[Samba] Cannot access shared home directories from linux machine
rowlandpenny at googlemail.com
Thu Jul 10 12:24:46 MDT 2014
On 10/07/14 19:18, isofx wrote:
> Am 10.07.2014 18:14, schrieb Rowland Penny:
>> On 10/07/14 17:01, isofx wrote:
>>>> Hi, you seem to be using the 'rid' backend on the machine you are
>>>> trying to connect from:
>>>> idmap config * : backend = rid
>>>> idmap config * : range = 10000 - 49999
>>>> idmap uid = 50000 - 100000
>>>> idmap gid = 50000 - 100000
>>>> Doing this will ensure that you will definitely get a different id
>>>> number for the user on the client against the one that they will
>>>> have on the Samba4 server (incidentally, you are running an AD DC
>>>> not a NT style PDC). I would suggest that you give your users &
>>>> groups uid & gidNumbers and set the client to use these.
>>>> Once this is setup, you should be able to connect via smbclient etc
>>>> to the server, once this is working, you can move onto the cifs setup.
>>>> Just what OS is the client running? idmap uid & gid where replaced
>>>> some time ago.
>>> Thanks for the hint - this is my first samba setup and I got the
>>> idmap configuration from a guide I found online and used it without
>>> looking into the rid backend.
>>> I would configure the UID & GIDs via RSAT-Tools - but how can I
>>> configure the client (terminal server) to use them?
>>> Both the server and the client are running Debian Wheezy.
>>> Kind regards,
>> Just what do you mean by terminal server? If you mean a std linux
>> client then have a look here:
>> But if you mean a 'thin-client' or ltsp client, then sorry but I
>> haven't a clue.
> It's just a debian machine that will be used as terminal server (i.e.
> thin-clients and other windows/linux clients connect via a remote
> desktop connection).
> I read through the link you provided and configured the following:
> netbios name = TS01
> server string = TS01
> workgroup = DOMAIN
> realm = KARMEL.INTERN
> security = ADS
> local master = no
> preferred master = no
> dns proxy = no
> encrypt passwords = true
> kerberos method = secrets and keytab
> winbind use default domain = yes
> winbind trusted domains only = no
> winbind enum groups = yes
> winbind enum users = yes
> winbind nss info = rfc2307
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000 - 15000
> Via RSAT Tools, I added the group "demo group" with GID 14000 and a
> member of the group "demo" with UID 12000.
> However, it seems I'm missing some configuration:
> root at ts01:/var/lib/samba# wbinfo -u
> root at ts01:/var/lib/samba# wbinfo -g
> allowed rodc password replication group
> enterprise read-only domain controllers
> denied rodc password replication group
> read-only domain controllers
> group policy creator owners
> ras and ias servers
> domain controllers
> enterprise admins
> domain computers
> cert publishers
> domain admins
> domain guests
> schema admins
> domain users
> demo group
> root at ts01:/var/lib/samba# wbinfo -i demo
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user demo
> I ran "net cache flush" to get rid of the mappings from the previous
> rid configuration. As you can see, the "demo group" and "demo" are
> availabe through wbinfo -u and -g, however it fails to get any detail
> information with wbinfo -i .
> Any ideas what I may be missing? I did not change anything in the DCs
> Kind regards,
Have you joined the machine to the domain? what is in /etc/nsswitch.conf?
More information about the samba