[Samba] R: R: cannot list/access samba share from Windows client
Rowland Penny
rpenny at samba.org
Mon Jan 8 19:30:42 UTC 2018
On Mon, 8 Jan 2018 19:57:59 +0100
Andrea Rossetti <andy.ros at gmail.com> wrote:
> Inviato da Posta per Windows 10
>
> >Da: Rowland Penny via samba
> >Inviato: lunedì 8 gennaio 2018 18:48
> >A: samba at lists.samba.org
> >Oggetto: Re: [Samba] R: cannot list/access samba share from Windows
> >client
> >
> >You are now solely using sssd for the authentication, you need to ask
> >on the sssd-users mailing list, either that or purge sssd and set up
> >winbind correctly.
>
> >I repeat, 'sssd' has nothing to do with Samba and as such, I cannot
> >help any further.
> >
> >Rowland
>
> Ok I try to purge sssd and configure winbind.
>
> apt-get remove --purge sssd && apt-get autoremove --purge
>
> I successfull removed and re-joined the Linux domain member
>
> root at SRVLNXWINTRA01:/home/data# net ads leave -U
> "com_spoleto\adminserver" Enter com_spoleto\adminserver's password:
> Deleted account for 'SRVLNXWINTRA01' in realm 'COMUNE.SPOLETO.LOCAL'
> root at SRVLNXWINTRA01:/home/data# net ads join -U
> "com_spoleto\adminserver" Enter com_spoleto\adminserver's password:
> Using short domain name -- COM_SPOLETO
> Joined 'SRVLNXWINTRA01' to dns domain 'comune.spoleto.local'
>
> I modified the config files (see below)
> And restarted the services
>
> systemctl restart smbd nmbd winbind
>
> I verified that the SeDiskOperatorPrivilege was set up correctly to
> “domain admins” Group
>
> root at SRVLNXWINTRA01:/home/data# net rpc rights list privileges
> SeDiskOperatorPrivilege -U "com_spoleto\adminserver" Enter
> com_spoleto\adminserver's password: SeDiskOperatorPrivilege:
> COM_SPOLETO\Domain Admins
> BUILTIN\Administrators
>
> I verified the connectiviti with the domain
>
> root at SRVLNXWINTRA01:/home/data# wbinfo --ping-dc
> checking the NETLOGON for domain[COM_SPOLETO] dc connection to
> "SRVW3KDC01.comune.spoleto.local" succeeded
>
> but now when I Look up Domain Users and Groups
>
> root at SRVLNXWINTRA01:/home/data# getent passwd
> com_spoleto\andrea.rossetti root at SRVLNXWINTRA01:/home/data# getent
> group "com_spoleto\\domain admins"
>
> I have no response and so I’m unable to assign the permission
> attribute to the share
>
> root at SRVLNXWINTRA01:/home/data# LANG=en_EN chown
> root:"com_spoleto\domain admins" share chown: invalid group:
> 'root:com_spoleto\\domain admins'
>
> I’m very confused now!
>
>
OK, If I run this on a Unix domain member:
getent passwd samdom\rowland
I get no output, but this:
getent passwd samdom\\rowland
gets me this:
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
I use the winbind 'ad' backend and 'Domain Admins' does not have a
gidNumber attribute, but 'Domain Users' does.
getent group "samdom\\domain users"
gets me this:
domain users:x:10000:<list of group members>
Try running 'net cache flush' and then try again.
Rowland
More information about the samba
mailing list