[Samba] clients not connecting to samba shares

Rowland Penny rpenny at samba.org
Sat Apr 1 18:38:40 UTC 2023

On 01/04/2023 19:10, Gary Dale via samba wrote:

> https://wiki.samba.org/index.php/Idmap_config_ad in the Configuring the 
> ad Back End section.

Yes, but right at the top there is a warning box that says:

ID mapping back ends are not supported in the smb.conf file on a Samba 
Active Directory (AD) domain controller (DC).
For details, see Failure To Access Shares on Domain Controllers If idmap 
config Parameters Set in the smb.conf File.

I will update that say, do not add anything on this page to a Samba AD 
DC smb.conf.

> Which shows that the documentation is fragmented and contradictory (not 
> to mention obfuscated). If something is OK to set in one instance but 
> not another, shouldn't that be highlighted? We have hyperlinks these days.

It isn't as easy as that on the Samba wiki, I wish it was. I know that 
the Samba wiki isn't the best in the world, but I cannot change the wiki 

> Not according to a lot of the recent documentation. It's telling me to 
> use the Windows tools, which are a nightmare, to do things that I'd 
> prefer to do through the Linux tools.

The Samba wiki mentions ADUC a lot, but this isn't as easy to use as it 
once was and samba-tool has got a lot better.

> How would that stop my Windows 10 VM from accessing shares? I recall 
> some registry settings being needed to get Windows 7 to work with Samba 
> but that's ancient history...

The lack of SMBv1 shouldn't stop Win10 access a share, it would stop 
Network Browsing though. If Win10 cannot access a Samba share, then 
there should be something in the Windows event log and or the logs of 
the Samba server. There are two things to note, Win10 may require the 
latest Heimdal and if you are trying to connect to a guest Samba share, 
you should check if Windows doesn't have guest access turned off.

> Haven't tried it since pre-pandemic - certainly not with a Bullseye 
> server - so it is not going to be interesting to look at. It definitely 
> predates the backports version of Samba.
> That's why I'm looking for something more recent so I can retry.

The actual way you setup a smb.conf hasn't changed much for quite a few 
years, so it should be valid.

> I tried using Samba once rather than NFS but that broke things. I keep 
> my mail on the server and Thunderbird didn't work properly. Reverting to 
> NFS fixed that. Also, Samba shares seemed slower and less reliable. NFS 
> just works.

I use Thunderbird on a Unix domain member and apart from an annoying 
Thunderbird bug, everything works okay.

As for speed, there isn't much difference between the two now, but you 
can use NFS with Samba authentication, I just wouldn't share an NFS export.

There are probably users out there using NFS with AD authentication, I 
hope one of them will help here.


More information about the samba mailing list