[Samba] Samba 4 AD share: Access denied
ryana at reachtechfp.com
Fri Aug 15 12:45:11 MDT 2014
Rowland, I did as you asked and am now running 4.1.9 from backports.
Steps I took are below.
Left the domain via "net ads leave -Ureachfp"
Uninstalled the custom-built version via "make uninstall"
Manually deleted everything in /var/lib/samba and /var/cache/samba
Removed my modifications to the PAM files
Installed 4.1.9 from backports with your package-list
Rebooted for good measure
I still get "Access is denied" from the workstations and if I try
accessing the shares from my Linux laptop I get prompts for the username
and password and never get in.
Before I get chewed out again, I have not changed any configuration
since you last saw it, with the exception of removing the lines from the
PAM files after removing the custom-built Samba. Everything is the same
including ACLs, id and getent working, etc.
Now, is it possible that when you told me to try 4.1 that going from 4.2
to 4.1 could have corrupted my AD database somehow? I do not care if it
did, I just want to fix it if that is the case. On top of that, I have
now gone from 4.1.11 to 4.1.9, another downgrade. If there were any
changes to the way the AD data is stored between all of these versions,
I may have hosed myself in changing versions. If not, then I have no
clue why I keep getting denied access.
Finally, some information about the hardware setup in case it matters.
The server is an Intel Xeon system with 16GB of RAM and a RAID10 array
(hardware, not software). I have an LSI PCI-E card attached to four 1TB
SATA 6.0Gbps drives. On this I installed XenServer 6.2, which saw the
one "virtual" drive at 2TB. I then installed a network install of Debian
7.5 AMD64 and had only a shell with SSH access. I made a template of
this, and deployed it three times. One is the AD DC, one is the
print-server, and one is the file-server. I do have the XenServer stuff
installed on all three VMs and it works fine. I do not know if this
matters, but I wanted to mention it. I have tried removing the XenServer
stuff but it did not help.
On 08/15/2014 01:19 PM, Harry Jede wrote:
> On 19:14:56 wrote Rowland Penny:
>> On 15/08/14 17:19, Harry Jede wrote:
>>> On 18:03:42 wrote Rowland Penny:
>>>> On 15/08/14 16:07, Ryan Ashley wrote:
>>>> The problem there is that you are trying to install the wrong
>>>> packages LOL
>>>> apt-get -t wheezy-backports install samba attr krb5-config
>>>> krb5-user dnsutils winbind libpam-winbind libpam-krb5
>>>> libnss-winbind libsmbclient smbclient
>>> The problem there is that you are trying to install the wrong
>>> packages LOL.
>>> Just a joke, or not?
>>> Heads up:
>>> If you install dnsutils from backports you can not use samba with
>>> bind- dlz. The bind package from backports is 1:9.9.5 and this
>>> package is NOT compiled with dlz. If bind-dlz is required one must
>>> use bind 1:9.8.4 from Wheezy!
>> Oh dear, is this why my AD DC server with Bind9 and DHCP works ?
>> samba -V
>> Version 4.1.9-Debian
>> And from /var/log/syslog
>> Aug 15 10:19:36 dc01 named: starting BIND
>> 9.9.5-4~bpo70+1-Debian -u bind
>> Aug 15 10:19:36 dc01 named: Loading 'AD DNS Zone' using driver
> looks I have made a mistake installing bind 9.9.5 from backports.
> So both bind packages (wheezy and wheezy-backports) seems to work.
> Next time I will try bind from backports again.
More information about the samba