Web lists-archives.com

Re: [Samba] user cannot access shares on new ad-dc


Is it normal that "Computer Management" cannot configure shared directories of a Samba4 AD-DC? Is this only possible on member servers? It can connect to the DC, but when I click on shares it tells that either the server does not support "virtual disk service" (translated from German), or a firewall blocks the connection. There is no firewall between these machines in my test environment. I started Computer Management as domain-admin on domain-joined Win7.

Is it normal that non-admin users (on Win7) get permission denied if they want to look inside of \\dc.ad.domain\sysvol or netlogon? They can look inside these directories on Windows servers, but not on my newly provisioned AD-DC test server.

They cannot even access a test-share when I make them owner of it with chown.

The wiki page
instructs to append "winbind" behind "files" in the lines "passwd" and "group". But my nsswitch.conf (ubuntu 14) had "compat" there, not "files". Should I replace "compat" with "files", or append "winbind" behind "compat"?

The command "pam-auth-update" does not produce any output. How can I check if it has done anything?
I can do
  chown "domain\\user" file
and then that domain-user is shown in
  ls -la file
Does that mean that everything works?

I get the impression that winbindd and PAM are needed mostly (only?) if users want to log on to the DC with ssh. The page about winbindd describes howto set up templates for shell and homedir. The page about PAM talks about "SSH authentication". I just want to access shares! Reading the wiki I cannot determine what precisely are the required steps to access shares on a DC.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba