[Samba] Samba share not quite working on Domain Controller
Mark Foley
mfoley at novatec-inc.com
Sun Dec 17 16:28:06 UTC 2023
On Sun Dec 17 03:11:05 2023 Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> On Sun, 17 Dec 2023 01:23:29 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
> >
> > Since sysvol and netlogin folders didn't crash when I selected their
> > Properties > Security, I reasoned there must be something about
> > permissions or ownership afoot. Sure enough:
> >
> > # ls -ld /var/lib/samba/sysvol/
> > drwxrwx---+ 3 root 3000000 4096 2023-11-29 21:16
> > /var/lib/samba/sysvol/
> >
> > Both of those directories, created by provisioning, are members of
> > group 3000000 which I presume is some administrative group (although
> > 'getent group 3000000' on the DC returns nothing, so I'm not sure).
>
> If this was Debian, I would suggest installing libnss-winbind and
> libpam-winbind, but as this is slackware, I haven't a clue what the
> required package(s) is/are called. However, on Debian the two '.so'
> files the package(s) contain are 'libnss_winbind.so.2' and
> 'pam_winbind.so', installing these and adding 'winbind' to the 'passwd'
> & 'group' lines in /etc/nsswitch.conf will get getent to work and the
> '3000000' will very probably become 'Domain Admins'
>
> Having to do the above is yet another reason not to use a DC as a
> fileserver, all your users will then be able to login into the DC.
>
> Rowland
My bad. Those packages are installed on Slackware. I added 'winbind' to the
'passwd' & 'group' lines in /etc/nsswitch.conf, restarted Samba and all is well.
Although I believe I've been going through the wikis word-by-word, I apparently
missed those instructions in the wiki
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Choosing_an_idmap_backend
under "Configuring the Name Service Switch".
Thanks! --Mark
More information about the samba
mailing list