[Samba] Domain users can't browse or access shares

Rowland Penny rowlandpenny at googlemail.com
Sat Feb 14 03:52:09 MST 2015

On 14/02/15 10:26, Tim wrote:
> Hi Rowland,
> I haven't seen a base_rid parameter in his smb.cfg. That's why I 
> advised to correct the value down to 1000 just to give it a try.

If you do not set the base_rid, the default is 0, either all the users 
he has tried have RID's outside the range set in smb.conf or there is 
something strange going on, the 'rid' backend is usually the easiest to 
set up.

> I also had the problem of not getting any users with getent passwd 
> with ad backend until I realized that all users must have a rfc2307 
> uid and must have a primary group in ad which also has a rfc2307 gid. 
> The last thing is that what I missed.
> Example:
> Domain Users has got a gid of 10000 in ADUC Unix tab.
> The users also have a uid set in Unix tab and have primary group set 
> to domain users. The ad backend only serves these users where this two 
> things are set to getent passwd.

Yes you are correct, all of the above has to be true before the 'ad' 
backend will work.


More information about the samba mailing list