[Samba] AD share not accessible
Benjamin Budts
ben at zentrix.be
Sun Jan 19 16:16:23 MST 2014
Hi,
Thx Steve for pointing out the overlapping range issue I had in my conf.
I changed the config, but still no success gentent passwd or getent groups
is only showing local users/groups after showing the local users, there
seems to be a timeout of 5 seconds and then back to shell.
Accessing my share with a group that is situated in the group Valid Users
isn't working either. No errors in smb or winbind log. (Although I get an
error output if I make a mistake in my users's password on purpose I see an
errorlog being created. as stated in my first post to the mailinglist) so
there seems to be some form of authentication although I can't find out how
to debug it
My /share has been remounted with ACL too
Any ideas ?
My new config
----
[global]
workgroup = INTRANET
realm = ISPPC.BE
server string = %h
security = ADS
ntlm auth = No
kerberos method = system keytab
log file = /var/log/samba/log.%m
max log size = 1024
client signing = required
server signing = required
client use spnego = No
load printers = No
lm announce = No
dns proxy = No
ldap ssl = no
template homedir = /dev/null
template shell = /bin/true
winbind separator = +
winbind cache time = 5
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind normalize names = Yes
idmap config * : range = 1000000-1999999
idmap config INTRANET:base_rid = 0
idmap config INTRANET:range = 50000-59999
idmap config INTRANET:read only = yes
idmap config INTRANET:backend = rid
idmap config * : backend = tdb
invalid users = root
cups options = raw
[glims_share]
comment = Glims Cluster Share
path = /share
valid users = @INTRANET+GRP_GLIMS_RDS_USERS
read only = No
Cheers,
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of steve
Sent: donderdag 16 januari 2014 19:02
To: samba at lists.samba.org
Subject: Re: [Samba] samba linux share vs AD
On Thu, 2014-01-16 at 17:30 +0100, Benjamin Budts wrote:
>
>
> . #getent passwd only shows local users it seems to wait 5
seconds
> after printing the local users and then times out to shell without an
error.
>
>
Your ranges overlap.
idmap config * : range = 1000000-1999999
idmap config INTRANET:range = 60000-50000000
Go for something like * 50000-59999
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list