[Samba] R: R: cannot list/access samba share from Windows client

Andrea Rossetti andy.ros at gmail.com
Mon Jan 8 18:57:59 UTC 2018


Inviato da Posta per Windows 10

>Da: Rowland Penny via samba
>Inviato: lunedì 8 gennaio 2018 18:48
>A: samba at lists.samba.org
>Oggetto: Re: [Samba] R: cannot list/access samba share from Windows client
>
>You are now solely using sssd for the authentication, you need to ask
>on the sssd-users mailing list, either that or purge sssd and set up
>winbind correctly.

>I repeat, 'sssd' has nothing to do with Samba and as such, I cannot
>help any further.
>
>Rowland

Ok I try to purge sssd and configure winbind.

apt-get remove --purge sssd && apt-get autoremove --purge

I successfull removed and re-joined the Linux domain member

root at SRVLNXWINTRA01:/home/data# net ads leave -U "com_spoleto\adminserver"
Enter com_spoleto\adminserver's password:
Deleted account for 'SRVLNXWINTRA01' in realm 'COMUNE.SPOLETO.LOCAL'
root at SRVLNXWINTRA01:/home/data# net ads join -U "com_spoleto\adminserver"
Enter com_spoleto\adminserver's password:
Using short domain name -- COM_SPOLETO
Joined 'SRVLNXWINTRA01' to dns domain 'comune.spoleto.local'

I modified the config files (see below)
And restarted the services

systemctl restart smbd nmbd winbind

I verified that the SeDiskOperatorPrivilege was set up correctly to “domain admins” Group

root at SRVLNXWINTRA01:/home/data# net rpc rights list privileges SeDiskOperatorPrivilege -U "com_spoleto\adminserver"
Enter com_spoleto\adminserver's password:
SeDiskOperatorPrivilege:
  COM_SPOLETO\Domain Admins
  BUILTIN\Administrators

I verified the connectiviti with the domain

root at SRVLNXWINTRA01:/home/data# wbinfo --ping-dc
checking the NETLOGON for domain[COM_SPOLETO] dc connection to "SRVW3KDC01.comune.spoleto.local" succeeded

but now when I Look up Domain Users and Groups

root at SRVLNXWINTRA01:/home/data# getent passwd com_spoleto\andrea.rossetti
root at SRVLNXWINTRA01:/home/data# getent group "com_spoleto\\domain admins"

I have no response and so I’m unable to assign the permission attribute to the share

root at SRVLNXWINTRA01:/home/data# LANG=en_EN chown root:"com_spoleto\domain admins" share
chown: invalid group: 'root:com_spoleto\\domain admins'

I’m very confused now!

--------------------------------------------------------------------------------
now my /etc/samba/smb.conf is

# Global parameters
[global]
        workgroup = COM_SPOLETO
        realm = COMUNE.SPOLETO.LOCAL
        server string = %h server (Samba, Ubuntu)
        interfaces = lo ens32
        bind interfaces only = Yes
        server role = member server
        security = ADS
        map to guest = Bad User
        username map = /etc/samba/user.map
        kerberos method = secrets and keytab
        log file = /var/log/samba/log.%m
        max log size = 1000
        client signing = if_required
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        winbind refresh tickets = Yes
        idmap config com_spoleto : range = 10000-29999
        idmap config com_spoleto : backend = rid
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
        map acl inherit = Yes
        store dos attributes = Yes
        vfs objects = acl_xattr


[printers]
        comment = All Printers
        path = /var/spool/samba
        create mask = 0700
        printable = Yes
        browseable = No


[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers


[share]
        comment = Progetti QGIS per Lizmap
        path = /home/data/share
        read only = No
        inherit acls = Yes
----------------------------------------------------------------------------
My /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
sudoers:        files
-------------------------------------------------------------------------------------

My /etc/krb5.conf
[libdefaults]
         default_realm = COMUNE.SPOLETO.LOCAL
         dns_lookup_realm = false
         dns_lookup_kdc = true


More information about the samba mailing list