[Samba] smb won't allow users from other ou share access
Rowland Penny
rpenny at samba.org
Fri Mar 4 17:18:51 UTC 2022
On Fri, 2022-03-04 at 10:59 -0600, Patrick Goetz via samba wrote:
>
> On 3/3/22 17:47, Fuhriman, Nathanael [US] (SP) (Contr) via samba
> wrote:
> > I have samba setup to share files on a system using SSSD hooked to
> > AD for user accounts. Some users are able to access the shares and
> > other are not. I finally narrowed it down to users that are in a
> > specific OU in AD. Those in that OU can access the shares. All
> > others are denied access. For examples users in OU=employees are
> > able to access but users in OU=contractors are not able to access.
> >
>
> From your description my suspicion is that a GPO is responsible for
> this, not Samba. What OU to suspect depends on how your network is
> configured; i.e. are all the shares coming from the same file
> server?
> Does that file server have GPO-based access restrictions to that OU?
Could be a GPO but doubtful
>
> If it's not that, comb through your /etc/sssd/sssd.conf file looking
> for
> anything that references that OU.
>
> It could be samba if you have these restrictions embedded in your
> /etc/samba/smb.conf file, but I'm assuming you've checked for this
> already.
As far as I am aware, Samba has nothing to restrict the search base in
smb.conf, but I seem to remember that sssd has.
Rowland
More information about the samba
mailing list