[Samba] GPO / Sysvol problems

Rowland Penny rpenny at samba.org
Fri Jan 25 10:05:22 UTC 2019

On Fri, 25 Jan 2019 09:05:16 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Hi Gregory, 
> I see few things, start here : 
> from smb.conf remove : map to guest = Bad User 
> This enabled on a domain member or other domain server is really a no
> go. This makes debugging really hard. 

Not only that, it doesn't work ;-)
All users have to authenticate in AD and the Windows guest user is
disabled by default, so where are you going to get a guest user from ?

> A "about same problem" 
> https://lists.samba.org/archive/samba/2018-October/219106.html 
> His solution.
> I restarted the setup with this documentation 
> https://www.tecmint.com/install-samba4-active-directory-ubuntu/ . The 

I had a look at that page, he got the tests right, but not much else.

> problem was that pam was badly set and could not recognize samba
> users. 

How do you incorrectly set up PAM on a Debian based distro ?

>For example: id Administrator, did not recognize by the user.  
> BIG NOTE HERE: id Administrator should NEVER work. 
> Yes its possible, but thats a complete different config and not
> supported. Why id Administrator should never work, because
> Administrator = root = 0 

This is one of the problems of using the 'rid' backend

id administrator
uid=10500(administrator) gid=10513(domain_users) groups=10513(domain_users),10500(administrator),10512(domain_admins),10572(denied_rodc_password_replication_group),10519(enterprise_admins),10520(group_policy_creator_owners),10518(schema_admins),2001(BUILTIN\users),2000(BUILTIN\administrators)

However, provided you use a usermap in smb.conf, when you connect from
Windows, Administrator gets mapped to root.

> Which samba version where you running.
> It looks a bit like :
> https://forge.univention.org/bugzilla/show_bug.cgi?id=34973 
> For me, this looks like a problem due to resolving issues. 
> That needs to be fixed first. 

That was my thought.


More information about the samba mailing list