[Samba] cant login to fileserver
L.P.H. van Belle
belle at bazuin.nl
Wed Oct 16 14:58:02 UTC 2019
Read this (again).
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
and one of these:
https://wiki.samba.org/index.php/Idmap_config_ad
https://wiki.samba.org/index.php/Idmap_config_rid
So
realm = relam.fqdn << in CAPS
idmap uid = 1001-999999 << remove these
idmap gid = 1001-999999 << remove these
> winbind enum users = yes << remove these
> winbind enum groups = yes << remove these
Or set these to no, these are really not needed.
> idmap config * : range = 1000-1000 << much to small range.
If you inherited these low UID/GID, set this one to :
1000000-1005000
Or and other range that does not overlap any other range.
You should also verify that with (see) cat /etc/addusers.conf
> # This will prevent nmbd to search for NetBIOS names through DNS.
> dns proxy = no
If you dns is setup correclty, setting that to yes, will work fine.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> basti via samba
> Verzonden: woensdag 16 oktober 2019 16:44
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] cant login to fileserver
>
> [global]
>
> ## Browsing/Identification ###
>
> # Change this to the workgroup/NT-domain name your Samba
> server will part of
>
> security = ADS
> workgroup = NET
> realm = relam.fqdn
> log file = /var/log/samba/%m.log
> log level = 3
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use an read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 1000-1000
>
> # idmap config for the NET domain
> idmap config NET:backend = ad
> idmap config NET:schema_mode = rfc2307
> idmap config NET:range = 1001-999999
> idmap uid = 1001-999999
> idmap gid = 1001-999999
>
>
> winbind enum users = yes
> winbind enum groups = yes
>
> winbind use default domain = yes
>
> # fix dfs error's in log ?
> host msdfs = no
>
> # fix connection lost ?
> client min protocol = SMB2
> client max protocol = SMB2
>
> # master for doamin
> local master = yes
> os level = 255
> preferred master = yes
>
> # This will prevent nmbd to search for NetBIOS names through DNS.
> dns proxy = no
>
> map to guest = bad user
>
> admin users = root, Administrator, @Domain Admins
>
> ... shares
> [tmp]
> path = /tmp
> guest ok = yes
> browsable = yes
> read only = no
>
> tmp is working connect via ip to server. (guest mapping)
> and yes the userid's start at 1001
>
>
> On 16.10.19 16:27, Rowland penny via samba wrote:
> > On 16/10/2019 13:44, basti via samba wrote:
> >> hello,
> >> i migrate a NT4 to ad.
> >> User can login with AD username and can connect to share on DC.
> >> When i try to connect to the fileserver via windows i get
> access denied.
> >>
> >> connect from dc1 to fileserver via smbclient does work.
> >>
> >> on the fileserver:
> >> - wbinfo -u show user
> >> - wbinfo -P succeeded
> >> - wbinfo -g show groups
> >> - wbinfo -a Administrator succeeded
> >> - pam-auth-update -> kbr, unix, winbind
> >>
> >> nsswitch as compad winbind like
> >>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >>
> >> getent passwd does *not* show domain unsers but thats not
> the problem i
> >> think.
> >
> > I think it probably is, can you post your smb.conf from the
> fileserver.
> >
> > Rowland
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list