[Samba] AD share not accessible
steve
steve at steve-ss.com
Sun Jan 19 23:46:43 MST 2014
On Mon, 2014-01-20 at 00:16 +0100, Benjamin Budts wrote:
> Hi,
>
> Thx Steve for pointing out the overlapping range issue I had in my conf.
>
> I changed the config, but still no success gentent passwd or getent groups
> is only showing local users/groups after showing the local users, there
> seems to be a timeout of 5 seconds and then back to shell.
Guessing now. (Oh how I love winbind!)
comment:
# winbind separator = +
And make sure that nscd is disabled.
If you want it to just work:
https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
A bit out of date but it will at least get you there.
HTH
Steve
>
> Accessing my share with a group that is situated in the group Valid Users
> isn't working either. No errors in smb or winbind log. (Although I get an
> error output if I make a mistake in my users's password on purpose I see an
> errorlog being created. as stated in my first post to the mailinglist) so
> there seems to be some form of authentication although I can't find out how
> to debug it
>
> My /share has been remounted with ACL too
>
> Any ideas ?
>
> My new config
> ----
>
> [global]
> workgroup = INTRANET
> realm = ISPPC.BE
> server string = %h
> security = ADS
> ntlm auth = No
> kerberos method = system keytab
> log file = /var/log/samba/log.%m
> max log size = 1024
> client signing = required
> server signing = required
> client use spnego = No
> load printers = No
> lm announce = No
> dns proxy = No
> ldap ssl = no
> template homedir = /dev/null
> template shell = /bin/true
> winbind separator = +
> winbind cache time = 5
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind offline logon = Yes
> winbind normalize names = Yes
> idmap config * : range = 1000000-1999999
> idmap config INTRANET:base_rid = 0
> idmap config INTRANET:range = 50000-59999
> idmap config INTRANET:read only = yes
> idmap config INTRANET:backend = rid
> idmap config * : backend = tdb
> invalid users = root
> cups options = raw
>
> [glims_share]
> comment = Glims Cluster Share
> path = /share
> valid users = @INTRANET+GRP_GLIMS_RDS_USERS
> read only = No
>
>
> Cheers,
>
>
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of steve
> Sent: donderdag 16 januari 2014 19:02
> To: samba at lists.samba.org
> Subject: Re: [Samba] samba linux share vs AD
>
> On Thu, 2014-01-16 at 17:30 +0100, Benjamin Budts wrote:
> >
>
> >
> > . #getent passwd only shows local users it seems to wait 5
> seconds
> > after printing the local users and then times out to shell without an
> error.
> >
> >
>
> Your ranges overlap.
> idmap config * : range = 1000000-1999999
> idmap config INTRANET:range = 60000-50000000
>
> Go for something like * 50000-59999
> HTH
> Steve
>
>
More information about the samba
mailing list