[Samba] Samba and AD based home shares are visible but not accessible

Rowland Penny rpenny at samba.org
Tue Jul 11 17:43:17 UTC 2017 

On Tue, 11 Jul 2017 17:20:05 +0000
"Cybulski, Adam M" <acybulski at albany.edu> wrote:

> That’s a very discouraging answer. I'm really struggling to get the
> hang of this server, and doing a lot of reading and research, I'm
> using SSSD because it seemed to be the best method for allowing an AD
> group log in privileges on the machine, it's recommended by Red Hat,
> and it's what came packaged with my distro. 

Yes, red-hat promote sssd, because it is their package. I don't
actually think it is the best method for authentication on a Samba
machine. Are you also aware that sssd uses a version of a winbind lib ?
So why not go the whole way and use winbind, this will get you a fully
supported by Samba set up. 


> It took me three weeks
> to make it work for authenticating users, and now I'm being told it
> won't work if I also want to share a folder? These things should not
> be this difficult to integrate. 

You should have asked here earlier, I can guarantee that you would have
had a working system (with winbind) well inside your three weeks.

> 
> Someone else has pointed out to me that the issue most likely lies in
> configuring ACL's, as I can connect to the system and see the shares,
> but do not have permissions to open them. I've added the needed lines
> to my SMB.conf, mapped an admin account to root, and added interfaces
> = lo eth0 so it will look on the loop back, but when I try to add
> anyone with 
> 
> >sudo net rpc rights grant 'domain\linuxproject'
> >SeDiskOperatorPrivilege -U domain\admin I constantly get:
>  
> Could not connect to server 127.0.0.1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
> 
> I really hope you can give me some more advice beyond, throw out
> everything and start over with winbind. 

The only user you should map to 'root' is 'Administrator'.
Does your OS know your user, i.e. does 'getent passwd admin' return
anything ?

If you want to use winbind, then I am prepared to try and help you get
it working, if you insist on using sssd, then I repeat, sssd is not
supported by Samba, it is not a Samba product, so you will have to seek
help through the sssd-users mailing list. 

Rowland

More information about the samba mailing list