[Samba] Permission Denied
mathias dufresne
infractory at gmail.com
Tue Dec 8 13:39:11 UTC 2015
Ole,
Did you configure PAM to use AD as a users source ? You need to have
Winbind or SSSD or nslcd configured to access your AD + configure PAM +
configure nsswitch.conf. Then you will system users from AD (ie "getent
passwd my-ad-account" would work).
Cheers,
mathias
2015-12-07 20:54 GMT+01:00 Rowland penny <rpenny at samba.org>:
> On 07/12/15 19:42, Ole Traupe wrote:
>
>>
>> If I do this (rely on the user map file containing "!root =
>>>> BPN\Administrator BPN\administrator"), should I expect "id Administrator"
>>>> to give anything?
>>>>
>>>> Ole
>>>>
>>>>
>>> Only a Samba AD DC, you will not get anything from 'getent
>>> Administrator' on a Unix domain member, but remember, with the user map
>>> 'Administrator' becomes 'root' :-)
>>>
>>
>> Yes, and I can manage share permissions via ADUC due to the user mapping.
>>
>> But on the DCs I still get "No such user" (although I don't have any
>> appearent problem).
>>
>> Ole
>>
>>
>>
>>
> Have you changed anything on the DCs ? Are the winbind nss links in place
> ? (not sure if this makes any difference, but I always create them)
>
> if I run 'id Administrator', I get:
>
> uid=0(root) gid=100(users) groups=0(root),100(users),3000004(SAMdom\Group
> Policy Creator Owners),3000006(SAMDOM\Enterprise
> Admins),3000008(SAMDOM\Domain Admins),3000007(SAMDOM\Schema Admins)
>
> 'getent password Administrator' returns:
>
> SAMDOM\Administrator:*:0:100::/home/Administrator:/bin/bash
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list