[Samba] Samba 4 AD share: Access denied
steve
steve at steve-ss.com
Wed Jul 30 04:01:07 MDT 2014
On Tue, 2014-07-29 at 19:47 +0100, Rowland Penny wrote:
> On 29/07/14 18:42, steve wrote:
> > On Tue, 2014-07-29 at 18:18 +0100, Rowland Penny wrote:
> >> On 29/07/14 18:01, Ryan Ashley wrote:
> >>> Yes, I see all domain users and groups, getent works with passwd and
> >>> with any domain group, and shows things as they should be. Every group
> >>> has a unique gid.
> >> OK, then on paper everything is working as it should be, I cannot think
> >> of anything else to do, anybody else have any input ???
> >>
> >> If nobody else has any input, it may be time to file a bug against samba.
> > Hi
> > Our money is on the builtin acl which has started appearing in recent
> > samba versions and explained earlier in this thread. winbind maps this
> > group to a number in the idmap * range. This number does not coincide
> > with the hard wired xidNumber in the separate idmap db on the DC.
> >
> > Otherwise, have one final check on winbind:
> > http://linuxcostablanca.blogspot.com.es/2014/06/samba4-winbind-desperation.html
> >
> > If still nothing, go back to 4.1.6 or use sssd.
> > HTH,
> > Steve
> >
> >
> Hi Steve, how about bug 10508 ??
>
> https://bugzilla.samba.org/show_bug.cgi?id=10508
>
> Rowland
>
Hi Rowland,
Yes, it looks possible.
Could OP tell us if his ntadmins is local to /etc/group? Also, the what
does:
wbinfo --uid-to-sid=70028
give us?
Steve
More information about the samba
mailing list