[Samba] user cannot access shares on new ad-dc

Klaus Hartnegg hartnegg at gmx.de
Tue Oct 10 10:09:28 UTC 2017


Is it normal that "Computer Management" cannot configure shared 
directories of a Samba4 AD-DC? Is this only possible on member servers? 
It can connect to the DC, but when I click on shares it tells that 
either the server does not support "virtual disk service" (translated 
from German), or a firewall blocks the connection. There is no firewall 
between these machines in my test environment. I started Computer 
Management as domain-admin on domain-joined Win7.

Is it normal that non-admin users (on Win7) get permission denied if 
they want to look inside of \\dc.ad.domain\sysvol or netlogon? They can 
look inside these directories on Windows servers, but not on my newly 
provisioned AD-DC test server.

They cannot even access a test-share when I make them owner of it with 

The wiki page
instructs to append "winbind" behind "files" in the lines "passwd" and 
"group". But my nsswitch.conf (ubuntu 14) had "compat" there, not 
"files". Should I replace "compat" with "files", or append "winbind" 
behind "compat"?

The command "pam-auth-update" does not produce any output. How can I 
check if it has done anything?
I can do
   chown "domain\\user" file
and then that domain-user is shown in
   ls -la file
Does that mean that everything works?

I get the impression that winbindd and PAM are needed mostly (only?) if 
users want to log on to the DC with ssh. The page about winbindd 
describes howto set up templates for shell and homedir. The page about 
PAM talks about "SSH authentication". I just want to access shares! 
Reading the wiki I cannot determine what precisely are the required 
steps to access shares on a DC.


More information about the samba mailing list