Web lists-archives.com

Re: [Samba] Samba 4.6.0 - Domain admin can't list nor access shares on file server






On 5/10/2017 6:06 PM, Rowland Penny via samba wrote:
On Wed, 10 May 2017 17:47:37 +0200
Olaf Frączyk via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

I have domain NAVIDOM.

There is also a fileserver that has joined the domain (both file
server and DC are samba 4.6.0).

If I try to connect as NAVIDOM\Administrator, I cannot access the
file server (from Linux and Windows):

[root@dc var]# smbclient -U Administrator -L fileserv
Enter NAVIDOM\Administrator's password:
session setup failed: NT_STATUS_ACCESS_DENIED

I can do it as a regular user:

[root@fileserv samba]# smbclient -U olaf -L fileserv
Enter NAVIDOM\olaf's password:

      Sharename       Type      Comment
      ---------       ----      -------

.......

Is this normal or do I have a problem with my setup?

Possibly normal, but it depends on your smb.conf on the Unix domain
member, so can you post the smb.conf from the Unix domain member (the
thing you call a fileserver)

Rowland


[global]
    security = ADS
    workgroup = NAVIDOM
    realm = NAVIDOM.OFFICE.NAVI.PL
    log file = /var/log/samba/%m.log
    log level = 1
    idmap config * : backend = tdb
    idmap config * : range = 20000-20999
    idmap config NAVIDOM:backend = ad
    idmap config NAVIDOM:schema_mode = rfc2307
    idmap config NAVIDOM:range = 1000-9999
    idmap config NAVIDOM:unix_nss_info = yes
    idmap config NAVIDOM:unix_primary_group = yes
    winbind use default domain = yes
    winbind nss info = rfc2307
    winbind refresh tickets = yes
    template shell = /bin/bash
    template homedir = /home/%U
    create mask = 0666
    directory mask= 0777
    store dos attributes = yes

Is this because of NAVIDOM:range = 1000-9999, so it doesn't include uid 0?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba