[Samba] Shares not accessible when using FQDN

Rowland Penny rpenny at samba.org
Wed Aug 30 09:00:18 UTC 2017

On Wed, 30 Aug 2017 10:43:39 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:

> Hi Rowland, 
> Thank you for your answer. 
> I think I have found a solution which could solve the issue until the
> next migration step. It tested it on another server which is not
> critital : 
>     * Joining the server as a member and setup the shares as you
> suggest 
>     * Use nss_ldap instead of nss_winbind (idmap) which will pick my
> unix ids 

Well 'nss_ldap' is not supported by Samba and normally anything that it
can do, can also be done by winbind. What I am wondering about is what
you are calling 'unix ids', where are these coming from ? are they
from 'uidNumber' & 'gidNumber' attributes stored in AD or
from /etc/passwd & /etc/group ?
If the later, are you aware that you cannot have a user with the same
name in AD and /etc/passwd.

I think you may be trying to 'bend' AD to fit in with the old way
Samba worked as a PDC or standalone, this is doomed to ultimate
failure in my opinion. You need to work with AD, this will make things
easier in the long run.
> In this setup it seems I can access to the shares with any DNS
> aliases/CNAME

You should be able do this using winbind.

> I know it is not a very proper setup but it seem to work and we can
> do it quickly 

Yes, but will it be reliable in the long run ?


More information about the samba mailing list