[Samba] Access to shares is denied after upgrading from 3.6.3 (openSUSE 12.1) to 4.1.17 (openSUSE 13.2)

Reinhard Nißl reinhard.nissl at fee.de
Fri Mar 20 11:22:51 MDT 2015 

Hi Rowland,

Am 20.03.2015 um 15:02 schrieb Rowland Penny:

>>> Try replacing the global part of your smb.conf with this:
>>>
>>> [global]
>>>        netbios name = PLATON
>>>        workgroup = FEE
>>>        security = ADS
>>>        realm = FEE.DE
>>>        dedicated keytab file = /etc/krb5.keytab
>>>        kerberos method = secrets and keytab
>>>        server string = Web- und Internet-Mail-Server
>>>        interfaces = 10.73.0.6/255.255.0.0
>>>        bind interfaces only = Yes
>>>        username map = /etc/samba/smbusers
>>>        name resolve order = wins hosts
>>>        os level = 0
>>>        local master = No
>>>        wins server = 10.73.0.7 10.73.0.21
>>>
>>>        guest ok = Yes
>>>        hide dot files = No
>>>
>>>        idmap config *:backend = tdb
>>>        idmap config *:range = 2000-9999
>>>        idmap config FEE:backend = rid
>>>        idmap config FEE:range = 10000-20000
>>>
>>>        winbind cache time = 10
>>>        template shell = /bin/false
>>>        template homedir = /tmp
>>>
>>>        winbind use default domain = yes
>>>        winbind enum users = yes
>>>        winbind enum groups = yes
>>>        winbind expand groups = 1
>>>        winbind trusted domains only = no
>>>        winbind refresh tickets = Yes
>>>
>>>        deadtime = 1
>>>        load printers = no
>>>        printing = bsd
>>>
>>> Remove all the 'valid users' etc from the shares and use ACLs instead ,
>>> either from windows or with setfacl on the member server, see:
>>>
>>> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs

To appreciate your support, I've put the above lines into smb.conf, 
modified the shares accordingly and rejoined the domain, so I do have a 
/etc/krb5.keytab now, but as long as smbusers contains that mapping to 
root, I still get this error:

> SID S-1-5-21-2807186310-4085009417-2666197100-1000 -> getpwuid(10938) failed

According to these wiki entries

https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting

there is nothing special in my setup, so I have absolutely no clue, why 
this root-mapping doesn't work.

Bye.
--
Reinhard Nißl, TB3, -198

More information about the samba mailing list