Web lists-archives.com

Re: [Samba] Share access problem




On Wed, 23 Aug 2017 11:23:09 -0400
<Sebastien.Boulianne@xxxxxx> wrote:

> Hi Rowland,
> I tried that but it didn't work.
> 
> I can list all users using wbinfo -u but it didn't work if I do
> getent passwd <samaccountname>.
> 
> Do you have any clues ?
> 

wbinfo talks directly to winbind which gets its info directly from AD,
so 'wbinfo -u' just shows that winbind is connected to AD.

To get Unix to know who your AD users are, you need to get winbind to
map your users to an ID number and then pass this to nsswitch.

When a user is created in AD, the users cn is set to the users
'givenName' and 'sn' e.g. mine is 'CN: Rowland Penny'

My 'sAMAccountName' is 'rowland' i.e. 'givenName' in lowercase.

This means, as long as smb.conf is created correctly, the
libnss_winbind links are created correctly and PAM is set to use
winbind, it should work for all users. If it only works for some users
but not others, then either you are not using the correct username,
they don't have a uidNumber attribute (if using the 'ad' backend) or
the 'DOMAIN' range isn't correct.

A quick way to test the later, add a '0' to the 'DOMAIN' high range in
smb.conf.

After that, you need to investigate the users object in AD, you can use
ldapsearch to do this from Unix (provided you have the required
permissions, rights and passwords), failing that get the windows
sysadmins to dump it for you.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba