[Samba] New AD user cannot access file share from member server
Viktor Trojanovic
viktor at troja.ch
Mon Jun 19 12:37:50 UTC 2017
On 19 June 2017 at 14:06, Rowland Penny via samba <samba at lists.samba.org>
wrote:
> On Mon, 19 Jun 2017 13:51:31 +0200
> Viktor Trojanovic <viktor at troja.ch> wrote:
>
> > That's correct, I don't have "Unix Attributes" but through the
> > advanced view I have access to all attributes.
>
> the 'Unix Attributes' tab just makes it easier ;-)
>
> >
> > The ldbsearch command is not returning anything in my case, it gives
> > me 0 records - no matter which user I try, even the Administrator. I
> > checked the command several times to make sure there are no typos. I
> > even changed the objectclass from "person" to "user" to see if it
> > makes any difference but it doesn't.
> >
> > I tried borth /var/lib/samba/sam.ldb
> > and /var/lib/samba/private/sam.ldb) and the environment environment
> > has LDB_MODULES_PATH set.
> >
>
> OK, try this in a terminal on the Samba AD DC;
>
> samba -b | grep 'PRIVATE_DIR' | awk '{print $NF}'
>
> This should print the path to the private dir that contains 'sam.ldb'
>
> Replace /usr/local/samba/private with whatever the command line above
> produces.
>
> You should then get output similar to what I posted earlier, though you
> will have to run the commands as 'root' on the Samba DC
>
So, the directory is /var/lib/samba/private. It's the one I already used
before, and it doesn't return any records.. I have su'd into root on the DC
and run all the commands from there.
ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=users,dc=samdom,dc=example,dc=com' -s sub
"(&(objectclass=person)(samaccountname=anyuser))"
# returned 0 records
# 0 entries
# 0 referrals
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list