[Samba] Domain users can't browse or access shares
rowlandpenny at googlemail.com
Sat Feb 14 02:41:11 MST 2015
On 14/02/15 07:36, Tim wrote:
> You are using idmap module rid for your domain. I think getent passwd could not resolve anything because of your id range. I would try a range of 1000 (one thousand)-99999 and see what happens.
> New users in AD start with a rid of 1000. Well known Users like administrator got their rid starting in the 500 range.
> You should think of using rfc2307.
He was using the 'ad' backend and was getting nothing, so I advised him
to change to the 'rid' backend.
Samba, when using the 'rid' backend, calculates the users ID this way:
ID = RID - BASE_RID + LOW_RANGE_ID
which from his set up is:
ID = RID - 0 + 10000
So if a user has a RID of 1000
ID = 1000 - 0 + 10000
ID = 11000
What I would try now is to add a couple of 9's to the high range and see
if this then shows any users i.e. change 'range=10000-99999' to
It might just be that *all* his users have RID's higher than 99999 and
if this is so, samba will never show them.
More information about the samba