[Samba] Share access problem
rpenny at samba.org
Fri Aug 18 06:50:53 UTC 2017
On Thu, 17 Aug 2017 17:18:38 -0400
<Sebastien.Boulianne at cpu.ca> wrote:
> Hi again,
> Now, please see my smb.conf and my testparm. ;)
> And yes, if I do getent passwd boubou, I have a good answer.
> I paste the output in the testparm link.
> If I type \\FILESRV on my PC,
> credentials are asked,
> I can see the share FTPFiles and boubou but I cant browse or display
> the content. Why ? rwxr-xr-x 4 boubou boubou 4.0K Aug 17 16:56
> boubou drwsrwxrwx 11 root BUILTIN\administrators 4.0K Aug 11 16:46
I went through your smb conf and removed any lines that were the
default settings or shouldn't be there and posted the result, you could
have cut and pasted that over your smb.conf.
Mind you, it wouldn't have helped with your problem.
If you look at the idmap block in your smb.conf, there is this:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config domain : backend = rid
idmap config domain : range = 10000-20000
The '*' range is for the Well Known SIDS
The 'domain' range is for the AD users & groups
You have now posted this:
getent passwd boubou
Hmm, '1000' isn't inside '3000-7999' or '10000-20000'
If we look at your /etc/nsswitch.conf we find these lines:
passwd: files winbind
group: files winbind
This means that /etc/passwd is checked first for 'boubou' and if found
this user is returned, if not found, winbind is checked and if found
the user is returned.
Now, as I said above, the ID for 'boubou' isn't inside either of the
domain ranges, this leads to only one conclusion, 'boubou' is
Is 'boubou' also in AD ?
You cannot have a user in /etc/passwd and AD
Until 'getent passwd boubou' returns an ID number inside the
'10000-20000' range, he will not be recognised by the Unix machine as
an AD user.
More information about the samba