[Samba] Regular users can't log in to Samba AD DC from Windows

Alnis Morics alnis.moritz at gmail.com
Mon Feb 6 09:11:09 UTC 2017 

Thank you, Rowland, for the reply.

On 02/06/2017 10:44, Rowland Penny via samba wrote:
> On Mon, 6 Feb 2017 10:07:18 +0200
> Alnis Morics via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> I continue setting up my FreeBSD 11.0 machine with Samba 4.4.9 built
>> from sources. (Actually, OS type and Samba version don't matter so
>> much, as I have the same problem with Debian Jessie and Samba 4.5.5)
>>
>> I followed the Wiki very close. Some details from provisioning:
>
> Did you run the provision command like this:
>
> samba-tool domain provision --use-rfc2307 --interactive

yes

>
>>
>> [samba-share]
>>         path = /samba-share
>>         read only = no
>>
>
> Have you set up the libnnss_winbind links ?

yes:

ln -s /usr/local/samba/lib/nss_winbind.so.1 /usr/local/lib/nss/
ln -s /usr/local/samba/lib/nss_winbind.so.1 
/usr/local/lib/nss/nss_winbind.so
ldconfig

And the nss tests as per Wiki seem to pass:

wbinfo --ping-dc
checking the NETLOGON for domain[RW] dc connection to 
"samba4-pfbsd.rw.lan" succeeded

# getent passwd Administrator
RW\administrator:*:0:20::/home/administrator:/usr/sbin/nologin

# getent passwd user1
RW\user1:*:3000017:20:User1 Tester1:/home/user1:/usr/sbin/nologin

# getent group "Domain Users"
RW\domain users:x:20

# touch testfile
# ll testfile
-rw-r--r--  1 root  wheel  0 Jan 28 19:25 testfile
# chown user1:"domain users" testfile
# ll testfile
-rw-r--r--  1 RW\user1  staff  0 Jan 28 19:25 testfile

Only I would expect that a regular users' GID numbers are not within 
0-1000, but I don't know.

>
>
>>
>> Next, I successfully joined a Windows 10 Enterprise machine and
>> logged in as a domain administrator. I can access the file share,
>> write to it, set Windows permissions.
>>
>> But when I open ADUC and click a user properties, I only have 5 tabs
>> there (Environment, Sessions, Remote control, Remote Desktop Service
>> Profile, COM+), and I can't add any other user. Windows just says
>> nothing but from Samba logs I see something like this:
>
> This is a windows 10 problem, do a search on 'windows 10 missing tabs'
>
> Rowland
>

More information about the samba mailing list