[Samba] Very strange: Samba is unable to access one of its own files

Rowland Penny rpenny at samba.org
Thu Nov 14 16:35:17 UTC 2024


On Thu, 14 Nov 2024 11:17:11 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:

> On 11/14/24 10:48, Rowland Penny via samba wrote:
> > The only things that a Samba AD DC pulls from AD is the uidNumber
> > and gidNumber attributes (if they are set) and only then if
> > 'idmap_ldb:use rfc2307 = yes' is set in the DCs smb.conf.
> >
> > What are you expecting ?
> >
> > Rowland
> 
> Oh. Well, I was expecting that the home directory and the shell 
> attributes would be retrieved from AD 

Not on a DC, but you can do this on a Unix domain member, though I am
beginning to think there isn't much point to it.

> --or else constructed from
> the 'template homedir' and 'template shell' lines in smb.conf. The
> values I set there were:
> 
>       template shell = /bin/bash
>       template homedir = /home/%U
>

That should work.

> but the getent is returning
> 
> HOME\jgraham:*:10000:100::/home/SAMDOM/jgraham:/bin/false
> 
> which appear to be the defaults for those two as opposed to what's 
> specified in either smb.conf or AD.

Yes, they are the defaults, as is the '100' for 'users' which is mapped
to Domain Users. I suggest you set a gidNumber on Domain Users, just in
case you decide to run a Unix domain member in future with the 'ad'
idmap backend.

If all else fails, try rebooting the DC and see if that fixes it.

This is from one of my DCs with 'template shell = /bin/bash' set:

adminuser at tmpdc1:~ $ getent passwd rowland
SAMDOM\rowland:*:3000020:100:Rowland
Penny:/home/SAMDOM/rowland:/bin/bash

You are running into one of the many reasons why it isn't recommended
to use a Samba AD DC as a fileserver.

Rowland



More information about the samba mailing list