I have three servers: a Win2003 box running as the first AD DC, a 64-bit CentOS 6.5 box running Samba 4.1.5 x64 in AD DC mode, and a 32-bit CentOS 6.5 box running the same version of everything but 32-bit, also configured for AD DC mode.
Except for the 64-bit box's extra shares, the two CentOS boxes have identical smb.conf, krb5.conf, and resolv.conf files, and are both up-to-date via yum update.
From the Win2003 box, I can navigate in Explorer to \\64bitbox\, and it shows netlogon and sysvol and I can go into both of them. If I navigate to \\32bitbox\ it shows both, and I can drill all the way through sysvol to the same level as the files that should be in netlogon, but trying to go into netlogon directly gives this error:
---------------------------
\\32bitbox
---------------------------
\\32bitbox\netlogon is not accessible. You might not have permission to use this network resource.
Contact the administrator of this server to find out if you have access permissions.
Incorrect function.
---------------------------
OK
---------------------------
I have gone through all my notes from setting up the 64-bit box and cannot figure out what I've done differently with the 32-bit box that might cause this. I've reset ownership and permissions on both folders, the entire hierarchy from sysvol down looks identical both in Windows and from the Linux ls -Ral sysvol command (in terms of both owners and perms, every last entry) on each server. (In particular, the Administrators group I'm part of has Full Control, and Authenticated Users have read/exec/list Windows ACLs.) smb.conf looks like this on the 32-bit box (and the 64-bit box just has additional share sections afterwards):
[global]
workgroup = MYDOM
realm = mydom.lan
server role = active directory domain controller
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, s3fs, dns
allow dns updates = secure
dns forwarder = 10.0.0.1
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
interfaces = lo eth0
# trying to get rid of CUPS errors in /var/log/messages
load printers = no
printcap name = /dev/null
disable spoolss = yes
read only = No
force create mode = 0777
force directory mode = 0777
inherit acls = yes
inherit owner = yes
mangle prefix = 6
[netlogon]
path = /var/lib/samba/sysvol/mydom.lan/scripts
admin users = me
profile acls = no
[sysvol]
path = /var/lib/samba/sysvol
admin users = me
profile acls = no
Furthermore, running smbclient //32bitbox/netlogon -k -c 'ls' from either CentOS box gives me a correct file listing with no errors, and this is directly after a kinit me, where me is the same username I'm logged into the Win2003 box as when I get the above error trying to browse \\32bitbox\netlogon.
What else might cause the error I'm getting?
