[Samba] Domain users can't browse or access shares
sk at green.no
sk at green.no
Mon Feb 16 00:30:48 MST 2015
samba-bounces at lists.samba.org wrote on 02/14/2015 10:41:11 AM:
> From: Rowland Penny <rowlandpenny at googlemail.com>
> To: samba at lists.samba.org
> Date: 02/14/2015 10:41 AM
> On 14/02/15 07:36, Tim wrote:
> > You are using idmap module rid for your domain. I think getent
> passwd could not resolve anything because of your id range. I would
> try a range of 1000 (one thousand)-99999 and see what happens.
> > New users in AD start with a rid of 1000. Well known Users like
> administrator got their rid starting in the 500 range.
> >
> > You should think of using rfc2307.
>
> He was using the 'ad' backend and was getting nothing, so I advised him
> to change to the 'rid' backend.
>
> Samba, when using the 'rid' backend, calculates the users ID this way:
>
> ID = RID - BASE_RID + LOW_RANGE_ID
>
> which from his set up is:
>
> ID = RID - 0 + 10000
>
> So if a user has a RID of 1000
>
> ID = 1000 - 0 + 10000
>
> ID = 11000
>
> What I would try now is to add a couple of 9's to the high range and see
> if this then shows any users i.e. change 'range=10000-99999' to
> 'range=10000-9999999'
>
> It might just be that *all* his users have RID's higher than 99999 and
> if this is so, samba will never show them.
I added a 9 to the ID range of GREENREEFERS and now smbclient give me what
I would expect. Thank you very much for your help Rowland!
I just need to figure out how to narrow access to shares.
More information about the samba
mailing list