Web lists-archives.com

Re: [Samba] R: R: cannot list/access samba share from Windows client




On Mon, 8 Jan 2018 19:57:59 +0100
Andrea Rossetti <andy.ros@xxxxxxxxx> wrote:

> Inviato da Posta per Windows 10
> 
> >Da: Rowland Penny via samba
> >Inviato: lunedì 8 gennaio 2018 18:48
> >A: samba@xxxxxxxxxxxxxxx
> >Oggetto: Re: [Samba] R: cannot list/access samba share from Windows
> >client
> >
> >You are now solely using sssd for the authentication, you need to ask
> >on the sssd-users mailing list, either that or purge sssd and set up
> >winbind correctly.
> 
> >I repeat, 'sssd' has nothing to do with Samba and as such, I cannot
> >help any further.
> >
> >Rowland
> 
> Ok I try to purge sssd and configure winbind.
> 
> apt-get remove --purge sssd && apt-get autoremove --purge
> 
> I successfull removed and re-joined the Linux domain member
> 
> root@SRVLNXWINTRA01:/home/data# net ads leave -U
> "com_spoleto\adminserver" Enter com_spoleto\adminserver's password:
> Deleted account for 'SRVLNXWINTRA01' in realm 'COMUNE.SPOLETO.LOCAL'
> root@SRVLNXWINTRA01:/home/data# net ads join -U
> "com_spoleto\adminserver" Enter com_spoleto\adminserver's password:
> Using short domain name -- COM_SPOLETO
> Joined 'SRVLNXWINTRA01' to dns domain 'comune.spoleto.local'
> 
> I modified the config files (see below)
> And restarted the services
> 
> systemctl restart smbd nmbd winbind
> 
> I verified that the SeDiskOperatorPrivilege was set up correctly to
> “domain admins” Group
> 
> root@SRVLNXWINTRA01:/home/data# net rpc rights list privileges
> SeDiskOperatorPrivilege -U "com_spoleto\adminserver" Enter
> com_spoleto\adminserver's password: SeDiskOperatorPrivilege:
>   COM_SPOLETO\Domain Admins
>   BUILTIN\Administrators
> 
> I verified the connectiviti with the domain
> 
> root@SRVLNXWINTRA01:/home/data# wbinfo --ping-dc
> checking the NETLOGON for domain[COM_SPOLETO] dc connection to
> "SRVW3KDC01.comune.spoleto.local" succeeded
> 
> but now when I Look up Domain Users and Groups
> 
> root@SRVLNXWINTRA01:/home/data# getent passwd
> com_spoleto\andrea.rossetti root@SRVLNXWINTRA01:/home/data# getent
> group "com_spoleto\\domain admins"
> 
> I have no response and so I’m unable to assign the permission
> attribute to the share
> 
> root@SRVLNXWINTRA01:/home/data# LANG=en_EN chown
> root:"com_spoleto\domain admins" share chown: invalid group:
> 'root:com_spoleto\\domain admins'
> 
> I’m very confused now!
> 
>

OK, If I run this on a Unix domain member:

getent passwd samdom\rowland

I get no output, but this:

getent passwd samdom\\rowland

gets me this:

rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

I use the winbind 'ad' backend and 'Domain Admins' does not have a
gidNumber attribute, but 'Domain Users' does.

getent group "samdom\\domain users"

gets me this:

domain users:x:10000:<list of group members>

Try running 'net cache flush' and then try again.

Rowland






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba