[Samba] cant login to fileserver

basti mailinglist at unix-solution.de
Wed Oct 16 14:44:23 UTC 2019 

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of

    security = ADS
    workgroup = NET
    realm = relam.fqdn
    log file = /var/log/samba/%m.log
    log level = 3

    # Default ID mapping configuration for local BUILTIN accounts
    # and groups on a domain member. The default (*) domain:
    # - must not overlap with any domain ID mapping configuration!
    # - must use an read-write-enabled back end, such as tdb.
    idmap config * : backend = tdb
    idmap config * : range = 1000-1000

    # idmap config for the NET domain
    idmap config NET:backend = ad
    idmap config NET:schema_mode = rfc2307
    idmap config NET:range = 1001-999999
    idmap uid = 1001-999999
    idmap gid = 1001-999999


        winbind enum users = yes
    winbind enum groups = yes

   winbind use default domain = yes

    # fix dfs error's in log ?
    host msdfs = no

    # fix connection lost ?
    client min protocol = SMB2
    client max protocol = SMB2

    # master for doamin
    local master = yes
    os level = 255
    preferred master = yes

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

   map to guest = bad user

admin users = root, Administrator, @Domain Admins

... shares
[tmp]
    path = /tmp
    guest ok = yes
    browsable = yes
    read only = no

tmp is working connect via ip to server. (guest mapping)
and yes the userid's start at 1001


On 16.10.19 16:27, Rowland penny via samba wrote:
> On 16/10/2019 13:44, basti via samba wrote:
>> hello,
>> i migrate a NT4 to ad.
>> User can login with AD username and can connect to share on DC.
>> When i try to connect to the fileserver via windows i get access denied.
>>
>> connect from dc1 to fileserver via smbclient does work.
>>
>> on the fileserver:
>> - wbinfo -u show user
>> - wbinfo -P succeeded
>> - wbinfo -g show groups
>> - wbinfo -a Administrator succeeded
>> - pam-auth-update -> kbr, unix, winbind
>>
>> nsswitch as compad winbind like
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>>
>> getent passwd does *not* show domain unsers but thats not the problem i
>> think.
>
> I think it probably is, can you post your smb.conf from the fileserver.
>
> Rowland
>
>
>

More information about the samba mailing list