[Samba] Samba 4 AD share: Access denied

Ryan Ashley ryana at reachtechfp.com
Mon Aug 11 20:20:36 MDT 2014


Alright, I have spent the day trying various things to get nowhere. It 
is like the user being in the group means nothing to Samba. I have my 
support user in all groups, the drives map, but I get "Access is denied" 
whenever I attempt to click on a mapped drive. I read dozens of posts 
about how this could be a Windows 7 thing, so I added the lines below to 
the global section, but it does not help. I also cannot access the share 
from Linux (KDE4/Dolphin), so I am fairly sure this isn't a Windows 7 
bug. I cannot access them from an iPad either, or my Android phone. In 
other words, Samba is denying access to everybody who is not the actual 
owner of the share, even if the user is in any of the groups in the ACL 
on the Linux filesystem.

ntlm auth = no
lanman auth = no
client ntlmv2 auth = yes

The rest has not changed at this point. I did configure with "--with-ads 
and --with-shared-modules=idmap_ad". Still no go. What could cause Samba 
to not figure out a user is in a group that has access to a directory? 
This is where I am stuck.

On 8/11/2014 12:44 PM, Ryan Ashley wrote:
> Alright, I am back where I started. I now have the correct ID's on 
> both servers, but nothing I do allows users and groups access to the 
> shares. I keep getting "Access Denied" when any domain user attempts 
> to access the shares. I have tried 777/666 and 770/660 for the Linux 
> permissions and nothing changes. Here is a dump of the current server 
> config and ACLs.
>
> root at fs01:~# testparm /etc/samba/smb.conf
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[install$]"
> Processing section "[staff$]"
> Processing section "[fbc$]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>         workgroup = TRUEVINE
>         realm = TRUEVINE.LAN
>         security = ADS
>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>         local master = No
>         domain master = No
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         winbind nss info = rfc2307
>         idmap config TRUEVINE:range = 10001-40000
>         idmap config TRUEVINE:schema_mode = rfc2307
>         idmap config TRUEVINE:backend = ad
>         idmap config *:range = 70001-80000
>         idmap config * : backend = tdb
>         map acl inherit = Yes
>         store dos attributes = Yes
>         vfs objects = acl_xattr
>
> [install$]
>         comment = "Software installation files"
>         path = /home/shared/install
>         read only = No
>
> [staff$]
>         comment = "Staff file share"
>         path = /home/shared/staff
>         read only = No
>
> [fbc$]
>         comment = "Family Bible College file share"
>         path = /home/shared/fbc
>         read only = No
>
> root at fs01:~# getfacl /home/shared/fbc/
> getfacl: Removing leading '/' from absolute path names
> # file: home/shared/fbc/
> # owner: reachfp
> # group: fbc
> # flags: -s-
> user::rwx
> user:reachfp:rwx
> group::rwx
> group:fbc:rwx
> group:70006:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:reachfp:rwx
> default:group::---
> default:group:fbc:rwx
> default:group:70006:rwx
> default:mask::rwx
> default:other::---
>
> root at fs01:~# getfacl /home/shared/staff/
> getfacl: Removing leading '/' from absolute path names
> # file: home/shared/staff/
> # owner: reachfp
> # group: staff
> # flags: -s-
> user::rwx
> user:reachfp:rwx
> group::rwx
> group:staff:rwx
> group:70006:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:reachfp:rwx
> default:group::---
> default:group:staff:rwx
> default:group:70006:rwx
> default:mask::rwx
> default:other::---
>
> root at fs01:~#
>
> The 70006 ID is the "SYSTEM" account. The guides recommended using 
> this for the printer shares and I have always used it on file shares 
> also. Removing it does not fix things, so I added it back. If you can 
> give me a good reason to remove it again, I will happily do so.
>
> On 08/11/2014 12:11 PM, Ryan Ashley wrote:
>> Just so it can be avoided, all shares had directory permissions of 
>> 777 and file permissions of 666. Still getting access denied. I just 
>> changed permissions to 770 and 660 for security. I can change them 
>> back if needed.
