[Samba] Permission denied on server root for all users
Rowland penny
rpenny at samba.org
Fri Jun 24 10:53:46 UTC 2016
On 24/06/16 11:23, mots wrote:
> Hello,
>
> I've tried to set up a member server for my AD domain, but all users get "Permission Denied" when accessing the server, even without a share specified (by entering \\ika in Windows Explorer).
> Samba version is 4.2.10-debian on Debian Jessie.
>
> I've mapped DOMAIN\Administrator to root, which allows the Administrator to connect to the server and set permissions.
> wbinfo -g and wbinfo -u lists all the users and groups.
>
> The smb.conf on the member looks like this:
>
> [global]
> workgroup = DOMAIN
> security = ads
> realm = DOMAIN.COMPANY.COM
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 20001-99999
> winbind nss info = rfc2307
> dns proxy = no
> log file = /var/log/samba/log.%m
> syslog = 0
> server role = member server
> username map = /etc/samba/usermap
> load printers = yes
> spoolss: architecture = Windows x64
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> [printers]
> path = /var/spool/samba
> read only = no
> printable = yes
> printing = CUPS
> guest ok = yes
> writable = yes
> available = yes
> [print$]
> path = /var/fileserver/Printer_drivers
> comment = Printer Drivers
> writeable = yes
>
> What am I doing wrong?
>
>
You are using the winbind 'ad' backend, have you given each user a
'uidNumber' attribute containing a unique number in the range you set in
smb.conf (20001-99999), have you also also given 'Domain users' a
'gidNumber' inside the same range ?
Does 'getent passwd <ausername>', run on the domain member, return
anything ?
Rowland
More information about the samba
mailing list