[Samba] Users can't mount shares on a domain member file server

MAS Jean-Louis jean-louis.mas at imag.fr
Wed Dec 16 17:01:12 UTC 2020


Le 16/12/2020 à 17:17, Rowland penny via samba a écrit :

> You are getting ID's in the 400000 range because that is what you have 
> set in the '*' domain and as you are getting number such as '400002', 
> then 'jlmas' does not have a uidNumber attribute containing a number 
> inside the '500-400000' range or Domain Users does not have a gidNumber 
> attribute containing a number inside the same range, or to put it 
> another way:
> 
> Have you manually added uidNumber and gidNumber attributes to your users 
> & groups in AD ?

Yes. In fact our only source of authentication for Linux and Windows is 
our AD Samba4.
We have added all the posix accounts attributes to our users when we 
created them.

For example, this is my account directly from our Samba4 AD-DC, my 
uidNumber and gidNumber are within the "example" domain range we defined 
in smb.conf

#  ldbsearch --url=/var/lib/samba/private/sam.ldb -b dc=example,dc=com 
sAMAccountName=jlmas

# record 1
dn: CN=jlmas,CN=Users,DC=example,DC=com
cn: jlmas
sn: Mas
givenName: Jean-Louis
instanceType: 4
whenCreated: 20140306151708.0Z
uSNCreated: 4464
name: jlmas
objectGUID: 52c807de-e9dc-470e-973c-79c1d5a4ea9d
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
objectSid: S-1-5-21-2072931574-2052698178-2371456486-1847
accountExpires: 9223372036854775807
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
uid: jlmas
mail: Jean-Louis.Mas at imag.fr
departmentNumber: LIG
uidNumber: 20025
gidNumber: 20000
sAMAccountName: jlmas
loginShell: /bin/bash
userPrincipalName: jlmas
objectClass: top
objectClass: securityPrincipal
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: inetOrgPerson
homeDrive: Z:
memberOf: CN=labolig,CN=Users,DC=example,DC=com
memberOf: CN=wikimisi,CN=Users,DC=example,DC=com
memberOf: CN=Domain Users,CN=Users,DC=example,DC=com
displayName: MAS Jean-Louis
unixHomeDirectory: /home/misi/jlmas/
homeDirectory: \\casa.example.fr\jlmas
lockoutTime: 0
shadowLastChange: 17207
pwdLastSet: 131312188300000000
msDS-SupportedEncryptionTypes: 0
userAccountControl: 66048
primaryGroupID: 2906
lastLogonTimestamp: 132521711392051480
whenChanged: 20201211143859.0Z
uSNChanged: 110344
lastLogon: 132525243595119210
logonCount: 1717
distinguishedName: CN=jlmas,CN=Users,DC=example,DC=com

# Referral
ref: ldap://example.fr/CN=Configuration,DC=example,DC=com

# Referral
ref: ldap://example.fr/DC=DomainDnsZones,DC=example,DC=com

# Referral
ref: ldap://example.fr/DC=ForestDnsZones,DC=example,DC=com

# returned 4 records
# 1 entries
# 3 referrals

Regards


-- 
Jean Louis Mas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20201216/821c3c0e/OpenPGP_signature.sig>


More information about the samba mailing list