>>
>> root at fs01:/home/shared# l
>> total 40
>> drwxrws---+  6 reachfp fbc            4096 Jul 23 11:31 fbc
>> drwxrwsrwx   8 reachfp domain admins  4096 Jul 23 11:14 install
>> drwx------   2 root    root          16384 Jul 15 10:00 lost+found
>> drwxrws---+ 13 reachfp staff          4096 Jul 23 11:30 staff
>> root at fs01:/home/shared# l -n
>> total 40
>> drwxrws---+  6 10001 10030  4096 Jul 23 11:31 fbc
>> drwxrwsrwx   8 10001 10002  4096 Jul 23 11:14 install
>> drwx------   2     0     0 16384 Jul 15 10:00 lost+found
>> drwxrws---+ 13 10001 10032  4096 Jul 23 11:30 staff
>> root at fs01:/home/shared#
>>
>> root at fs01:/home/shared# getent group
>> <snipped out the UNIX groups>
>> allowed rodc password replication group:x:10007:
>> enterprise read-only domain controllers:x:10013:
>> denied rodc password replication group:x:10009:krbtgt
>> read-only domain controllers:x:10015:
>> audiovideo:x:10029:reach_support,yolandab,daquanm,richards
>> group policy creator owners:x:10014:reachfp
>> newmembers:x:10031:cynthiaj,joyces,yolandab,jovanm,thomasa
>> vpn users:x:10033:reach_support
>> staff:x:10032:reach_support,ernestj,cynthiaj,joyces,yolandab,jovanm,daquanm,patriceb,jessicaj,shamekias,thomasa,richards 
>>
>> fbc:x:10030:reach_support,ernestj,cynthiaj,joyces,jessicaj
>> ras and ias servers:x:10015:
>> domain controllers:x:10005:
>> enterprise admins:x:10012:reachfp
>> domain computers:x:10004:
>> cert publishers:x:10008:
>> dnsupdateproxy:x:10011:
>> domain admins:x:10002:reachfp
>> domain guests:x:10006:
>> schema admins:x:10016:reachfp
>> domain users:x:10003:
>> dnsadmins:x:10010:
>> root at fs01:/home/shared# getent passwd
>> <snipped the UNIX stuff again>
>> shamekias:*:10011:10003:<???>:/home/TRUEVINE/shamekias:/bin/false
>> richards:*:10010:10003:<???>:/home/TRUEVINE/richards:/bin/false
>> yolandab:*:10013:10003:<???>:/home/TRUEVINE/yolandab:/bin/false
>> joyces:*:10008:10003:<???>:/home/TRUEVINE/joyces:/bin/false
>> patriceb:*:10009:10003:<???>:/home/TRUEVINE/patriceb:/bin/false
>> cynthiaj:*:10003:10003:<???>:/home/TRUEVINE/cynthiaj:/bin/false
>> jessicaj:*:10006:10003:<???>:/home/TRUEVINE/jessicaj:/bin/false
>> reach_support:*:10002:10003:Reach 
>> Support:/home/TRUEVINE/reach_support:/bin/false
>> daquanm:*:10004:10003:<???>:/home/TRUEVINE/daquanm:/bin/false
>> ernestj:*:10005:10003:<???>:/home/TRUEVINE/ernestj:/bin/false
>> jovanm:*:10007:10003:<???>:/home/TRUEVINE/jovanm:/bin/false
>> thomasa:*:10012:10003:<???>:/home/TRUEVINE/thomasa:/bin/false
>> reachfp:*:10001:10003:reachfp:/home/TRUEVINE/reachfp:/bin/false
>> root at fs01:/home/shared#
>>
>> On 08/11/2014 11:52 AM, Ryan Ashley wrote:
>>> Just to let everybody know, I rebuilt S4 from scratch using 
>>> "--with-shared-modules=idmap_ad" in the configuration parameters, 
>>> and now I am getting the correct ID's on both member servers. Now my 
>>> issue is that despite this, only the domain admin can browse the 
>>> mapped drives. Permissions are correct on all shares (I redid them 
>>> by hand) but people in those groups are NOT allowed access despite 
>>> having "full control" over the share.
>>>
>>> At least we made some progress. Now what should I look at since the 
>>> ID's are being pulled from AD correctly? My nsswitch.conf nis set to 
>>> use winbind and winbind is running. Everything appears to work 
>>> correctly on both servers including same ID and such, but it still 
>>> denies access to everybody EXCEPT the owner.
>>>
>>> On 08/11/2014 09:48 AM, Ryan Ashley wrote:
>>>> Thank you for that information. I just ran the command on out 
>>>> print-server and it appears to be using the correct configuration 
>>>> file, but there are LOADS of extra parameters I am assuming are at 
>>>> default settings. However, I do not appear to have /var/run/samba 
>>>> o9r /var/lock/samba directories. I am going to create those and see 
>>>> if it helps, but if it does I do not know why.
>>>>
>>>> Also, I cannot seem to be able to install the S4 packages from 
>>>> backports onto ANY Wheezy system, including my laptop. The 
>>>> "samba4-common-bin" is configured to depend on "python-samba" but 
>>>> the only version available is 4.0.x so it won't install. I am 
>>>> working that issue out on the Debian forums and may result in a bug 
>>>> report.
>>>>
>>>> root at ps01:~# testparm -v /etc/samba/smb.conf
>>>> Load smb config files from /etc/samba/smb.conf
>>>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit 
>>>> (16384)
>>>> Processing section "[printers]"
>>>> Processing section "[print$]"
>>>> Processing section "[Xerox7545]"
>>>> Loaded services file OK.
>>>> ERROR: lock directory /var/lock/samba does not exist
>>>> ERROR: pid directory /var/run/samba does not exist
>>>> Server role: ROLE_DOMAIN_MEMBER
>>>> Press enter to see a dump of your service definitions
>>>>
>>>> [global]
>>>>         dos charset = CP850
>>>>         unix charset = UTF-8
>>>>         workgroup = TRUEVINE
>>>>         realm = TRUEVINE.LAN
>>>>         netbios name = PS01
>>>>         netbios aliases =
>>>>         netbios scope =
>>>>         server string = Samba 4.1.11
>>>>         interfaces =
>>>>         bind interfaces only = No
>>>>         server role = auto
>>>>         security = ADS
>>>>         auth methods = winbind
>>>>         encrypt passwords = Yes
>>>>         client schannel = Auto
>>>>         server schannel = Auto
>>>>         allow trusted domains = Yes
>>>>         map to guest = Never
>>>>         null passwords = No
>>>>         obey pam restrictions = No
>>>>         password server = *
>>>>         smb passwd file = /var/lib/samba/private/smbpasswd
>>>>         private dir = /var/lib/samba/private
>>>>         passdb backend = tdbsam
>>>>         algorithmic rid base = 1000
>>>>         root directory =
>>>>         guest account = nobody
>>>>         enable privileges = Yes
>>>>         pam password change = No
>>>>         passwd program =
>>>>         passwd chat = *new*password* %n\n *new*password* %n\n 
>>>> *changed*
>>>>         passwd chat debug = No
>>>>         passwd chat timeout = 2
>>>>         check password script =
>>>>         username map =
>>>>         username level = 0
>>>>         unix password sync = No
>>>>         restrict anonymous = 0
>>>>         lanman auth = No
>>>>         ntlm auth = Yes
>>>>         client NTLMv2 auth = Yes
>>>>         client lanman auth = No
>>>>         client plaintext auth = No
>>>>         client use spnego principal = No
>>>>         preload modules =
>>>>         dedicated keytab file = /etc/krb5.keytab
>>>>         kerberos method = secrets and keytab
>>>>         map untrusted to domain = No
>>>>         log level = 2
>>>>         syslog = 1
>>>>         syslog only = No
>>>>         log file =
>>>>         max log size = 5000
>>>>         debug timestamp = Yes
>>>>         debug prefix timestamp = No
>>>>         debug hires timestamp = Yes
>>>>         debug pid = No
>>>>         debug uid = No
>>>>         debug class = No
>>>>         enable core files = Yes
>>>>         smb ports = 445, 139
>>>>         large readwrite = Yes
>>>>         server max protocol = SMB3
>>>>         server min protocol = LANMAN1
>>>>         client max protocol = NT1
>>>>         client min protocol = CORE
>>>>         unicode = Yes
>>>>         min receivefile size = 0
>>>>         read raw = Yes
>>>>         write raw = Yes
>>>>         disable netbios = No
>>>>         reset on zero vc = No
>>>>         log writeable files on exit = No
>>>>         defer sharing violations = Yes
>>>>         nt pipe support = Yes
>>>>         nt status support = Yes
>>>>         max mux = 50
>>>>         max xmit = 16644
>>>>         name resolve order = lmhosts, wins, host, bcast
>>>>         max ttl = 259200
>>>>         max wins ttl = 518400
>>>>         min wins ttl = 21600
>>>>         time server = No
>>>>         unix extensions = Yes
>>>>         use spnego = Yes
>>>>         client signing = default
>>>>         server signing = default
>>>>         client use spnego = Yes
>>>>         client ldap sasl wrapping = plain
>>>>         enable asu support = No
>>>>         svcctl list =
>>>>         cldap port = 0
>>>>         dgram port = 0
>>>>         nbt port = 0
>>>>         krb5 port = 0
