Bug 11869 - ADC: shares pulled down - NT_STATUS_OBJECT_NAME_NOT_FOUND
Summary: ADC: shares pulled down - NT_STATUS_OBJECT_NAME_NOT_FOUND
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.3.8
Hardware: x86 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-21 16:20 UTC by Nicolas Chusovskiy
Modified: 2021-12-07 22:34 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolas Chusovskiy 2016-04-21 16:20:51 UTC 
Goodtime from Kaluga, USSR

Security updated Samba 4.3.6, worked properly before, had shown to me this at the morning:
RU: "//ukt.home/ Ccылается на недоступное расположение. ... Убедитесь, что диск вставлен правильно..."
EN (free-translated-by-me): WIN says, that /SYSVOL is not connectable in case of computer-offline or resource-renamed.
I tried to check shares on my ADC and found, that NONE (not SYSVOL only) shares inavailable from WIN. NTACLs are all-right, winlogon ok, connecting ADServer ok, managing users and policies ok. I cannot apply policies to anybody, because /SYSVOL is offline.

Looking up for policies I tried to check samba-shares from domain-joined UBUNTU-machine (one more UBUNTU 14.04LTS) as a domain client SMBCLIENT-connection. SMBCLIENT connects to ADS, but >DIR pulls 

NT_STATUS_OBJECT_NAME_NOT_FOUND

samba-tool ntacl sysvolreset has token no effect.

samba-tool gpo aclcheck returned this:
root@ukt-local:/var/mail# samba-tool gpo aclcheck
ERROR(runtime): uncaught exception - (-1073741772, 'The object name is not found.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line 1148, in run
    fs_sd = conn.get_acl(sharepath, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL, security.SEC_FLAG_MAXIMUM_ALLOWED)


Please, help. I'm a domain controller of a municipal trolleybus station of 80 PC's, 24 of which are in a domain.

All logs you need will be sended to you as fast as you told us. Thanks for your help.
Comment 1 Nicolas Chusovskiy 2016-04-21 16:30:23 UTC 
p.s. Ubuntu browses /var/lib/samba/sysvol and all shares i have on my ADC.
Windows (or each-other client) see some shares on a Samba4.3.8-machine, but cannot browse any of them.
Comment 2 Nicolas Chusovskiy 2016-06-17 21:28:48 UTC 
Samba 4.3.9 with winbind installed in working in AD domain controller now. I'd set up my DC retrieving domain users and groups as domain member (for system only, not for samba), and I give permissions of /SYSVOL - operating for both domain users and administrators groups.

And now I have some trobules in samba user file sharing; like configuring a simple catalog in ./home/user for common (read only = No; guest OK = Yes). But I took a bug of "No such resources or permission denied" in WinX. !nix gets directory lists and operates files properly. WIDW???
Comment 3 Björn Jacke 2021-12-07 22:34:26 UTC 
this looks like a there is a misconseption/misconfiguration of the setup here.
On https://www.samba.org/samba/support/ you find good options for either community or commercial support options.