[Samba] Share access problem

Sebastien.Boulianne at cpu.ca Sebastien.Boulianne at cpu.ca
Fri Aug 18 14:45:02 UTC 2017 

Good morning Rowland,

I agree, the user boubou is a local user and an AD user too.
If I use another user, vakjak:
# getent passwd vakjak
vakjak:*:11049:10004::/home/DOMAIN:/bin/bash

I got that output so I bet its right.

How can I login with a login name as Sebastien[space]Boulianne on Samba ?

Thanks!

Sébastien
-----Messa
ge d'origine-----
De : samba [mailto:samba-bounces at lists.samba.org] De la part de Rowland Penny via samba
Envoyé : 18 août 2017 02:51
À : samba at lists.samba.org
Objet : Re: [Samba] Share access problem

On Thu, 17 Aug 2017 17:18:38 -0400
<Sebastien.Boulianne at cpu.ca> wrote:

> Hi again,
> 
> Thanks.
> Now, please see my smb.conf and my testparm. ;)
> 
> smb.conf
> https://pastebin.com/WR2CY9SW
> 
> testparm
> https://pastebin.com/2jMDtWs2
> 
> And yes, if I do getent passwd boubou, I have a good answer.
> I paste the output in the testparm link.
> 
> If I type \\FILESRV on my PC,
> credentials are asked,
> I can see the share FTPFiles and boubou but I cant browse or display 
> the content. Why ? rwxr-xr-x  4 boubou  boubou  4.0K Aug 17 16:56 
> boubou drwsrwxrwx 11 root BUILTIN\administrators 4.0K Aug 11 16:46 
> site
> 

I went through your smb conf and removed any lines that were the default settings or shouldn't be there and posted the result, you could have cut and pasted that over your smb.conf.

Mind you, it wouldn't have helped with your problem.

If you look at the idmap block in your smb.conf, there is this:

   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   idmap config domain : backend = rid
   idmap config domain : range = 10000-20000

The '*' range is for the Well Known SIDS The 'domain' range is for the AD users & groups

You have now posted this:

getent passwd boubou
boubou:x:1000:1000:Sebastien Boulianne,,,:/home/boubou:/bin/bash

Hmm, '1000' isn't inside '3000-7999' or '10000-20000'

If we look at your /etc/nsswitch.conf we find these lines:

passwd:         files winbind
group:          files winbind

This means that /etc/passwd is checked first for 'boubou' and if found this user is returned, if not found, winbind is checked and if found the user is returned.

Now, as I said above, the ID for 'boubou' isn't inside either of the domain ranges, this leads to only one conclusion, 'boubou' is in /etc/passwd.

Is 'boubou' also in AD ?
You cannot have a user in /etc/passwd and AD

Until 'getent passwd boubou' returns an ID number inside the '10000-20000' range, he will not be recognised by the Unix machine as an AD user. 

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list