>>>>         kpasswd port = 0
>>>>         web port = 0
>>>>         rpc big endian = No
>>>>         deadtime = 0
>>>>         getwd cache = Yes
>>>>         keepalive = 300
>>>>         lpq cache time = 30
>>>>         max smbd processes = 0
>>>>         max disk size = 0
>>>>         max open files = 16384
>>>>         socket options = TCP_NODELAY
>>>>         use mmap = Yes
>>>>         use ntdb = No
>>>>         hostname lookups = No
>>>>         name cache timeout = 660
>>>>         ctdbd socket =
>>>>         cluster addresses =
>>>>         clustering = No
>>>>         ctdb timeout = 0
>>>>         ctdb locktime warn threshold = 0
>>>>         smb2 max read = 1048576
>>>>         smb2 max write = 1048576
>>>>         smb2 max trans = 1048576
>>>>         smb2 max credits = 8192
>>>>         load printers = Yes
>>>>         printcap cache time = 750
>>>>         printcap name =
>>>>         cups server =
>>>>         cups encrypt = No
>>>>         cups connection timeout = 30
>>>>         iprint server =
>>>>         disable spoolss = No
>>>>         addport command =
>>>>         enumports command =
>>>>         addprinter command =
>>>>         deleteprinter command =
>>>>         show add printer wizard = Yes
>>>>         os2 driver map =
>>>>         mangling method = hash2
>>>>         mangle prefix = 1
>>>>         max stat cache size = 256
>>>>         stat cache = Yes
>>>>         machine password timeout = 604800
>>>>         add user script =
>>>>         rename user script =
>>>>         delete user script =
>>>>         add group script =
>>>>         delete group script =
>>>>         add user to group script =
>>>>         delete user from group script =
>>>>         set primary group script =
>>>>         add machine script =
>>>>         shutdown script =
>>>>         abort shutdown script =
>>>>         username map script =
>>>>         username map cache time = 0
>>>>         logon script =
>>>>         logon path = \\%N\%U\profile
>>>>         logon drive =
>>>>         logon home = \\%N\%U
>>>>         domain logons = No
>>>>         init logon delayed hosts =
>>>>         init logon delay = 100
>>>>         os level = 20
>>>>         lm announce = Auto
>>>>         lm interval = 60
>>>>         preferred master = No
>>>>         local master = Yes
>>>>         domain master = Auto
>>>>         browse list = Yes
>>>>         enhanced browsing = Yes
>>>>         dns proxy = Yes
>>>>         wins proxy = No
>>>>         wins server =
>>>>         wins support = No
>>>>         wins hook =
>>>>         lock spin time = 200
>>>>         oplock break wait time = 0
>>>>         ldap admin dn =
>>>>         ldap delete dn = No
>>>>         ldap group suffix =
>>>>         ldap idmap suffix =
>>>>         ldap machine suffix =
>>>>         ldap passwd sync = no
>>>>         ldap replication sleep = 1000
>>>>         ldap suffix =
>>>>         ldap ssl = start tls
>>>>         ldap ssl ads = No
>>>>         ldap deref = auto
>>>>         ldap follow referral = Auto
>>>>         ldap timeout = 15
>>>>         ldap connection timeout = 2
>>>>         ldap page size = 1024
>>>>         ldap user suffix =
>>>>         ldap debug level = 0
>>>>         ldap debug threshold = 10
>>>>         eventlog list =
>>>>         add share command =
>>>>         change share command =
>>>>         delete share command =
>>>>         preload =
>>>>         lock directory = /var/lock/samba
>>>>         state directory = /var/lib/samba
>>>>         cache directory = /var/cache/samba
>>>>         pid directory = /var/run/samba
>>>>         ntp signd socket directory =
>>>>         utmp directory =
>>>>         wtmp directory =
>>>>         utmp = No
>>>>         default service =
>>>>         message command =
>>>>         get quota command =
>>>>         set quota command =
>>>>         remote announce =
>>>>         remote browse sync =
>>>>         nbt client socket address = 0.0.0.0
>>>>         nmbd bind explicit broadcast = Yes
>>>>         homedir map = auto.home
>>>>         afs username map =
>>>>         afs token lifetime = 604800
>>>>         log nt token command =
>>>>         NIS homedir = No
>>>>         registry shares = No
>>>>         usershare allow guests = No
>>>>         usershare max shares = 0
>>>>         usershare owner only = Yes
