AIX 7.1 and samba 4.6.4

Hello,

i Installed samba 4.6.4 from the IBM toolbox for linux. After that i installed the Centrify suite 2007.1 (express install) and joined our domain.

Next to install adbinproxy.

after this is see i'm joined to the domain (adinfo).

but i have some strange problem. with some of the domain users i can browse the server and with other users it is not possible. If i use smbclient -L localhost -U username i have the same problem.

All the users are in the Allow List

sometimes there is even an error No logon server.

my samba conf below:

[global]
    security = ADS
    realm = EXAMPLE.LOCAL
    workgroup = EXAMPLE
    netbios name = server1
    netbios aliases = server11

    auth methods = guest, sam, winbind, ntdomain
    machine password timeout = 0
    passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb

    kerberos method = secrets and keytab
    server signing = auto

    client ntlmv2 auth = yes
    client use spnego = yes

    template shell = /bin/bash
    winbind separator = +
    winbind use default domain = Yes

    winbind enum users = Yes
    winbind enum groups = Yes
    winbind nested groups = Yes

    idmap cache time = 0

    #ignore syssetgroups error = No
    idmap config * : backend  = tdb
    idmap config * : range = 1000 - 2000000000
    idmap config * : base_tdb = 0
    enable core files = false

    allow insecure wide links = yes

    interfaces = en4 172.20.20.99/255.255.254.0
   

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

[samba-test]
    comment = Samba share
    valid users = @"EXAMPLE.LOCAL+Allow Users"
    #invalid users = @"EXAMPLE.LOCAL+Deny List"
    path = /home1/samba-test
    public = yes
    writable = yes
    browsable = no
    wide links = yes
    follow symlinks = yes

adinfo -v
adinfo (CentrifyDC 5.4.1-455)

adinfo -V
Options:
-------
task: all
domain: null
output: null
additional paths: null
user: null
using user's credential cache: No
allow password prompt in kerberos get init credential: Yes
user's credential cache: null
server: null
Local host name:   server1
Joined to domain:  example.local
Joined as:         server1.example.local
Pre-win2K name:    server1
Current DC:        w2008dcbu.example.local
Preferred site:    Default-First-Site
Zone:              Auto Zone
  Retrieving site information from site=any, server='w2008dcbu.example.local'
  Using machine credentials
    Using principal name 'server1$@example.LOCAL'
  Binding to example.local, cache=MEMORY:1100d4bb0
  Searching for (&(samAccountName=server1$)(objectClass=computer))
             in dc=example,dc=LOCAL
  Found computer account: CN=server1,CN=Computers,DC=example,DC=local
Last password set: 2017-07-31 14:58:12 DFT
CentrifyDC mode:   connected
Licensed Features: Disabled

adinfo

Local host name:   server1
Joined to domain:  example.local
Joined as:         server1.example.local
Pre-win2K name:    server1
Current DC:        w2008dcbu.example.local
Preferred site:    Default-First-Site
Zone:              Auto Zone
Last password set: 2017-07-31 14:58:12 DFT
CentrifyDC mode:   connected
Licensed Features: Disabled