[Samba] Cannot browse mode 0700 directories from Windows with security=ads

Ian Collier Ian.Collier at cs.ox.ac.uk
Fri Apr 15 17:18:28 UTC 2016

rpenny at samba.org writes:
> OK, you have a Samba domain member that is joined to an AD domain and you
> also say you are running winbindd, but there doesn't seem to be any winbind
> or 'idmap config' lines in your smb.conf, are you also running sssd ?

The server has "passwd: files ldap" in nsswitch.conf and sssd is not
running, but "getent passwd randomuser" does the right thing.  I'm not
100% sure how this works if I'm honest, because it was set up by someone
else and we do run sssd on our *ix machines as a general rule.

> If you are not running sssd, can I suggest having a look here:
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
> You will probably want to use the 'rid' backend

OK I will look at that in detail later, but it mentions putting winbind
in nsswitch.conf which I don't think we want to do.

I'm not entirely sure what the idmap backend thing does although my
impression is that it's for when you are using winbind to provide
services to NSS, which we're not doing here.

I have previously tried adding "backend = nss" but it didn't seem to
have any effect.

Ian Collier.

More information about the samba mailing list