[Samba] Domain users can't browse or access shares

sk at green.no sk at green.no
Thu Feb 12 02:51:47 MST 2015 

samba-bounces at lists.samba.org wrote on 09.02.2015 20:52:43:
 
> OK, make the [global] part of your smb.conf look like this:
> 
> [global]
>          netbios name = bgo-nfs01
>          workgroup = GREENREEFERS
>          security = ADS
>          realm = GREENREEFERS.NO
>          dedicated keytab file = /etc/krb5.keytab
>          kerberos method = secrets and keytab
>          server string = %h server
>          winbind enum users = yes
>          winbind enum groups = yes
>          winbind use default domain = yes
>          winbind trusted domains only = no
>          winbind nested groups = yes
>          winbind refresh tickets = Yes
>          winbind nss info = rfc2307
>          idmap config *:backend = tdb
>          idmap config *:range = 2000-9999
>          idmap config GREENREEFERS:backend = rid
>          idmap config GREENREEFERS:range=10000-99999
>          load printers = no
>          printing = bsd
>          printcap name = /dev/null
>          disable spoolss = yes
>          preferred master = no
>          local master = no
>          template homedir = /dev/null
>          template shell = /bin/true
>          syslog = 0
>          log file = /var/log/samba/log.%m
>          max log size = 1000
>          dns proxy = No
>          interfaces = eth1 lo
>          bind interfaces only = yes
>          log level = 2 msdfs:8 auth:5 winbind:5 idmap:5 acls:3
>          panic action = /usr/share/samba/panic-action %d
>          valid users = @"GREENREEFERS\grr"
>          vfs objects = acl_xattr
>          map acl inherit = Yes
>          store dos attributes = Yes
> 
> Check that /etc/krb5.conf exists and looks like this:
> 
> [libdefaults]
>       default_realm = GREENREEFERS.NO
>       dns_lookup_realm = false
>       dns_lookup_kdc = true
> 
> Check that /etc/resolv.conf points to your AD DC (first on list)
> 
> Check that the passwd & group lines in /etc/nsswitch.conf contain 
'winbind'

Hi, sorry for late answer.

I did change the [global], and pasted smb.cfg here: 
http://pastebin.com/WRNCKu42
I changed the krb5.conf file and pasted it here:  
http://pastebin.com/JqSavqD1
nsswitch.com is unchanged, pasted here: http://pastebin.com/bW3HcKKN
resolv.conf have been correct all the time, I have verified now as well.

More information about the samba mailing list