[Samba] Samba 4.6.0 - Domain admin can't list nor access shares on file server
Olaf Frączyk
olaf at navi.pl
Wed May 10 16:44:33 UTC 2017
On 5/10/2017 6:06 PM, Rowland Penny via samba wrote:
> On Wed, 10 May 2017 17:47:37 +0200
> Olaf Frączyk via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I have domain NAVIDOM.
>>
>> There is also a fileserver that has joined the domain (both file
>> server and DC are samba 4.6.0).
>>
>> If I try to connect as NAVIDOM\Administrator, I cannot access the
>> file server (from Linux and Windows):
>>
>> [root at dc var]# smbclient -U Administrator -L fileserv
>> Enter NAVIDOM\Administrator's password:
>> session setup failed: NT_STATUS_ACCESS_DENIED
>>
>> I can do it as a regular user:
>>
>> [root at fileserv samba]# smbclient -U olaf -L fileserv
>> Enter NAVIDOM\olaf's password:
>>
>> Sharename Type Comment
>> --------- ---- -------
>>
>> .......
>>
>> Is this normal or do I have a problem with my setup?
>>
> Possibly normal, but it depends on your smb.conf on the Unix domain
> member, so can you post the smb.conf from the Unix domain member (the
> thing you call a fileserver)
>
> Rowland
>
>
[global]
security = ADS
workgroup = NAVIDOM
realm = NAVIDOM.OFFICE.NAVI.PL
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 20000-20999
idmap config NAVIDOM:backend = ad
idmap config NAVIDOM:schema_mode = rfc2307
idmap config NAVIDOM:range = 1000-9999
idmap config NAVIDOM:unix_nss_info = yes
idmap config NAVIDOM:unix_primary_group = yes
winbind use default domain = yes
winbind nss info = rfc2307
winbind refresh tickets = yes
template shell = /bin/bash
template homedir = /home/%U
create mask = 0666
directory mask= 0777
store dos attributes = yes
Is this because of NAVIDOM:range = 1000-9999, so it doesn't include uid 0?
More information about the samba
mailing list