[Samba] Samba share not quite working on Domain Controller

Mark Foley mfoley at novatec-inc.com
Sun Dec 17 16:28:06 UTC 2023


On Sun Dec 17 03:11:05 2023 Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> On Sun, 17 Dec 2023 01:23:29 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
> > 
> > Since sysvol and netlogin folders didn't crash when I selected their
> > Properties > Security, I reasoned there must be something about
> > permissions or ownership afoot. Sure enough:
> > 
> > # ls -ld /var/lib/samba/sysvol/
> > drwxrwx---+ 3 root 3000000 4096 2023-11-29 21:16
> > /var/lib/samba/sysvol/
> > 
> > Both of those directories, created by provisioning, are members of
> > group 3000000 which I presume is some administrative group (although
> > 'getent group 3000000' on the DC returns nothing, so I'm not sure).
>
> If this was Debian, I would suggest installing libnss-winbind and
> libpam-winbind, but as this is slackware, I haven't a clue what the
> required package(s) is/are called. However, on Debian the two '.so'
> files the package(s) contain are 'libnss_winbind.so.2' and
> 'pam_winbind.so', installing these and adding 'winbind' to the 'passwd'
> & 'group' lines in /etc/nsswitch.conf will get getent to work and the
> '3000000' will very probably become 'Domain Admins'
>
> Having to do the above is yet another reason not to use a DC as a
> fileserver, all your users will then be able to login into the DC.
>
> Rowland

My bad. Those packages are installed on Slackware. I added 'winbind' to the
'passwd' & 'group' lines in /etc/nsswitch.conf, restarted Samba and all is well.

Although I believe I've been going through the wikis word-by-word, I apparently
missed those instructions in the wiki
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Choosing_an_idmap_backend
under "Configuring the Name Service Switch". 

Thanks! --Mark



More information about the samba mailing list