[Samba] Users can't mount shares on a domain member file server
rpenny at samba.org
Wed Dec 16 17:25:49 UTC 2020
On 16/12/2020 17:01, MAS Jean-Louis via samba wrote:
> Le 16/12/2020 à 17:17, Rowland penny via samba a écrit :
>> You are getting ID's in the 400000 range because that is what you
>> have set in the '*' domain and as you are getting number such as
>> '400002', then 'jlmas' does not have a uidNumber attribute containing
>> a number inside the '500-400000' range or Domain Users does not have
>> a gidNumber attribute containing a number inside the same range, or
>> to put it another way:
>> Have you manually added uidNumber and gidNumber attributes to your
>> users & groups in AD ?
> Yes. In fact our only source of authentication for Linux and Windows
> is our AD Samba4.
> We have added all the posix accounts attributes to our users when we
> created them.
> For example, this is my account directly from our Samba4 AD-DC, my
> uidNumber and gidNumber are within the "example" domain range we
> defined in smb.conf
I think I might know what is the problem, but first, you do not need these:
You have changed the primaryGroupID, why ?
Windows expects that every users primary group is Domain Users and now
it is whatever '2906' is, this is what I think your problem is. Samba
also requires Domain Users, though to be honest I am unsure whether it
requires the name or the numeric ID, but it looks like which ever it is
that winbind does not like this.
More information about the samba