[Samba] AD share not accessible

steve steve at steve-ss.com
Sun Jan 19 23:46:43 MST 2014 

On Mon, 2014-01-20 at 00:16 +0100, Benjamin Budts wrote:
> Hi,
> 
> Thx Steve for pointing out the overlapping range issue I had in my conf.
> 
> I changed the config, but still no success gentent passwd or getent groups
> is only showing local users/groups after showing the local users, there
> seems to be a timeout of 5 seconds and then back to shell.

Guessing now. (Oh how I love winbind!)

comment:
# winbind separator = +

And make sure that nscd is disabled.

If you want it to just work:
https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
A bit out of date but it will at least get you there.
HTH
Steve



> 
> Accessing my share with a group that is situated in the group Valid Users
> isn't working either. No errors in smb or winbind log. (Although I get an
> error output if I make a mistake in my users's password on purpose I see an
> errorlog being created. as stated in my first post to the mailinglist) so
> there seems to be some form of authentication although I can't find out how
> to debug it
> 
> My /share has been remounted with ACL too
> 
> Any ideas ? 
> 
> My new config
> ----
> 
> [global]
> 	workgroup = INTRANET
> 	realm = ISPPC.BE
> 	server string = %h
> 	security = ADS
> 	ntlm auth = No
> 	kerberos method = system keytab
> 	log file = /var/log/samba/log.%m
> 	max log size = 1024
> 	client signing = required
> 	server signing = required
> 	client use spnego = No
> 	load printers = No
> 	lm announce = No
> 	dns proxy = No
> 	ldap ssl = no
> 	template homedir = /dev/null
> 	template shell = /bin/true
> 	winbind separator = +
> 	winbind cache time = 5
> 	winbind enum users = Yes
> 	winbind enum groups = Yes
> 	winbind nss info = rfc2307
> 	winbind refresh tickets = Yes
> 	winbind offline logon = Yes
> 	winbind normalize names = Yes
> 	idmap config * : range = 1000000-1999999
> 	idmap config INTRANET:base_rid = 0
> 	idmap config INTRANET:range = 50000-59999
> 	idmap config INTRANET:read only = yes
> 	idmap config INTRANET:backend = rid
> 	idmap config * : backend = tdb
> 	invalid users = root
> 	cups options = raw
> 
> [glims_share]
> 	comment = Glims Cluster Share
> 	path = /share
> 	valid users = @INTRANET+GRP_GLIMS_RDS_USERS
> 	read only = No
> 
> 
> Cheers,
> 
> 
> 
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of steve
> Sent: donderdag 16 januari 2014 19:02
> To: samba at lists.samba.org
> Subject: Re: [Samba] samba linux share vs AD
> 
> On Thu, 2014-01-16 at 17:30 +0100, Benjamin Budts wrote:
> >  
> 
> > 
> > .         #getent passwd  only shows local users it seems to wait 5
> seconds
> > after printing the local users and then times out to shell without an
> error.
> > 
> >  
> 
> Your ranges overlap.
>   idmap config * : range = 1000000-1999999
>   idmap config INTRANET:range = 60000-50000000
> 
> Go for something like * 50000-59999
> HTH
> Steve
> 
>

More information about the samba mailing list