[Samba] Samba 4 AD share: Access denied

[Ryan Ashley]

I am still trying to get this to work. Is S4 incapable of being a 
file-server as a member server? I run ONLY DNS and DHCP on my AD DC 
servers. I have a dedicated S4 print server that appears to work 
perfectly, but sharing files is critical and I have now been down for 
three weeks. Winbind resolves users and groups, everything looks good, I 
have tried what has been suggested before, but now I am becoming 
desperate. The system cannot find this "idmap ad" backend. What in the 
heck is it and how do I get it or build it? Everything is working except 
this basic functionality which is REALLY need!

On 7/31/2014 12:04 PM, Ryan Ashley wrote:
> I made a strange discovery this morning. If I attempt to map the drive 
> using the server's IP address, I get invalid password. If I attempt to 
> map it using the hostname, it flat out denies access.
>
> C:\Users\reach_support>net use s: \\172.16.0.5\staff$ /persistent:no
> Enter the user name for '172.16.0.5': reach_support
> Enter the password for 172.16.0.5:
> System error 86 has occurred.
>
> The specified network password is not correct.
>
>
> C:\Users\reach_support>net use s: \\fs01\staff$ /persistent:no
> Enter the user name for 'fs01': reach_support
> Enter the password for fs01:
> System error 5 has occurred.
>
> Access is denied.
>
>
> C:\Users\reach_support>
>
> This REALLY looks like an S4 bug to me. Why would it give different 
> errors if using a hostname versus the static IP? The hostname simply 
> resolves to the IP anyway. Is there anything we can do now?
>
> On 07/30/2014 10:18 AM, Ryan Ashley wrote:
>> Sorry for the delay. I am in eastern time and have been busy with 
>> another project. I cannot convert that ID to SID. In Windows however, 
>> this shows as "SYSTEM". How do I know? Simple, there are only three 
>> things listed. Those are "Domain Admins", "Administration", and 
>> "SYSTEM". Also, what do you mean by "ntadmins" being local? I have 
>> added no groups to the Linux systems, so if you're asking if it is a 
>> local group on the Linux box, no it is not. I can remove the SYSTEM 
>> account from the share if needed, but it is on all Windows shares as 
>> well and causes no issues.
>>
>> failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not convert uid 70028 to sid
>>
>> On 7/30/2014 6:01 AM, steve wrote:
>>> On Tue, 2014-07-29 at 19:47 +0100, Rowland Penny wrote:
>>>> On 29/07/14 18:42, steve wrote:
>>>> Hi Steve, how about bug 10508 ??
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=10508
>>>>
>>>> Rowland
>>>>
>>> Hi Rowland,
>>> Yes, it looks possible.
>>> Could OP tell us if his ntadmins is local to /etc/group? Also, the what
>>> does:
>>>   wbinfo --uid-to-sid=70028
>>> give us?
>>> Steve
>>>
>>>
>>
>