[Samba] Permission denied on server root for all users

mots mots at nepu.moe
Fri Jun 24 11:20:53 UTC 2016


The problem existed between keyboard and chair. I forgot to install libnss-winbind. I'm sorry for wasting your time.

 
 
-----Ursprüngliche Nachricht-----
> Von:Rowland penny <rpenny at samba.org>
> Gesendet: Fre 24 Juni 2016 12:59
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Permission denied on server root for all users
> 
> On 24/06/16 11:23, mots wrote:
> > Hello,
> >
> > I've tried to set up a member server for my AD domain, but all users get "Permission Denied" when accessing the server, even without a share specified (by entering \\ika in Windows Explorer).
> > Samba version is  4.2.10-debian on Debian Jessie.
> >
> > I've mapped DOMAIN\Administrator to root, which allows the Administrator to connect to the server and set permissions.
> > wbinfo -g and wbinfo -u lists all the users and groups.
> >
> > The smb.conf on the member looks like this:
> >
> > [global]
> > workgroup = DOMAIN
> > security = ads
> > realm = DOMAIN.COMPANY.COM
> > idmap config *:backend = tdb
> > idmap config *:range = 2000-9999
> > idmap config DOMAIN:backend = ad
> > idmap config DOMAIN:schema_mode = rfc2307
> > idmap config DOMAIN:range = 20001-99999
> > winbind nss info = rfc2307
> > dns proxy = no
> > log file = /var/log/samba/log.%m
> > syslog = 0
> > server role = member server
> > username map = /etc/samba/usermap
> > load printers = yes
> > spoolss: architecture = Windows x64
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > store dos attributes = yes
> > [printers]
> > path = /var/spool/samba
> > read only = no
> > printable = yes
> > printing = CUPS
> > guest ok = yes
> > writable = yes
> > available = yes
> > [print$]
> > path = /var/fileserver/Printer_drivers
> > comment = Printer Drivers
> > writeable = yes
> >
> > What am I doing wrong?
> >
> >
> 
> You are using the winbind 'ad' backend, have you given each user a 
> 'uidNumber' attribute containing a unique number in the range you set in 
> smb.conf (20001-99999), have you also also given 'Domain users' a 
> 'gidNumber' inside the same range ?
> 
> Does 'getent passwd <ausername>', run on the domain member, return 
> anything ?
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 831 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160624/e85557fe/signature.sig>


More information about the samba mailing list