>>>>         usershare path = /var/lib/samba/usershares
>>>>         usershare prefix allow list =
>>>>         usershare prefix deny list =
>>>>         usershare template share =
>>>>         async smb echo handler = No
>>>>         panic action =
>>>>         perfcount module =
>>>>         host msdfs = Yes
>>>>         passdb expand explicit = No
>>>>         idmap backend = tdb
>>>>         idmap cache time = 604800
>>>>         idmap negative cache time = 120
>>>>         idmap uid =
>>>>         idmap gid =
>>>>         template homedir = /home/%D/%U
>>>>         template shell = /bin/false
>>>>         winbind separator = \
>>>>         winbind cache time = 300
>>>>         winbind reconnect delay = 30
>>>>         winbind max clients = 200
>>>>         winbind enum users = Yes
>>>>         winbind enum groups = Yes
>>>>         winbind use default domain = Yes
>>>>         winbind trusted domains only = No
>>>>         winbind nested groups = Yes
>>>>         winbind expand groups = 1
>>>>         winbind nss info = rfc2307
>>>>         winbind refresh tickets = No
>>>>         winbind offline logon = No
>>>>         winbind normalize names = No
>>>>         winbind rpc only = No
>>>>         create krb5 conf = Yes
>>>>         ncalrpc dir = /var/run/samba/ncalrpc
>>>>         winbind max domain connections = 1
>>>>         winbindd socket directory =
>>>>         winbindd privileged socket directory =
>>>>         winbind sealed pipes = No
>>>>         allow dns updates = disabled
>>>>         dns forwarder =
>>>>         dns update command =
>>>>         nsupdate command =
>>>>         rndc command =
>>>>         multicast dns register = Yes
>>>>         samba kcc command =
>>>>         server services =
>>>>         dcerpc endpoint servers =
>>>>         spn update command =
>>>>         share backend =
>>>>         tls enabled = No
>>>>         tls keyfile =
>>>>         tls certfile =
>>>>         tls cafile =
>>>>         tls crlfile =
>>>>         tls dh params file =
>>>>         spoolss: architecture = Windows x64
>>>>         rpc_daemon:spoolssd = fork
>>>>         rpc_server:spoolss = external
>>>>         idmap config TRUEVINE:range = 10000-40000
>>>>         idmap config TRUEVINE:schema_mode = rfc2307
>>>>         idmap config TRUEVINE:backend = ad
>>>>         idmap config *:range = 70001-80000
>>>>         idmap config * : backend = tdb
>>>>         comment =
>>>>         path =
>>>>         username =
>>>>         invalid users =
>>>>         valid users =
>>>>         admin users =
>>>>         read list =
>>>>         write list =
>>>>         force user =
>>>>         force group =
>>>>         read only = Yes
>>>>         acl check permissions = Yes
>>>>         acl group control = No
>>>>         acl map full control = Yes
>>>>         acl allow execute always = No
>>>>         create mask = 0744
>>>>         force create mode = 00
>>>>         directory mask = 0755
>>>>         force directory mode = 00
>>>>         force unknown acl user = No
>>>>         inherit permissions = No
>>>>         inherit acls = No
>>>>         inherit owner = No
>>>>         guest only = No
>>>>         administrative share = No
>>>>         guest ok = No
>>>>         only user = No
>>>>         hosts allow =
>>>>         hosts deny =
>>>>         allocation roundup size = 1048576
>>>>         aio read size = 0
>>>>         aio write size = 0
>>>>         aio write behind =
>>>>         ea support = No
>>>>         nt acl support = Yes
>>>>         profile acls = No
>>>>         map acl inherit = Yes
>>>>         afs share = No
>>>>         smb encrypt = default
>>>>         durable handles = Yes
>>>>         block size = 1024
>>>>         change notify = Yes
>>>>         directory name cache size = 100
>>>>         kernel change notify = Yes
>>>>         max connections = 0
>>>>         min print space = 0
>>>>         strict allocate = No
>>>>         strict sync = No
>>>>         sync always = No
>>>>         use sendfile = No
>>>>         write cache size = 0
>>>>         max reported print jobs = 0
>>>>         max print jobs = 1000
>>>>         printable = No
>>>>         print notify backchannel = Yes
>>>>         print ok = No
>>>>         printing = cups
>>>>         cups options =
>>>>         print command =
