Web lists-archives.com

[Samba] Can only access new SAMBA fileshare from Windows as privileged user SAMDOM/Administrator, not as an ordinary user.




Hi there, I wonder if anyone can help me?

I recently created an active directory setup with a primary domain controller ad1 and secondary domain controller ad2 for a domain SAMDOM. In-line with what I understand to be Samba best practices I then setup a separate file-server fs1 on which I created a file share, /fsrv/shares/OgdenFiles/. This has all been done using Samba version 4.5.16-Debian, on Raspbian.

The domain and fileshare do appear to work, and I have confirmed that I can logon as SAMDOM/Administrator and apparently read and write to the share without issue in Windows 10 without issue. Creation of new text files on the share works as normal.

The problem I am having is that although I am able to log onto the domain as SAMDOM/stephene I am not able to use this regular *unprivileged* account to access the OgdenFiles share in Windows. I keep on getting "Access Denied" messages in Windows, and a large grey box appears asking me to re-enter my username and password to access the share FS1.

Below is my smb.conf for my fileserver FS1:

pi@fs1:~ $ cat /etc/samba/smb.conf
[global]
        workgroup = samdom
        realm = samdom.example.com
        netbios name = fs1
        security = ADS
        dns forwarder = XXX XXX XXX (obliterated here for privacy reasons!)
idmap config * : backend = tdb
idmap config *:range = 3000-7999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-999999
   template homedir = /home/%D/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
   winbind nss info = rfc2307
   winbind enum users = yes
   winbind enum groups = yes
  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes

[OgdenFiles]
       path = /fsrv/shares/OgdenFiles

       read only = no


When I enter wbinfo on the fileserver I can see the user account stephene that I wish to use to access the share, but it doesn't seem to work in Windows.

pi@fs1:~ $ wbinfo -u
stephenellwood
administrator
krbtgt
guest

Can anyone possibly suggest what I am doing wrong here - possibly a permissions issue? This is a little frustrating as I seem very close to getting everything I need working here!

Thanks
Stephen Ellwood


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba