[Samba] Regular users can't log in to Samba AD DC from Windows
alnis.moritz at gmail.com
Mon Feb 6 09:11:09 UTC 2017
Thank you, Rowland, for the reply.
On 02/06/2017 10:44, Rowland Penny via samba wrote:
> On Mon, 6 Feb 2017 10:07:18 +0200
> Alnis Morics via samba <samba at lists.samba.org> wrote:
>> I continue setting up my FreeBSD 11.0 machine with Samba 4.4.9 built
>> from sources. (Actually, OS type and Samba version don't matter so
>> much, as I have the same problem with Debian Jessie and Samba 4.5.5)
>> I followed the Wiki very close. Some details from provisioning:
> Did you run the provision command like this:
> samba-tool domain provision --use-rfc2307 --interactive
>> path = /samba-share
>> read only = no
> Have you set up the libnnss_winbind links ?
ln -s /usr/local/samba/lib/nss_winbind.so.1 /usr/local/lib/nss/
ln -s /usr/local/samba/lib/nss_winbind.so.1
And the nss tests as per Wiki seem to pass:
checking the NETLOGON for domain[RW] dc connection to
# getent passwd Administrator
# getent passwd user1
# getent group "Domain Users"
# touch testfile
# ll testfile
-rw-r--r-- 1 root wheel 0 Jan 28 19:25 testfile
# chown user1:"domain users" testfile
# ll testfile
-rw-r--r-- 1 RW\user1 staff 0 Jan 28 19:25 testfile
Only I would expect that a regular users' GID numbers are not within
0-1000, but I don't know.
>> Next, I successfully joined a Windows 10 Enterprise machine and
>> logged in as a domain administrator. I can access the file share,
>> write to it, set Windows permissions.
>> But when I open ADUC and click a user properties, I only have 5 tabs
>> there (Environment, Sessions, Remote control, Remote Desktop Service
>> Profile, COM+), and I can't add any other user. Windows just says
>> nothing but from Samba logs I see something like this:
> This is a windows 10 problem, do a search on 'windows 10 missing tabs'
More information about the samba