[Samba] Domain users can't browse or access shares

Rowland Penny rowlandpenny at googlemail.com
Sat Feb 14 02:41:11 MST 2015


On 14/02/15 07:36, Tim wrote:
> You are using idmap module rid for your domain. I think getent passwd could not resolve anything because of your id range. I would try a range of 1000 (one thousand)-99999 and see what happens.
> New users in AD start with a rid of 1000. Well known Users like administrator got their rid starting in the 500 range.
>
> You should think of using rfc2307.

He was using the 'ad' backend and was getting nothing, so I advised him 
to change to the 'rid' backend.

Samba, when using the 'rid' backend, calculates the users ID this way:

ID = RID - BASE_RID + LOW_RANGE_ID

which from his set up is:

ID = RID - 0 + 10000

So if a user has a RID of 1000

ID = 1000 - 0 + 10000

ID = 11000

What I would try now is to add a couple of 9's to the high range and see 
if this then shows any users i.e. change 'range=10000-99999' to 
'range=10000-9999999'

It might just be that *all* his users have RID's higher than 99999 and 
if this is so, samba will never show them.

Rowland



More information about the samba mailing list