[Samba] New AD user cannot access file share from member server
Rowland Penny
rpenny at samba.org
Mon Jun 19 13:22:23 UTC 2017
On Mon, 19 Jun 2017 15:08:45 +0200
Viktor Trojanovic <viktor at troja.ch> wrote:
> Not sure if it matters but here is the AD object of a user with no
> issues:
>
> [root at GJSERVER ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'ou=office,dc=samdom,dc=example,dc=ch' -s sub
> "(&(objectclass=person)(samaccountname=jd))"
> # record 1
> dn: CN=John Doe,OU=OFFICE,DC=samdom,DC=example,DC=ch
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: John Doe
> sn: Doe
> givenName: John
> instanceType: 4
> whenCreated: 20151228014125.0Z
> displayName: John Doe
> uSNCreated: 3788
> name: John Doe
> objectGUID: 15d6c679-5877-452d-a498-183f78d3fb39
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-4280320235-2980747731-3738778716-1105
> accountExpires: 9223372036854775807
> sAMAccountName: jd
> sAMAccountType: 805306368
> userPrincipalName: jd at samdom.example.ch
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example ,DC=ch
> userAccountControl: 512
> uidNumber: 11001
> msSFU30NisDomain: samdom
> homeDirectory: \\fileserver\users\jd
> homeDrive: P:
> pwdLastSet: 131405963619168070
> lastLogonTimestamp: 131420723196760820
> whenChanged: 20170616073839.0Z
> uSNChanged: 26797
> lastLogon: 131423508299965620
> logonCount: 1630
> distinguishedName: CN=John Doe,OU=OFFICE,DC=samdom,DC=example,DC=ch
>
> Except for the fact that the attributes are not in the same order, I
> can't seem to find a relevant difference.
>
That might be the problem, who did you create first ?
John Doe or Jane Doe ?
I only ask this because they both seem to have this:
CN=John Doe,OU=OFFICE,DC=samdom,DC=example,DC=ch
homeDirectory: \\fileserver\users\jd
CN=Jane Doe,OU=OFFICE,DC=samdom,DC=example,DC=ch
homeDirectory: \\fileserver\users\jd
They both cannot own the users directory 'jd' or is this a sanitisation
error ?
Rowland
More information about the samba
mailing list