>>>>         lpq command = %p
>>>>         lprm command =
>>>>         lppause command =
>>>>         lpresume command =
>>>>         queuepause command =
>>>>         queueresume command =
>>>>         printer name =
>>>>         use client driver = No
>>>>         default devmode = Yes
>>>>         force printername = No
>>>>         printjob username = %U
>>>>         default case = lower
>>>>         case sensitive = Auto
>>>>         preserve case = Yes
>>>>         short preserve case = Yes
>>>>         mangling char = ~
>>>>         hide dot files = Yes
>>>>         hide special files = No
>>>>         hide unreadable = No
>>>>         hide unwriteable files = No
>>>>         delete veto files = No
>>>>         veto files =
>>>>         hide files =
>>>>         veto oplock files =
>>>>         map archive = Yes
>>>>         map hidden = No
>>>>         map system = No
>>>>         map readonly = yes
>>>>         mangled names = Yes
>>>>         store dos attributes = Yes
>>>>         dmapi support = No
>>>>         browseable = Yes
>>>>         access based share enum = No
>>>>         blocking locks = Yes
>>>>         csc policy = manual
>>>>         fake oplocks = No
>>>>         kernel oplocks = No
>>>>         kernel share modes = Yes
>>>>         locking = Yes
>>>>         oplocks = Yes
>>>>         level2 oplocks = Yes
>>>>         oplock contention limit = 2
>>>>         posix locking = Yes
>>>>         strict locking = Auto
>>>>         dfree cache time = 0
>>>>         dfree command =
>>>>         copy =
>>>>         preexec =
>>>>         preexec close = No
>>>>         postexec =
>>>>         root preexec =
>>>>         root preexec close = No
>>>>         root postexec =
>>>>         available = Yes
>>>>         volume =
>>>>         fstype = NTFS
>>>>         wide links = No
>>>>         follow symlinks = Yes
>>>>         dont descend =
>>>>         magic script =
>>>>         magic output =
>>>>         delete readonly = No
>>>>         dos filemode = No
>>>>         dos filetimes = Yes
>>>>         dos filetime resolution = No
>>>>         fake directory create times = No
>>>>         vfs objects = acl_xattr
>>>>         msdfs root = No
>>>>         msdfs proxy =
>>>>         ntvfs handler =
>>>>
>>>> [printers]
>>>>         path = /var/spool/samba
>>>>         printable = Yes
>>>>         print ok = Yes
>>>>         browseable = No
>>>>
>>>> [print$]
>>>>         comment = Printer drivers
>>>>         path = /srv/samba/printer_drivers
>>>>         read only = No
>>>>
>>>> [Xerox7545]
>>>>         path = /var/spool/samba
>>>>         printable = Yes
>>>>         print ok = Yes
>>>>         printer name = Xerox_WC_7545
>>>>
>>>> On 08/10/2014 02:54 AM, Davor Vusir wrote:
>>>>> 2014-08-09 23:41 GMT+02:00 Ryan Ashley <ryana at reachtechfp.com>:
>>>>>> Alright, I am calling it quits for the day unless somebody knows 
>>>>>> what I have
>>>>>> screwed up here. If I do "getent passwd" it shows all local and 
>>>>>> domain
>>>>>> users, and the domain users have the wrong ID's. If I do "getent 
>>>>>> passwd
>>>>>> <domain user>" I get absolutely nothing. Obviously I have done 
>>>>>> something
>>>>>> wrong here, but I have no clue what. This behavior started after 
>>>>>> modifying
>>>>>> the configuration file though. The modifications Rowland showed 
>>>>>> me in his.
>>>>>> That tells me that maybe it is trying to do something right and 
>>>>>> cannot. I
>>>>>> have one last idea of my own, then I will be installing the 
>>>>>> backports
>>>>>> version Monday on a clean VM.
>>>>>>
>>>>> Hey Ryan!
>>>>>
>>>>> I noticed when I ran 'testparm -v /etc/samba/smb.conf | more' that
>>>>> samba is using the directories (lock directory =
>>>>> /usr/local/samba/var/lock) from the old selfcompiled installation.
>>>>> Now I'm using the Sernet package.
>>>>>
>>>>> When i run ''testparm -v | more' it reads
>>>>> /usr/local/samba/etc/smb.conf instead of /etc/samba/smb.conf and 
>>>>> shows
>>>>> only one out of two share definitions.
>>>>>
>>>>> The file /etc/samba/smb.conf is copied from an old AD DC serverconfig
>>>>> and later edited. The hidden entries like "lock directory =" above 
>>>>> are
>>>>> present.
>>>>>
>>>>> Are you perhaps experienceing the same?
>>>>>
>>>>> Regards
>>>>> Davor
>>>>>
>>>>
>>>
>>
>



More information about the samba mailing list