[Samba] Fw: AD usres are not show in Domain Controller when apply setfacl command

Rowland Penny rpenny at samba.org
Fri Nov 30 09:06:34 UTC 2018

On Fri, 30 Nov 2018 06:16:42 +0000 (UTC)
barani tharan <aru_barani at yahoo.com> wrote:

>  Dear Rowland Penny
>  I follow your mentioned step still i am face the same problem
> I have 1 Domain Controller [sambadc] and 1 Domain member for Samba
> Share and backup [backupserver]
> 1.when try view the ACL rights is backup server i can able view the
> domain user name [root at backupserver Rishinox]#
> getfacl /ADHDD/Rishinox/ getfacl: Removing leading '/' from absolute
> path names # file: ADHDD/Rishinox/

> [root at backupserver Rishinox]# vi /etc/samba/smb.conf
> [global]

>    workgroup = RISHI

Lets start with the obvious question, why do you think it is a good
idea to use the workgroup 'ADHDD' on the DC and 'RISHI' on the Unix
domain member ?

All domain members need to use the same workgroup.

>    password server = sambadc.rishi.com
>    realm = RISHI.COM
>    security = ads
>    idmap config * : range = 16777216-33554431
>    template shell = /bin/bash
>    kerberos method = secrets only
>    winbind use default domain = yes
>    winbind offline logon = true

Why are you using that range ?
Are you also using sssd on that machine ?
I ask the last question because your smb.conf isn't set up correctly
for winbind and you used red-hat tools to set up smb.conf
Stop trying to use 'Administrator' as a user on Unix domain members,
that user is a Windows user and should be mapped to the Unix user 'root'


More information about the samba mailing list