[Samba] Samba 4 AD share: Access denied

steve steve at steve-ss.com
Tue Jul 29 11:42:05 MDT 2014

On Tue, 2014-07-29 at 18:18 +0100, Rowland Penny wrote:
> On 29/07/14 18:01, Ryan Ashley wrote:
> > Yes, I see all domain users and groups, getent works with passwd and 
> > with any domain group, and shows things as they should be. Every group 
> > has a unique gid.
> OK, then on paper everything is working as it should be, I cannot think 
> of anything else to do, anybody else have any input ???
> If nobody else has any input, it may be time to file a bug against samba.

Our money is on the builtin acl which has started appearing in recent
samba versions and explained earlier in this thread. winbind maps this
group to a number in the idmap * range. This number does not coincide
with the hard wired xidNumber in the separate idmap db on the DC.

Otherwise, have one final check on winbind:

If still nothing, go back to 4.1.6 or use sssd.

More information about the samba mailing list