[Samba] Very strange: Samba is unable to access one of its own files

Rowland Penny rpenny at samba.org
Thu Nov 14 17:14:04 UTC 2024


On Thu, 14 Nov 2024 11:45:11 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:

> On 11/14/24 11:35, Rowland Penny via samba wrote:
> > Not on a DC, but you can do this on a Unix domain member, though I
> > am beginning to think there isn't much point to it.
> >
> > Yes, they are the defaults, as is the '100' for 'users' which is
> > mapped to Domain Users. I suggest you set a gidNumber on Domain
> > Users, just in case you decide to run a Unix domain member in
> > future with the 'ad' idmap backend.
> >
> > If all else fails, try rebooting the DC and see if that fixes it.
> >
> > This is from one of my DCs with 'template shell = /bin/bash' set:
> >
> > adminuser at tmpdc1:~ $ getent passwd rowland
> > SAMDOM\rowland:*:3000020:100:Rowland
> > Penny:/home/SAMDOM/rowland:/bin/bash
> >
> > You are running into one of the many reasons why it isn't
> > recommended to use a Samba AD DC as a fileserver.
> 
> Understood. I'm going to stand up an independent file server Real
> Soon Now(tm) and evict that functionality from the AD DC. Promise.
> Will try the reboot.
> 

If your are going to set up a Unix domain member, there is very little
reason to use the 'ad' idmap backend nowadays. Samba will know who the
users are if you use the 'rid' backend, the only drawback is that the
users get the 'template' shell and home directory and that isn't really
a problem. If you think about it, Windows users no nothing about the
rfc2307 attributes, yet they work with Samba (or is it the other way
around ?).

Rowland
 



More information about the samba mailing list