.g. %USERNAME%.V2? (I can't imagine that's the case ...) I've pasted my smb.conf to: http://pastebin.com/DQDkGxsv Any advice? Thanks! Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 AD DC Element not found error in Windows 8
Ah yeah, that definitely works #facepalm I guess I figured \\corp.domain.com should just fail entirely (though netlogon and sysvol work) -- \\dcname.corp.domain.com works perfectly. Thanks! On Thu, Feb 7, 2013 at 2:17 AM, Ufficiotecnico Acknow ufficiotecn...@acknow.it wrote: Using \\dcname.corp.domain.com\share or \\your_ip\share works? Check also security tab on folder to set right permsission. Il 07/02/2013 08.14, Nick Semenkovich ha scritto: Hi: I've just configured a Samba 4 install as an AD DC, following the Wiki page at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO I've successfully joined a few machines to the domain, and am now trying to add some simple shares. When I add a share to smb.conf, it appears on client machines via \\domain.example.com\sharename but trying to open any shares gives the error Element not found. I can only open the \netlogon and \sysvol existing shares, but nothing else I create is openable (always prompts with Element not found.) Running Ubuntu Raring Ringtail / Samba 4.0.0+dfsg1-1. All the clients are Windows 8, I'm logged on as the domain administrator, and all machine clocks are NTP synced. Thanks, Nick $ cat /etc/samba/smb.conf [global] workgroup = CORP realm = CORP.DOMAIN.COM netbios name = DCNAME server role = active directory domain controller allow dns updates = True dns forwarder = 192.168.0.1 server services = +smb -s3fs dcerpc endpoint servers = +winreg +srvsvc [netlogon] path = /var/lib/samba/sysvol/corp.domain.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [profiles] path = /srv/profiles read only = No [homes] directory_mode: parameter = 0700 path = /home read only = No csc policy = documents [dropbox] path = /srv/samba-dropbox read only = No comment = Dropbox browseable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 AD DC manually creating DNS records?
I'm trying to use a DNS server independent from Samba (non BIND, on a different machine/system). Beyond the two simple records of: SRV _ldap._tcp.samdom.example.com and SRV _kerberos._udp.samdom.example.com If I maintain all the A records for individual hosts ( the server.samdom.example.com machine), should that work? Are there any other special / SRV records that Samba4's internal DNS server is providing? Thanks, Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to re-connect to roaming profile in samba4
I've just configured Samba4 on Ubuntu (4.0.0+dfsg1-1), and can't seem to get roaming profiles working (I followed the guide at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO ) 1. Logons work just fine. 2. DNS is configured and working, running through SAMBA_INTERNAL 3. Clients can talk to the server and see/access shares at \\server.corp.domain.com 4. Clients are all Windows 8 and NTP time synced 5. Permissions seem OK (the profiles directory is currently chmod 777 -- without that, only the Administrator seemed to be able to create their own profile ...) 6. General users can log in/out (which creates a profile, if profiles is chmod 777) but a subsequent login can't access it, with a generic Windows 8 roaming profile error. Not really sure where to go from here. I've tried: - Rebuilding the domain re-joining machines - Ultra-lax permissions - Adding users via the samba-tool versus AD tools in Windows At client logon, the samba4 logs (with a debug level of 4) show a collection of: Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] and a few Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] (Not sure if they're related) Notably, the client machines (all on Win 8) show nearly nothing in the Event Log, except a Group Policy failure: The processing of Group Policy failed. Windows attempted to read the file \\corp.domain.com\sysvol\corp.domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. (Manually connecting to that gpi.ini file works perfectly) Not really sure what's going on here. The only oddities I see are: * I can't get the old add user script function to work. As a result, client usernames seem to just have a UID on the linux side (their profiles show up as: drwxr-xr-x 14 315 users 4.0K Feb 7 20:34 test.V2) Any way around that? * When profiles are created, they're appended with .V2 -- Do I need to add .V2 to the profile path setting, e.g. %USERNAME%.V2? (I can't imagine that's the case ...) I've pasted my smb.conf to: http://pastebin.com/DQDkGxsv Any advice? Thanks! Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 AD DC Element not found error in Windows 8
Hi: I've just configured a Samba 4 install as an AD DC, following the Wiki page at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO I've successfully joined a few machines to the domain, and am now trying to add some simple shares. When I add a share to smb.conf, it appears on client machines via \\domain.example.com\sharename but trying to open any shares gives the error Element not found. I can only open the \netlogon and \sysvol existing shares, but nothing else I create is openable (always prompts with Element not found.) Running Ubuntu Raring Ringtail / Samba 4.0.0+dfsg1-1. All the clients are Windows 8, I'm logged on as the domain administrator, and all machine clocks are NTP synced. Thanks, Nick $ cat /etc/samba/smb.conf [global] workgroup = CORP realm = CORP.DOMAIN.COM netbios name = DCNAME server role = active directory domain controller allow dns updates = True dns forwarder = 192.168.0.1 server services = +smb -s3fs dcerpc endpoint servers = +winreg +srvsvc [netlogon] path = /var/lib/samba/sysvol/corp.domain.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [profiles] path = /srv/profiles read only = No [homes] directory_mode: parameter = 0700 path = /home read only = No csc policy = documents [dropbox] path = /srv/samba-dropbox read only = No comment = Dropbox browseable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba