[Samba] user cannot access shares on new ad-dc
Klaus Hartnegg
hartnegg at gmx.de
Fri Sep 29 09:32:16 UTC 2017
Hi,
I just installed a new AD-DC as described in the wiki.
Administrator can log on and see the two default-shares.
Then I used ADUC from RSAT to create an OU and a user.
User can see the shares (and can map them to a drive letter),
but is denied to look inside.
Same for another share which I added.
Even when administrator grants permission to everybody.
I read more wiki, which made me to add a group,
and use the Unix-Tab to give the group and the user an UID.
Then rebootet both server and client, but still no success.
What else is missing?
I know that using the DC as fileserver is not recommended,
but at least netlogon and sysvol should work.
Klaus
Client: Win7
Server: Ubuntu 14.04 server
Samba : 4.6.8 compiled from source (./configure; make; make install)
Both run in VirtualBox.
First ethernet adapter is NAT to outside world,
second adapter is hostonly.
Samba is told to use only the second one.
provision command:
samba-tool domain provision --use-rfc2307 --interactive \
--option="interfaces=lo eth1" --option="bind interfaces only=yes"
/etc/resolv.conf:
nameserver 192.168.56.42
search company.de
/etc/hosts:
127.0.0.1 localhost localhost.localdomain
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.56.1 adminpc
192.168.56.42 dc1 dc1.ad.company.de
smb.conf:
# Global parameters
[global]
bind interfaces only = Yes
interfaces = lo eth1
netbios name = DC1
realm = AD.COMPANY.DE
workgroup = COMPANY
dns forwarder = 195.50.140.114
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
comment =
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ad.company.de/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[test]
path = /srv/samba/test
read only = No
--
Message sent from a mobile device, please excuse brevity and typos
More information about the samba
mailing list