[Samba] Permission Denied

[Ole Traupe]

You are right! I haven't configured PAM for winbind on the DCs, probably 
because I don't need this.

Any reasons why I should, if I manage my domain from Windows ADUC and 
don't log-on to the DCs as Administrator locally?

Ole


Am 08.12.2015 um 14:39 schrieb mathias dufresne:
> Ole,
>
> Did you configure PAM to use AD as a users source ? You need to have
> Winbind or SSSD or nslcd configured to access your AD + configure PAM +
> configure nsswitch.conf. Then you will system users from AD (ie "getent
> passwd my-ad-account" would work).
>
> Cheers,
>
> mathias
>
> 2015-12-07 20:54 GMT+01:00 Rowland penny <rpenny at samba.org>:
>
>> On 07/12/15 19:42, Ole Traupe wrote:
>>
>>> If I do this (rely on the user map file containing "!root =
>>>>> BPN\Administrator BPN\administrator"), should I expect "id Administrator"
>>>>> to give anything?
>>>>>
>>>>> Ole
>>>>>
>>>>>
>>>> Only a Samba AD DC, you will not get anything from 'getent
>>>> Administrator' on a Unix domain member, but remember, with the user map
>>>> 'Administrator' becomes 'root' :-)
>>>>
>>> Yes, and I can manage share permissions via ADUC due to the user mapping.
>>>
>>> But on the DCs I still get "No such user" (although I don't have any
>>> appearent problem).
>>>
>>> Ole
>>>
>>>
>>>
>>>
>> Have you changed anything on the DCs ? Are the winbind nss links in place
>> ? (not sure if this makes any difference, but I always create them)
>>
>> if I run 'id Administrator', I get:
>>
>> uid=0(root) gid=100(users) groups=0(root),100(users),3000004(SAMdom\Group
>> Policy Creator Owners),3000006(SAMDOM\Enterprise
>> Admins),3000008(SAMDOM\Domain Admins),3000007(SAMDOM\Schema Admins)
>>
>> 'getent password Administrator' returns:
>>
>> SAMDOM\Administrator:*:0:100::/home/Administrator:/bin/bash
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>