[Samba] Users can't mount shares on a domain member file server
Rowland penny
rpenny at samba.org
Wed Dec 16 17:25:49 UTC 2020
On 16/12/2020 17:01, MAS Jean-Louis via samba wrote:
> Le 16/12/2020 à 17:17, Rowland penny via samba a écrit :
>
>> You are getting ID's in the 400000 range because that is what you
>> have set in the '*' domain and as you are getting number such as
>> '400002', then 'jlmas' does not have a uidNumber attribute containing
>> a number inside the '500-400000' range or Domain Users does not have
>> a gidNumber attribute containing a number inside the same range, or
>> to put it another way:
>>
>> Have you manually added uidNumber and gidNumber attributes to your
>> users & groups in AD ?
>
> Yes. In fact our only source of authentication for Linux and Windows
> is our AD Samba4.
> We have added all the posix accounts attributes to our users when we
> created them.
>
> For example, this is my account directly from our Samba4 AD-DC, my
> uidNumber and gidNumber are within the "example" domain range we
> defined in smb.conf
I think I might know what is the problem, but first, you do not need these:
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
You have changed the primaryGroupID, why ?
Windows expects that every users primary group is Domain Users and now
it is whatever '2906' is, this is what I think your problem is. Samba
also requires Domain Users, though to be honest I am unsure whether it
requires the name or the numeric ID, but it looks like which ever it is
that winbind does not like this.
Rowland
More information about the samba
mailing list