[Samba] missing group affiliation on ad dc
basti.mueller31 at web.de
basti.mueller31 at web.de
Mon Oct 8 15:08:05 UTC 2018
Hi,
I've a strange problem. I migrated my NT4 PDC to a ad on my debian stretch (samba version is 4.5.12).
The Domain Controller has some shares for my users.
One user just told me he can't access the share...before the migration he was able to access the share btw! So I checked the ACL's of this share.
Its:
root at server:~# getfacl /media/exampleshare
# file: media/exampleshare
# owner: EXAMPLE\134fileadmin
# group: EXAMPLE\134mitarbeiter
user::rwx
group::---
group:BUILTIN\134administrators:rwx
group:EXAMPLE\134sharegroup:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:EXAMPLE\134sharegroup:rwx
default:mask::rwx
default:other::---
After this I did a "groups exampleuser" on my domain controller:
root at server:~# groups exampleuser
exampleuser : EXAMPLE\domain users EXAMPLE\remotedesktop EXAMPLE\mitarbeiter
but there is no "EXAMPLE\sharegroup"....so everything make sense..
anyway.. if I do a "samba-tool group listmembers sharegroup" on my domain controller I see the user in this list! >.<
If I just run RSAT Active Directory User and Computers I see it too! The user is member of the sharegroup.
My domain controller smb.conf
[global]
netbios name = PDC
realm = EXAMPLE.COM
workgroup = EXAMPLE
server role = active directory domain controller
bind interfaces only = yes
interfaces = br0
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
template homedir= /home/%U
dns forwarder = 8.8.8.8
ldap server require strong auth = no
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind offline logon = yes
allow dns updates = nonsecure and secure
log file = /var/log/samba/%m.log
max log size = 10000
log level = 1
Any ideas whats the problem?
More information about the samba
mailing list