[Samba] Permission denied on server root for all users

mathias dufresne infractory at gmail.com
Fri Jun 24 11:31:20 UTC 2016


here too the issue comes from the same place too often ;)

2016-06-24 13:20 GMT+02:00 mots <mots at nepu.moe>:

> The problem existed between keyboard and chair. I forgot to install
> libnss-winbind. I'm sorry for wasting your time.
>
>
>
> -----Urspr√ľngliche Nachricht-----
> > Von:Rowland penny <rpenny at samba.org>
> > Gesendet: Fre 24 Juni 2016 12:59
> > An: samba at lists.samba.org
> > Betreff: Re: [Samba] Permission denied on server root for all users
> >
> > On 24/06/16 11:23, mots wrote:
> > > Hello,
> > >
> > > I've tried to set up a member server for my AD domain, but all users
> get "Permission Denied" when accessing the server, even without a share
> specified (by entering \\ika in Windows Explorer).
> > > Samba version is  4.2.10-debian on Debian Jessie.
> > >
> > > I've mapped DOMAIN\Administrator to root, which allows the
> Administrator to connect to the server and set permissions.
> > > wbinfo -g and wbinfo -u lists all the users and groups.
> > >
> > > The smb.conf on the member looks like this:
> > >
> > > [global]
> > > workgroup = DOMAIN
> > > security = ads
> > > realm = DOMAIN.COMPANY.COM
> > > idmap config *:backend = tdb
> > > idmap config *:range = 2000-9999
> > > idmap config DOMAIN:backend = ad
> > > idmap config DOMAIN:schema_mode = rfc2307
> > > idmap config DOMAIN:range = 20001-99999
> > > winbind nss info = rfc2307
> > > dns proxy = no
> > > log file = /var/log/samba/log.%m
> > > syslog = 0
> > > server role = member server
> > > username map = /etc/samba/usermap
> > > load printers = yes
> > > spoolss: architecture = Windows x64
> > > vfs objects = acl_xattr
> > > map acl inherit = yes
> > > store dos attributes = yes
> > > [printers]
> > > path = /var/spool/samba
> > > read only = no
> > > printable = yes
> > > printing = CUPS
> > > guest ok = yes
> > > writable = yes
> > > available = yes
> > > [print$]
> > > path = /var/fileserver/Printer_drivers
> > > comment = Printer Drivers
> > > writeable = yes
> > >
> > > What am I doing wrong?
> > >
> > >
> >
> > You are using the winbind 'ad' backend, have you given each user a
> > 'uidNumber' attribute containing a unique number in the range you set in
> > smb.conf (20001-99999), have you also also given 'Domain users' a
> > 'gidNumber' inside the same range ?
> >
> > Does 'getent passwd <ausername>', run on the domain member, return
> > anything ?
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list