Discussion:
[Samba] Permission denied on server root for all users
mots
2016-06-24 10:23:46 UTC
Permalink
Hello,

I've tried to set up a member server for my AD domain, but all users get "Permission Denied" when accessing the server, even without a share specified (by entering \\ika in Windows Explorer).
Samba version is  4.2.10-debian on Debian Jessie.

I've mapped DOMAIN\Administrator to root, which allows the Administrator to connect to the server and set permissions.
wbinfo -g and wbinfo -u lists all the users and groups.

The smb.conf on the member looks like this:

[global]
workgroup = DOMAIN
security = ads
realm = DOMAIN.COMPANY.COM
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 20001-99999
winbind nss info = rfc2307
dns proxy = no
log file = /var/log/samba/log.%m
syslog = 0
server role = member server
username map = /etc/samba/usermap
load printers = yes
spoolss: architecture = Windows x64
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[printers]
path = /var/spool/samba
read only = no
printable = yes
printing = CUPS
guest ok = yes
writable = yes
available = yes
[print$]
path = /var/fileserver/Printer_drivers
comment = Printer Drivers
writeable = yes

What am I doing wrong?
mots
2016-06-24 11:20:53 UTC
Permalink
The problem existed between keyboard and chair. I forgot to install libnss-winbind. I'm sorry for wasting your time.



-----UrsprÃŒngliche Nachricht-----
Gesendet: Fre 24 Juni 2016 12:59
Betreff: Re: [Samba] Permission denied on server root for all users
Post by mots
Hello,
I've tried to set up a member server for my AD domain, but all users get "Permission Denied" when accessing the server, even without a share specified (by entering \\ika in Windows Explorer).
Samba version is 4.2.10-debian on Debian Jessie.
I've mapped DOMAIN\Administrator to root, which allows the Administrator to connect to the server and set permissions.
wbinfo -g and wbinfo -u lists all the users and groups.
[global]
workgroup = DOMAIN
security = ads
realm = DOMAIN.COMPANY.COM
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 20001-99999
winbind nss info = rfc2307
dns proxy = no
log file = /var/log/samba/log.%m
syslog = 0
server role = member server
username map = /etc/samba/usermap
load printers = yes
spoolss: architecture = Windows x64
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[printers]
path = /var/spool/samba
read only = no
printable = yes
printing = CUPS
guest ok = yes
writable = yes
available = yes
[print$]
path = /var/fileserver/Printer_drivers
comment = Printer Drivers
writeable = yes
What am I doing wrong?
You are using the winbind 'ad' backend, have you given each user a
'uidNumber' attribute containing a unique number in the range you set in
smb.conf (20001-99999), have you also also given 'Domain users' a
'gidNumber' inside the same range ?
Does 'getent passwd <ausername>', run on the domain member, return
anything ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mathias dufresne
2016-06-24 11:31:20 UTC
Permalink
here too the issue comes from the same place too often ;)
Post by mots
The problem existed between keyboard and chair. I forgot to install
libnss-winbind. I'm sorry for wasting your time.
-----Ursprüngliche Nachricht-----
Gesendet: Fre 24 Juni 2016 12:59
Betreff: Re: [Samba] Permission denied on server root for all users
Post by mots
Hello,
I've tried to set up a member server for my AD domain, but all users
get "Permission Denied" when accessing the server, even without a share
specified (by entering \\ika in Windows Explorer).
Post by mots
Samba version is 4.2.10-debian on Debian Jessie.
I've mapped DOMAIN\Administrator to root, which allows the
Administrator to connect to the server and set permissions.
Post by mots
wbinfo -g and wbinfo -u lists all the users and groups.
[global]
workgroup = DOMAIN
security = ads
realm = DOMAIN.COMPANY.COM
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 20001-99999
winbind nss info = rfc2307
dns proxy = no
log file = /var/log/samba/log.%m
syslog = 0
server role = member server
username map = /etc/samba/usermap
load printers = yes
spoolss: architecture = Windows x64
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[printers]
path = /var/spool/samba
read only = no
printable = yes
printing = CUPS
guest ok = yes
writable = yes
available = yes
[print$]
path = /var/fileserver/Printer_drivers
comment = Printer Drivers
writeable = yes
What am I doing wrong?
You are using the winbind 'ad' backend, have you given each user a
'uidNumber' attribute containing a unique number in the range you set in
smb.conf (20001-99999), have you also also given 'Domain users' a
'gidNumber' inside the same range ?
Does 'getent passwd <ausername>', run on the domain member, return
anything ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...