[Samba] user cannot access shares on new ad-dc
hartnegg at gmx.de
Tue Oct 10 10:09:28 UTC 2017
Is it normal that "Computer Management" cannot configure shared
directories of a Samba4 AD-DC? Is this only possible on member servers?
It can connect to the DC, but when I click on shares it tells that
either the server does not support "virtual disk service" (translated
from German), or a firewall blocks the connection. There is no firewall
between these machines in my test environment. I started Computer
Management as domain-admin on domain-joined Win7.
Is it normal that non-admin users (on Win7) get permission denied if
they want to look inside of \\dc.ad.domain\sysvol or netlogon? They can
look inside these directories on Windows servers, but not on my newly
provisioned AD-DC test server.
They cannot even access a test-share when I make them owner of it with
The wiki page
instructs to append "winbind" behind "files" in the lines "passwd" and
"group". But my nsswitch.conf (ubuntu 14) had "compat" there, not
"files". Should I replace "compat" with "files", or append "winbind"
The command "pam-auth-update" does not produce any output. How can I
check if it has done anything?
I can do
chown "domain\\user" file
and then that domain-user is shown in
ls -la file
Does that mean that everything works?
I get the impression that winbindd and PAM are needed mostly (only?) if
users want to log on to the DC with ssh. The page about winbindd
describes howto set up templates for shell and homedir. The page about
PAM talks about "SSH authentication". I just want to access shares!
Reading the wiki I cannot determine what precisely are the required
steps to access shares on a DC.
More information about the samba