[Samba] GPO / Sysvol problems
rpenny at samba.org
Fri Jan 25 10:05:22 UTC 2019
On Fri, 25 Jan 2019 09:05:16 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hi Gregory,
> I see few things, start here :
> from smb.conf remove : map to guest = Bad User
> This enabled on a domain member or other domain server is really a no
> go. This makes debugging really hard.
Not only that, it doesn't work ;-)
All users have to authenticate in AD and the Windows guest user is
disabled by default, so where are you going to get a guest user from ?
> A "about same problem"
> His solution.
> I restarted the setup with this documentation
> https://www.tecmint.com/install-samba4-active-directory-ubuntu/ . The
I had a look at that page, he got the tests right, but not much else.
> problem was that pam was badly set and could not recognize samba
How do you incorrectly set up PAM on a Debian based distro ?
>For example: id Administrator, did not recognize by the user.
> BIG NOTE HERE: id Administrator should NEVER work.
> Yes its possible, but thats a complete different config and not
> supported. Why id Administrator should never work, because
> Administrator = root = 0
This is one of the problems of using the 'rid' backend
uid=10500(administrator) gid=10513(domain_users) groups=10513(domain_users),10500(administrator),10512(domain_admins),10572(denied_rodc_password_replication_group),10519(enterprise_admins),10520(group_policy_creator_owners),10518(schema_admins),2001(BUILTIN\users),2000(BUILTIN\administrators)
However, provided you use a usermap in smb.conf, when you connect from
Windows, Administrator gets mapped to root.
> Which samba version where you running.
> It looks a bit like :
> For me, this looks like a problem due to resolving issues.
> That needs to be fixed first.
That was my thought.
More information about the samba