[Samba] smb won't allow users from other ou share access

Patrick Goetz pgoetz at math.utexas.edu
Fri Mar 4 16:59:57 UTC 2022

On 3/3/22 17:47, Fuhriman, Nathanael [US] (SP) (Contr) via samba wrote:
> I have samba setup to share files on a system using SSSD hooked to AD for user accounts. Some users are able to access the shares and other are not. I finally narrowed it down to users that are in a specific OU in AD. Those in that OU can access the shares. All others are denied access. For examples users in OU=employees are able to access but users in OU=contractors are not able to access.

 From your description my suspicion is that a GPO is responsible for 
this, not Samba. What OU to suspect depends on how your network is 
configured; i.e. are all the shares coming from the same file server? 
Does that file server have GPO-based access restrictions to that OU?

If it's not that, comb through your /etc/sssd/sssd.conf file looking for 
anything that references that OU.

It could be samba if you have these restrictions embedded in your 
/etc/samba/smb.conf file, but I'm assuming you've checked for this already.

More information about the samba mailing list