[Samba] Cannot access shared home directories from linux machine

isofx ea4ml3f at gmx.at
Thu Jul 10 12:18:07 MDT 2014

Am 10.07.2014 18:14, schrieb Rowland Penny:
> On 10/07/14 17:01, isofx wrote:
>>> Hi, you seem to be using the 'rid' backend on the machine you are 
>>> trying to connect from:
>>> idmap config * : backend = rid
>>> idmap config * : range = 10000 - 49999
>>> idmap uid = 50000 - 100000
>>> idmap gid = 50000 - 100000
>>> Doing this will ensure that you will definitely get a different id 
>>> number for the user on the client against the one that they will 
>>> have on the Samba4 server (incidentally, you are running an AD DC 
>>> not a NT style PDC). I would suggest that you give your users & 
>>> groups uid & gidNumbers and set the client to use these.
>>> Once this is setup, you should be able to connect via smbclient etc 
>>> to the server, once this is working, you can move onto the cifs setup.
>>> Just what OS is the client running? idmap uid & gid where replaced 
>>> some time ago.
>>> Rowland
>> Thanks for the hint - this is my first samba setup and I got the 
>> idmap configuration from a guide I found online and used it without 
>> looking into the rid backend.
>> I would configure the UID & GIDs via RSAT-Tools - but how can I 
>> configure the client (terminal server) to use them?
>> Both the server and the client are running Debian Wheezy.
>> Kind regards,
>> Rainhard
> Just what do you mean by terminal server? If you mean a std linux 
> client then have a look here:
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> But if you mean a 'thin-client' or ltsp client, then sorry but I 
> haven't a clue.
> Rowland

It's just a debian machine that will be used as terminal server (i.e. 
thin-clients and other windows/linux clients connect via a remote 
desktop connection).

I read through the link you provided and configured the following:

netbios name = TS01
server string = TS01

workgroup = DOMAIN

security = ADS
local master = no
preferred master = no
dns proxy = no

encrypt passwords = true
kerberos method = secrets and keytab

winbind use default domain = yes
winbind trusted domains only = no
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307

idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000 - 15000

Via RSAT Tools, I added the group "demo group" with GID 14000 and a 
member of the group "demo" with UID 12000.

However, it seems I'm missing some configuration:

root at ts01:/var/lib/samba# wbinfo -u
root at ts01:/var/lib/samba# wbinfo -g
allowed rodc password replication group
enterprise read-only domain controllers
denied rodc password replication group
read-only domain controllers
group policy creator owners
ras and ias servers
domain controllers
enterprise admins
domain computers
cert publishers
domain admins
domain guests
schema admins
domain users
demo group
root at ts01:/var/lib/samba# wbinfo -i demo
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user demo

I ran "net cache flush" to get rid of the mappings from the previous rid 
configuration. As you can see, the "demo group" and "demo" are availabe 
through wbinfo -u and -g, however it fails to get any detail information 
with wbinfo -i .

Any ideas what I may be missing? I did not change anything in the DCs 

Kind regards,

More information about the samba mailing list