[Samba] Domain Admin cannot access files

Gémes Géza geza at kzsdabas.hu
Wed Aug 15 15:10:30 MDT 2012


2012-08-15 18:59 keltezéssel, steve írta:
> Hi
> I just joined a Samba 3.6.3 machine as a file server for a Samba4 domain.
>
> Normal users can login and reach the shares apart from the domain 
> Administrator.
>
> After Administrator has logged in, any attempt to reach the file 
> server results in a username and password prompt. Supplying the 
> correct information still will not allow share access for Administrator.
>
> Using s3fs under Samba4, Administrator is allowed full access without 
> being asked for a password.
>
> What am I missing?
>
> Cheers,
> Steve
>
> [global]
>         workgroup = MARINA
>         realm = hh3.site
>      security = ADS
>
> [home]
>         path = /home2/MARINA
>         read only = No
>
> [staff]
>         path = /home2/staff
>         read only = No
IF this is a Samba3 config file, you DO NOT need to specify a path for a 
[homes] share. That way (a correctly configured Samba3 box (HERE COMES 
winbind into PLAY!)) will give each user its own home share.

I've pasted a default [homes] section from an ubuntu 12.04 box (I'm 
using it only for running winbind on it to allow login of domain users, 
no samba running on that box), as you can see it is still commented out:

;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
;   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you 
want to
# create dirs. with group=rw permissions, set next parameter to 0775.
;   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server. Un-comment the following parameter
# to make sure that only "username" can connect to \\server\username
# The following parameter makes sure that only "username" can connect
#
# This might need tweaking when using external authentication schemes
;   valid users = %S

Regards

Geza Gemes


More information about the samba mailing list