[Samba] Cannot access shared home directories from linux machine

isofx ea4ml3f at gmx.at
Thu Jul 10 12:50:23 MDT 2014 

Am 10.07.2014 20:24, schrieb Rowland Penny:
> On 10/07/14 19:18, isofx wrote:
>> Am 10.07.2014 18:14, schrieb Rowland Penny:
>>> On 10/07/14 17:01, isofx wrote:
>>>>
>>>>> Hi, you seem to be using the 'rid' backend on the machine you are 
>>>>> trying to connect from:
>>>>>
>>>>> idmap config * : backend = rid
>>>>> idmap config * : range = 10000 - 49999
>>>>> idmap uid = 50000 - 100000
>>>>> idmap gid = 50000 - 100000
>>>>>
>>>>> Doing this will ensure that you will definitely get a different id 
>>>>> number for the user on the client against the one that they will 
>>>>> have on the Samba4 server (incidentally, you are running an AD DC 
>>>>> not a NT style PDC). I would suggest that you give your users & 
>>>>> groups uid & gidNumbers and set the client to use these.
>>>>>
>>>>> Once this is setup, you should be able to connect via smbclient 
>>>>> etc to the server, once this is working, you can move onto the 
>>>>> cifs setup.
>>>>>
>>>>> Just what OS is the client running? idmap uid & gid where replaced 
>>>>> some time ago.
>>>>>
>>>>> Rowland
>>>>
>>>> Thanks for the hint - this is my first samba setup and I got the 
>>>> idmap configuration from a guide I found online and used it without 
>>>> looking into the rid backend.
>>>>
>>>> I would configure the UID & GIDs via RSAT-Tools - but how can I 
>>>> configure the client (terminal server) to use them?
>>>>
>>>> Both the server and the client are running Debian Wheezy.
>>>>
>>>> Kind regards,
>>>> Rainhard
>>>
>>> Just what do you mean by terminal server? If you mean a std linux 
>>> client then have a look here:
>>>
>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>
>>> But if you mean a 'thin-client' or ltsp client, then sorry but I 
>>> haven't a clue.
>>>
>>> Rowland
>>>
>>
>> It's just a debian machine that will be used as terminal server (i.e. 
>> thin-clients and other windows/linux clients connect via a remote 
>> desktop connection).
>>
>> I read through the link you provided and configured the following:
>>
>> [global]
>> netbios name = TS01
>> server string = TS01
>>
>> workgroup = DOMAIN
>> realm = KARMEL.INTERN
>>
>> security = ADS
>> local master = no
>> preferred master = no
>> dns proxy = no
>>
>> encrypt passwords = true
>> kerberos method = secrets and keytab
>>
>> winbind use default domain = yes
>> winbind trusted domains only = no
>> winbind enum groups = yes
>> winbind enum users = yes
>> winbind nss info = rfc2307
>>
>> idmap config DOMAIN:backend = ad
>> idmap config DOMAIN:schema_mode = rfc2307
>> idmap config DOMAIN:range = 10000 - 15000
>>
>> Via RSAT Tools, I added the group "demo group" with GID 14000 and a 
>> member of the group "demo" with UID 12000.
>>
>> However, it seems I'm missing some configuration:
>>
>> root at ts01:/var/lib/samba# wbinfo -u
>> administrator
>> demo
>> test
>> krbtgt
>> guest
>> root at ts01:/var/lib/samba# wbinfo -g
>> allowed rodc password replication group
>> enterprise read-only domain controllers
>> denied rodc password replication group
>> read-only domain controllers
>> group policy creator owners
>> ras and ias servers
>> domain controllers
>> enterprise admins
>> domain computers
>> cert publishers
>> dnsupdateproxy
>> domain admins
>> domain guests
>> schema admins
>> domain users
>> demo group
>> dnsadmins
>> root at ts01:/var/lib/samba# wbinfo -i demo
>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for user demo
>>
>> I ran "net cache flush" to get rid of the mappings from the previous 
>> rid configuration. As you can see, the "demo group" and "demo" are 
>> availabe through wbinfo -u and -g, however it fails to get any detail 
>> information with wbinfo -i .
>>
>> Any ideas what I may be missing? I did not change anything in the DCs 
>> configuration.
>>
>> Kind regards,
>> Rainhard
>>
>>
>>
> Have you joined the machine to the domain? what is in /etc/nsswitch.conf?
>
> Rowland
>


Yes, I joined the domain using "samba-tool domain join domain.intern 
member". Here's my /etc/nsswitch.conf:

passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files dns mdns4_minimal [NOTFOUND=return] mdns4
hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

More information about the samba mailing list