[Samba] user cannot access shares on new ad-dc

Klaus Hartnegg hartnegg at gmx.de
Fri Sep 29 15:07:05 UTC 2017

On 29.09.2017 16:00 Rowland Penny wrote;
>> But is PAM really necessary on a DC?
> Yes, if you want to use it as a fileserver
>> The Wiki says that winbindd is optional.
> Point me to where it says that and if required, I will alter it.

Page: Setting_up_Samba_as_an_Active_Directory_Domain_Controller
Section: Configuring Winbindd on a Samba AD DC

> Yes, sysvol will work without it, but sysvol is only used by Windows
> clients and users.

But it does not work! Only Administrator can access the contents of shares, users cannot.

Can I somehow ask samba to log the reason for why it denies users access to all shares? I could not find that in any of the logfiles.

By the way the page Pam_winbind_Link had a typo 368 vs 386 in the command
ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i368-linux-gnu/security/
I fixed that in the wiki, ran the correct command, then ran "pam-auth-update" again.
Chown still cannot use AD-Names.

The wiki is confusing. If several more steps are required to get a working AD (like links for nss and pam), it should tell so IN ONE PLACE. Not ask the readers to jump around between several different pages, which themselves point to yet other pages.


More information about the samba mailing list