[Samba] Share access problem

Rowland Penny rpenny at samba.org
Fri Aug 18 06:50:53 UTC 2017

On Thu, 17 Aug 2017 17:18:38 -0400
<Sebastien.Boulianne at cpu.ca> wrote:

> Hi again,
> Thanks.
> Now, please see my smb.conf and my testparm. ;)
> smb.conf
> https://pastebin.com/WR2CY9SW 
> testparm
> https://pastebin.com/2jMDtWs2
> And yes, if I do getent passwd boubou, I have a good answer.
> I paste the output in the testparm link.
> If I type \\FILESRV on my PC,
> credentials are asked,
> I can see the share FTPFiles and boubou but I cant browse or display
> the content. Why ? rwxr-xr-x  4 boubou  boubou  4.0K Aug 17 16:56
> boubou drwsrwxrwx 11 root BUILTIN\administrators 4.0K Aug 11 16:46
> site

I went through your smb conf and removed any lines that were the
default settings or shouldn't be there and posted the result, you could
have cut and pasted that over your smb.conf.

Mind you, it wouldn't have helped with your problem.

If you look at the idmap block in your smb.conf, there is this:

   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   idmap config domain : backend = rid
   idmap config domain : range = 10000-20000

The '*' range is for the Well Known SIDS
The 'domain' range is for the AD users & groups

You have now posted this:

getent passwd boubou
boubou:x:1000:1000:Sebastien Boulianne,,,:/home/boubou:/bin/bash

Hmm, '1000' isn't inside '3000-7999' or '10000-20000'

If we look at your /etc/nsswitch.conf we find these lines:

passwd:         files winbind
group:          files winbind

This means that /etc/passwd is checked first for 'boubou' and if found
this user is returned, if not found, winbind is checked and if found
the user is returned.

Now, as I said above, the ID for 'boubou' isn't inside either of the
domain ranges, this leads to only one conclusion, 'boubou' is
in /etc/passwd.

Is 'boubou' also in AD ?
You cannot have a user in /etc/passwd and AD

Until 'getent passwd boubou' returns an ID number inside the
'10000-20000' range, he will not be recognised by the Unix machine as
an AD user. 


More information about the samba mailing list