[Samba] Samba 4 AD share: Access denied

Rowland Penny rowlandpenny at googlemail.com
Tue Aug 5 02:31:55 MDT 2014 

On 05/08/14 00:11, Ryan Ashley wrote:
> DHCP Configuration:
> ==================
> ddns-update-style none;
> option domain-name "truevine.lan";
> option domain-name-servers 172.16.0.1,172.16.0.2;
> default-lease-time 600;
> max-lease-time 7200;
> authoritative;
> log-facility local7;
> subnet 172.16.0.0 netmask 255.255.252.0 {
>   range 172.16.2.1 172.16.2.100;
>   option routers 172.16.0.254;
>   option broadcast-address 172.16.3.255;
> }
>
> And I just realized I never finished setting up DNS updates. Well that 
> explains the reverse-DNS issue. I can handle that as I have it working 
> at my office (S4 DC, Win 7 clients) and that will fix the 
> reverse-lookup issue.
> Now how are you proposing I assign ID numbers to groups? I have NEVER 
> had to or actually done that in the Windows world, and have not had to 
> do it since I started using S4 two years ago. Also, will assigning ID 
> numbers break all the other things on my network? I have four storage 
> devices joined to the domain using AD authentication for file shares 
> and they work fine. I do not want to break everything for this if 
> possible.
>
Here is my working dhcpd.conf:

default-lease-time 14400;
max-lease-time 14400;
authoritative;

subnet 192.168.0.0 netmask 255.255.255.0 {
    range 192.168.0.21 192.168.0.229;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.0.255;
    option time-offset 0;
    option routers 192.168.0.1;
    option domain-name "example.com";
    option domain-name-servers 192.168.0.5;
    option domain-search "example.com";
    option netbios-name-servers 192.168.0.5;
    option ntp-servers 192.168.0.5;
}

on commit {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name, 
config-option-host-name, client-name);
log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", 
ClientName));
execute("/usr/local/sbin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, 
ClientName);
}

on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
log(concat("Release: IP: ", ClientIP));
execute("/usr/local/sbin/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
}

Notice any differences ???

Are you by any chance using the un-recomended Bind9 flat file backend ?

Rowland

More information about the samba mailing list