[Samba] Cannot access shared home directories from linux machine
ea4ml3f at gmx.at
Thu Jul 10 12:18:07 MDT 2014
Am 10.07.2014 18:14, schrieb Rowland Penny:
> On 10/07/14 17:01, isofx wrote:
>>> Hi, you seem to be using the 'rid' backend on the machine you are
>>> trying to connect from:
>>> idmap config * : backend = rid
>>> idmap config * : range = 10000 - 49999
>>> idmap uid = 50000 - 100000
>>> idmap gid = 50000 - 100000
>>> Doing this will ensure that you will definitely get a different id
>>> number for the user on the client against the one that they will
>>> have on the Samba4 server (incidentally, you are running an AD DC
>>> not a NT style PDC). I would suggest that you give your users &
>>> groups uid & gidNumbers and set the client to use these.
>>> Once this is setup, you should be able to connect via smbclient etc
>>> to the server, once this is working, you can move onto the cifs setup.
>>> Just what OS is the client running? idmap uid & gid where replaced
>>> some time ago.
>> Thanks for the hint - this is my first samba setup and I got the
>> idmap configuration from a guide I found online and used it without
>> looking into the rid backend.
>> I would configure the UID & GIDs via RSAT-Tools - but how can I
>> configure the client (terminal server) to use them?
>> Both the server and the client are running Debian Wheezy.
>> Kind regards,
> Just what do you mean by terminal server? If you mean a std linux
> client then have a look here:
> But if you mean a 'thin-client' or ltsp client, then sorry but I
> haven't a clue.
It's just a debian machine that will be used as terminal server (i.e.
thin-clients and other windows/linux clients connect via a remote
I read through the link you provided and configured the following:
netbios name = TS01
server string = TS01
workgroup = DOMAIN
realm = KARMEL.INTERN
security = ADS
local master = no
preferred master = no
dns proxy = no
encrypt passwords = true
kerberos method = secrets and keytab
winbind use default domain = yes
winbind trusted domains only = no
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000 - 15000
Via RSAT Tools, I added the group "demo group" with GID 14000 and a
member of the group "demo" with UID 12000.
However, it seems I'm missing some configuration:
root at ts01:/var/lib/samba# wbinfo -u
root at ts01:/var/lib/samba# wbinfo -g
allowed rodc password replication group
enterprise read-only domain controllers
denied rodc password replication group
read-only domain controllers
group policy creator owners
ras and ias servers
root at ts01:/var/lib/samba# wbinfo -i demo
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user demo
I ran "net cache flush" to get rid of the mappings from the previous rid
configuration. As you can see, the "demo group" and "demo" are availabe
through wbinfo -u and -g, however it fails to get any detail information
with wbinfo -i .
Any ideas what I may be missing? I did not change anything in the DCs
More information about the samba