[Samba] Can only access new SAMBA fileshare from Windows as privileged user SAMDOM/Administrator, not as an ordinary user.
- Date: Fri, 29 Mar 2019 16:14:20 +0000
- From: Stephen via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Can only access new SAMBA fileshare from Windows as privileged user SAMDOM/Administrator, not as an ordinary user.
Hi there, I wonder if anyone can help me?
I recently created an active directory setup with a primary domain
controller ad1 and secondary domain controller ad2 for a domain SAMDOM.
In-line with what I understand to be Samba best practices I then setup a
separate file-server fs1 on which I created a file share,
/fsrv/shares/OgdenFiles/. This has all been done using Samba version
4.5.16-Debian, on Raspbian.
The domain and fileshare do appear to work, and I have confirmed that I
can logon as SAMDOM/Administrator and apparently read and write to the
share without issue in Windows 10 without issue. Creation of new text
files on the share works as normal.
The problem I am having is that although I am able to log onto the
domain as SAMDOM/stephene I am not able to use this regular
*unprivileged* account to access the OgdenFiles share in Windows. I keep
on getting "Access Denied" messages in Windows, and a large grey box
appears asking me to re-enter my username and password to access the
Below is my smb.conf for my fileserver FS1:
pi@fs1:~ $ cat /etc/samba/smb.conf
workgroup = samdom
realm = samdom.example.com
netbios name = fs1
security = ADS
dns forwarder = XXX XXX XXX (obliterated here for privacy reasons!)
idmap config * : backend = tdb
idmap config *:range = 3000-7999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-999999
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
path = /fsrv/shares/OgdenFiles
read only = no
When I enter wbinfo on the fileserver I can see the user account
stephene that I wish to use to access the share, but it doesn't seem to
work in Windows.
pi@fs1:~ $ wbinfo -u
Can anyone possibly suggest what I am doing wrong here - possibly a
permissions issue? This is a little frustrating as I seem very close to
getting everything I need working here!
To unsubscribe from this list go to the following URL and read the