[Samba] Permission Denied
infractory at gmail.com
Tue Dec 8 13:39:11 UTC 2015
Did you configure PAM to use AD as a users source ? You need to have
Winbind or SSSD or nslcd configured to access your AD + configure PAM +
configure nsswitch.conf. Then you will system users from AD (ie "getent
passwd my-ad-account" would work).
2015-12-07 20:54 GMT+01:00 Rowland penny <rpenny at samba.org>:
> On 07/12/15 19:42, Ole Traupe wrote:
>> If I do this (rely on the user map file containing "!root =
>>>> BPN\Administrator BPN\administrator"), should I expect "id Administrator"
>>>> to give anything?
>>> Only a Samba AD DC, you will not get anything from 'getent
>>> Administrator' on a Unix domain member, but remember, with the user map
>>> 'Administrator' becomes 'root' :-)
>> Yes, and I can manage share permissions via ADUC due to the user mapping.
>> But on the DCs I still get "No such user" (although I don't have any
>> appearent problem).
> Have you changed anything on the DCs ? Are the winbind nss links in place
> ? (not sure if this makes any difference, but I always create them)
> if I run 'id Administrator', I get:
> uid=0(root) gid=100(users) groups=0(root),100(users),3000004(SAMdom\Group
> Policy Creator Owners),3000006(SAMDOM\Enterprise
> Admins),3000008(SAMDOM\Domain Admins),3000007(SAMDOM\Schema Admins)
> 'getent password Administrator' returns:
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba