[Samba] AD share not accessible

Benjamin Budts ben at zentrix.be
Sun Jan 19 16:16:23 MST 2014


Thx Steve for pointing out the overlapping range issue I had in my conf.

I changed the config, but still no success gentent passwd or getent groups
is only showing local users/groups after showing the local users, there
seems to be a timeout of 5 seconds and then back to shell.

Accessing my share with a group that is situated in the group Valid Users
isn't working either. No errors in smb or winbind log. (Although I get an
error output if I make a mistake in my users's password on purpose I see an
errorlog being created. as stated in my first post to the mailinglist) so
there seems to be some form of authentication although I can't find out how
to debug it

My /share has been remounted with ACL too

Any ideas ? 

My new config

	workgroup = INTRANET
	realm = ISPPC.BE
	server string = %h
	security = ADS
	ntlm auth = No
	kerberos method = system keytab
	log file = /var/log/samba/log.%m
	max log size = 1024
	client signing = required
	server signing = required
	client use spnego = No
	load printers = No
	lm announce = No
	dns proxy = No
	ldap ssl = no
	template homedir = /dev/null
	template shell = /bin/true
	winbind separator = +
	winbind cache time = 5
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind nss info = rfc2307
	winbind refresh tickets = Yes
	winbind offline logon = Yes
	winbind normalize names = Yes
	idmap config * : range = 1000000-1999999
	idmap config INTRANET:base_rid = 0
	idmap config INTRANET:range = 50000-59999
	idmap config INTRANET:read only = yes
	idmap config INTRANET:backend = rid
	idmap config * : backend = tdb
	invalid users = root
	cups options = raw

	comment = Glims Cluster Share
	path = /share
	read only = No


-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of steve
Sent: donderdag 16 januari 2014 19:02
To: samba at lists.samba.org
Subject: Re: [Samba] samba linux share vs AD

On Thu, 2014-01-16 at 17:30 +0100, Benjamin Budts wrote:

> .         #getent passwd  only shows local users it seems to wait 5
> after printing the local users and then times out to shell without an

Your ranges overlap.
  idmap config * : range = 1000000-1999999
  idmap config INTRANET:range = 60000-50000000

Go for something like * 50000-59999

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list