[Samba] Samba and AD based home shares are visible but not accessible

Rowland Penny rpenny at samba.org
Mon Jul 17 14:35:46 UTC 2017 

On Mon, 17 Jul 2017 14:09:41 +0000
"Cybulski, Adam M" <acybulski at albany.edu> wrote:

> Thanks for your help Rowland, I found this in my Junk folder, 
> 
> I changed my KRB5.conf and SMB.conf as you suggested, and manually
> removed sss from Nsswitch.conf, honestly, I don't know how to
> uninstall SSSD. 

Yum remove sssd ???

> 
> I used this in my smb.conf, because I'm running 4.4.4:
>     winbind nss info = rfc2307
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-7999
>     idmap config <DOMAINALIAS> : backend = ad
>     idmap config <DOMAINALIAS> : schema_mode = rfc2307
>     idmap config <DOMAINALIAS> : range = 10000-99999
> 

That looks OK.

> 
> I still don't understand this line: 
> 
> >'root' is normally mapped to 'Administrator', not sure your way is
> going to work.
> 
> I don't have any account called Administrator, is it built into
> samba? What is this referring to?

No it isn't built into Samba, it is built into AD i.e. the DOMAIN
Administrator.

> 
> What is your DC and does it run a dns server ?
> 
> Our DC is Windows 2008 R2, and the DNS server is a separate server,
> do I need to designate this somewhere?

Your clients should look to your DNS server for the domain info, this
means that teh dns server must know all your domain dns records.

> 
> As for permissions issues, there could be something as the account I
> can use to join machines to the domain with has delegated
> permissions, I can only add machines and users in designated OU's. I
> do not have access to the full DOMAIN ADMINISTRATOR account, I don't
> think any one person here does.

I think you should use members of the Domain Admins group instead.

> 
> >wbinfo --ping-dc
> >checking the NETLOGON for domain[SAMDOM] dc connection to
> >"dc1.samdom.example.com" succeeded
> 
> >It cannot find wbinfo, I think you need to install
> >'samba4-winbind-clients'
> 
> That worked, I received the "connection succeded" response. 
> 
> I'm still receiving the same errors though. 
> 

Well, at least you are moving in the right direction.

Rowland

More information about the samba mailing list