[Samba] Cannot access shared home directories from linux machine
Rowland Penny
rowlandpenny at googlemail.com
Thu Jul 10 12:24:46 MDT 2014
On 10/07/14 19:18, isofx wrote:
> Am 10.07.2014 18:14, schrieb Rowland Penny:
>> On 10/07/14 17:01, isofx wrote:
>>>
>>>> Hi, you seem to be using the 'rid' backend on the machine you are
>>>> trying to connect from:
>>>>
>>>> idmap config * : backend = rid
>>>> idmap config * : range = 10000 - 49999
>>>> idmap uid = 50000 - 100000
>>>> idmap gid = 50000 - 100000
>>>>
>>>> Doing this will ensure that you will definitely get a different id
>>>> number for the user on the client against the one that they will
>>>> have on the Samba4 server (incidentally, you are running an AD DC
>>>> not a NT style PDC). I would suggest that you give your users &
>>>> groups uid & gidNumbers and set the client to use these.
>>>>
>>>> Once this is setup, you should be able to connect via smbclient etc
>>>> to the server, once this is working, you can move onto the cifs setup.
>>>>
>>>> Just what OS is the client running? idmap uid & gid where replaced
>>>> some time ago.
>>>>
>>>> Rowland
>>>
>>> Thanks for the hint - this is my first samba setup and I got the
>>> idmap configuration from a guide I found online and used it without
>>> looking into the rid backend.
>>>
>>> I would configure the UID & GIDs via RSAT-Tools - but how can I
>>> configure the client (terminal server) to use them?
>>>
>>> Both the server and the client are running Debian Wheezy.
>>>
>>> Kind regards,
>>> Rainhard
>>
>> Just what do you mean by terminal server? If you mean a std linux
>> client then have a look here:
>>
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>
>> But if you mean a 'thin-client' or ltsp client, then sorry but I
>> haven't a clue.
>>
>> Rowland
>>
>
> It's just a debian machine that will be used as terminal server (i.e.
> thin-clients and other windows/linux clients connect via a remote
> desktop connection).
>
> I read through the link you provided and configured the following:
>
> [global]
> netbios name = TS01
> server string = TS01
>
> workgroup = DOMAIN
> realm = KARMEL.INTERN
>
> security = ADS
> local master = no
> preferred master = no
> dns proxy = no
>
> encrypt passwords = true
> kerberos method = secrets and keytab
>
> winbind use default domain = yes
> winbind trusted domains only = no
> winbind enum groups = yes
> winbind enum users = yes
> winbind nss info = rfc2307
>
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000 - 15000
>
> Via RSAT Tools, I added the group "demo group" with GID 14000 and a
> member of the group "demo" with UID 12000.
>
> However, it seems I'm missing some configuration:
>
> root at ts01:/var/lib/samba# wbinfo -u
> administrator
> demo
> test
> krbtgt
> guest
> root at ts01:/var/lib/samba# wbinfo -g
> allowed rodc password replication group
> enterprise read-only domain controllers
> denied rodc password replication group
> read-only domain controllers
> group policy creator owners
> ras and ias servers
> domain controllers
> enterprise admins
> domain computers
> cert publishers
> dnsupdateproxy
> domain admins
> domain guests
> schema admins
> domain users
> demo group
> dnsadmins
> root at ts01:/var/lib/samba# wbinfo -i demo
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user demo
>
> I ran "net cache flush" to get rid of the mappings from the previous
> rid configuration. As you can see, the "demo group" and "demo" are
> availabe through wbinfo -u and -g, however it fails to get any detail
> information with wbinfo -i .
>
> Any ideas what I may be missing? I did not change anything in the DCs
> configuration.
>
> Kind regards,
> Rainhard
>
>
>
Have you joined the machine to the domain? what is in /etc/nsswitch.conf?
Rowland
More information about the samba
mailing list