[Samba] Samba 4 AD share: Access denied

Stuart Naylor stuartiannaylor at thursbygarden.org
Wed Aug 6 12:07:40 MDT 2014


Whoa there :)

Lol All I am pointing out is an experience. Its not so bad now as I know.

I am not sure about the reference to sernet as the binaries are free and sernet support is optional.

I just don't want the probs of any noob compile errors or battling with apparmor.

I mention sernet purely to say there are a lot of choices, depending on distro it can be sernet, backports or native.

Its a about choice and I thought I would just mention they are available.

Personally you shouldn't be so tender about someones experience with the documentation whilst only they are doing is making an honest evaluation of their experience.

I must admit I don't understand a mailing list as you must get so many replications of the same.

I think a forum is often a better platform.

Again this is no dictate just saying how my experience is and giving you some feed back

Please meddle away, it was purley an opinion.

The documentation is a bit sketchy and when you do a google because of the tremendous fast development its a bit of a mare because of the tremendous fast development

There are a lot of versions and sometimes its very easy to get confused.

Also because its so fast and a moving roadmap I don't even know if a standard static wiki is maybe the right form yet.

Dunno just opinion and feedback :)

Stuart 

 
 
-----Original message-----
> From:Gregory Sloop <gregs at sloop.net>
> Sent: Tuesday 5th August 2014 19:46
> To: Ryan Ashley <ryana at reachtechfp.com>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba 4 AD share: Access denied
> 
> 
> 
> RA> Well, again, no issues until now. I never did the Kerberos keytab thing
> RA> before, and everything works. Never did the NIS thing before, and 
> RA> everything works. Now I am learning these things should be done and I 
> RA> have been told what to do and have done them as well as documented them
> RA> in our technical reference. However, I am now at the point where I 
> RA> cannot set ID's due to not having the UNIX tab in ADUC. I did provision
> RA> with "--use-rfc2307" and it is in all of my S4 configuration files, but
> RA> no luck yet. What do I need to check to get that tab to appear? If 
> RA> assigning an ID fixes this, I will HAPPILY do it on all of our domains
> RA> as we go out for maintenance.
> 
> RA> On 08/05/2014 02:16 PM, steve wrote:
> >> On Tue, 2014-08-05 at 13:17 -0400, Ryan Ashley wrote:
> >>> The way that sounds, the "file server" guide is incomplete, because
> >>> nowhere does it mention any of what you're telling me. I also have
> >>> little trouble finding good documentation on every Linux product I use.
> >>> S4 is the one big exception, but with the guides, it eliminates some of
> >>> that need. I do not buy the whole argument of using Windows for
> >>> documentation, because 90% of their documentation is rambling crud. When
> >>> you get an error and have an ID, the docs don't have the ID you want,
> >>> you are hosed.
> >> Unless you know what you're doing, the time it takes to get up on
> >> user-land Linux compared with enterprise or microsoft
> >> out-of-the-box-or-just-call-the-engineer is false economy.
> >>> Again, I am running Debian Wheezy 7.5 64bit under XenServer 6.2 with the
> >>> latest updates. The stable repos have an OLD version of S4, and I do not
> >>> mind building it myself anyway.
> >> Debian doesn't install samba unless you tell it?
> >>> Finally, you have told me I need this and that, but no direction is
> >>> noted.
> >> http://bit.ly/1s8LTZc
> 
> 
> I've followed this thread since it started - and while I don't have technical help to offer, since I've not followed the technical details carefully - I'd thought I'd say this, even at the risk of being seen to "meddle" where I shouldn't.
> 
> I'll try to be gentle about it, but you've hopped all over the place. ...claimed that revereses in DNS didn't work, but then found you hadn't finished configuring DNS etc.
> 
> Just SLOW DOWN! Yeah, the docs can be skimpy, and things can be a bit confusing - but SLOW DOWN - tackle one thing at a time. Don't make a thousand changes and keep moving the goal-posts all over the field.
> 
> I know Rowland/Steve/Marc will almost certainly be able to resolve your issue. But it's going to take careful, methodical steps through each part. And, IMO, you haven't done that very well. Sometimes you'll answer a few of the underlying questions, and leave out others. [Not sure why, perhaps you missed them, but often it seems you're doing it because you're frustrated and want a solution right this second.]
> 
> If I were helping you, I'd be quite frustrated at the effort. The guys helping you are the best on the list. Short of a Samba dev person hopping in to verify a particular bug, there's not better help to be had. So, no matter if it worked three weeks ago or not, if you want help, and it's not working, and you'd like for it to work - go gentle on the help you ARE getting. Being frustrated with them won't help.
> 
> I suppose you could run a SerNet package and pay SerNet to solve your problems/do Samba consulting. But you're not paying anyone and they're spending a lot of time trying to help you...
> 
> Please try to be gentle and appreciative...
> 
> As an aside:
> I'd guess you don't have a UNIX tab because the Samba AD schema doesn't have it. I'm not sure why that would be, since I don't use any of the UNIX AD extensions myself.
> 
> 


More information about the samba mailing list