[Samba] user cannot access shares on new ad-dc
Rowland Penny
rpenny at samba.org
Fri Sep 29 09:44:06 UTC 2017
On Fri, 29 Sep 2017 11:32:16 +0200
Klaus Hartnegg via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I just installed a new AD-DC as described in the wiki.
> Administrator can log on and see the two default-shares.
> Then I used ADUC from RSAT to create an OU and a user.
> User can see the shares (and can map them to a drive letter),
> but is denied to look inside.
> Same for another share which I added.
> Even when administrator grants permission to everybody.
>
> I read more wiki, which made me to add a group,
> and use the Unix-Tab to give the group and the user an UID.
> Then rebootet both server and client, but still no success.
>
> What else is missing?
>
> I know that using the DC as fileserver is not recommended,
> but at least netlogon and sysvol should work.
>
> Klaus
>
>
> Client: Win7
> Server: Ubuntu 14.04 server
> Samba : 4.6.8 compiled from source (./configure; make; make install)
>
>
> Both run in VirtualBox.
> First ethernet adapter is NAT to outside world,
> second adapter is hostonly.
> Samba is told to use only the second one.
>
>
> provision command:
>
> samba-tool domain provision --use-rfc2307 --interactive \
> --option="interfaces=lo eth1" --option="bind interfaces only=yes"
>
>
> /etc/resolv.conf:
>
> nameserver 192.168.56.42
> search company.de
>
>
> /etc/hosts:
>
> 127.0.0.1 localhost localhost.localdomain
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 192.168.56.1 adminpc
> 192.168.56.42 dc1 dc1.ad.company.de
>
>
> smb.conf:
>
> # Global parameters
> [global]
> bind interfaces only = Yes
> interfaces = lo eth1
> netbios name = DC1
> realm = AD.COMPANY.DE
> workgroup = COMPANY
> dns forwarder = 195.50.140.114
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> comment =
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/ad.company.de/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [test]
> path = /srv/samba/test
> read only = No
>
>
Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ?
Rowland
More information about the samba
mailing list