[Samba] Share access problem

Rowland Penny rpenny at samba.org
Wed Aug 23 16:01:35 UTC 2017


On Wed, 23 Aug 2017 11:23:09 -0400
<Sebastien.Boulianne at cpu.ca> wrote:

> Hi Rowland,
> I tried that but it didn't work.
> 
> I can list all users using wbinfo -u but it didn't work if I do
> getent passwd <samaccountname>.
> 
> Do you have any clues ?
> 

wbinfo talks directly to winbind which gets its info directly from AD,
so 'wbinfo -u' just shows that winbind is connected to AD.

To get Unix to know who your AD users are, you need to get winbind to
map your users to an ID number and then pass this to nsswitch.

When a user is created in AD, the users cn is set to the users
'givenName' and 'sn' e.g. mine is 'CN: Rowland Penny'

My 'sAMAccountName' is 'rowland' i.e. 'givenName' in lowercase.

This means, as long as smb.conf is created correctly, the
libnss_winbind links are created correctly and PAM is set to use
winbind, it should work for all users. If it only works for some users
but not others, then either you are not using the correct username,
they don't have a uidNumber attribute (if using the 'ad' backend) or
the 'DOMAIN' range isn't correct.

A quick way to test the later, add a '0' to the 'DOMAIN' high range in
smb.conf.

After that, you need to investigate the users object in AD, you can use
ldapsearch to do this from Unix (provided you have the required
permissions, rights and passwords), failing that get the windows
sysadmins to dump it for you.

Rowland



More information about the samba mailing list