The problem existed between keyboard and chair. I forgot to install libnss-winbind. I'm sorry for wasting your time. -----Ursprüngliche Nachricht-----> Von:Rowland penny <rpenny at samba.org> > Gesendet: Fre 24 Juni 2016 12:59 > An: samba at lists.samba.org > Betreff: Re: [Samba] Permission denied on server root for all users > > On 24/06/16 11:23, mots wrote: > > Hello, > > > > I've tried to set up a member server for my AD domain, but all users get "Permission Denied" when accessing the server, even without a share specified (by entering \\ika in Windows Explorer). > > Samba version is 4.2.10-debian on Debian Jessie. > > > > I've mapped DOMAIN\Administrator to root, which allows the Administrator to connect to the server and set permissions. > > wbinfo -g and wbinfo -u lists all the users and groups. > > > > The smb.conf on the member looks like this: > > > > [global] > > workgroup = DOMAIN > > security = ads > > realm = DOMAIN.COMPANY.COM > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > > idmap config DOMAIN:backend = ad > > idmap config DOMAIN:schema_mode = rfc2307 > > idmap config DOMAIN:range = 20001-99999 > > winbind nss info = rfc2307 > > dns proxy = no > > log file = /var/log/samba/log.%m > > syslog = 0 > > server role = member server > > username map = /etc/samba/usermap > > load printers = yes > > spoolss: architecture = Windows x64 > > vfs objects = acl_xattr > > map acl inherit = yes > > store dos attributes = yes > > [printers] > > path = /var/spool/samba > > read only = no > > printable = yes > > printing = CUPS > > guest ok = yes > > writable = yes > > available = yes > > [print$] > > path = /var/fileserver/Printer_drivers > > comment = Printer Drivers > > writeable = yes > > > > What am I doing wrong? > > > > > > You are using the winbind 'ad' backend, have you given each user a > 'uidNumber' attribute containing a unique number in the range you set in > smb.conf (20001-99999), have you also also given 'Domain users' a > 'gidNumber' inside the same range ? > > Does 'getent passwd <ausername>', run on the domain member, return > anything ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 831 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20160624/e85557fe/signature.sig>
mathias dufresne
2016-Jun-24 11:31 UTC
[Samba] Permission denied on server root for all users
here too the issue comes from the same place too often ;) 2016-06-24 13:20 GMT+02:00 mots <mots at nepu.moe>:> The problem existed between keyboard and chair. I forgot to install > libnss-winbind. I'm sorry for wasting your time. > > > > -----Ursprüngliche Nachricht----- > > Von:Rowland penny <rpenny at samba.org> > > Gesendet: Fre 24 Juni 2016 12:59 > > An: samba at lists.samba.org > > Betreff: Re: [Samba] Permission denied on server root for all users > > > > On 24/06/16 11:23, mots wrote: > > > Hello, > > > > > > I've tried to set up a member server for my AD domain, but all users > get "Permission Denied" when accessing the server, even without a share > specified (by entering \\ika in Windows Explorer). > > > Samba version is 4.2.10-debian on Debian Jessie. > > > > > > I've mapped DOMAIN\Administrator to root, which allows the > Administrator to connect to the server and set permissions. > > > wbinfo -g and wbinfo -u lists all the users and groups. > > > > > > The smb.conf on the member looks like this: > > > > > > [global] > > > workgroup = DOMAIN > > > security = ads > > > realm = DOMAIN.COMPANY.COM > > > idmap config *:backend = tdb > > > idmap config *:range = 2000-9999 > > > idmap config DOMAIN:backend = ad > > > idmap config DOMAIN:schema_mode = rfc2307 > > > idmap config DOMAIN:range = 20001-99999 > > > winbind nss info = rfc2307 > > > dns proxy = no > > > log file = /var/log/samba/log.%m > > > syslog = 0 > > > server role = member server > > > username map = /etc/samba/usermap > > > load printers = yes > > > spoolss: architecture = Windows x64 > > > vfs objects = acl_xattr > > > map acl inherit = yes > > > store dos attributes = yes > > > [printers] > > > path = /var/spool/samba > > > read only = no > > > printable = yes > > > printing = CUPS > > > guest ok = yes > > > writable = yes > > > available = yes > > > [print$] > > > path = /var/fileserver/Printer_drivers > > > comment = Printer Drivers > > > writeable = yes > > > > > > What am I doing wrong? > > > > > > > > > > You are using the winbind 'ad' backend, have you given each user a > > 'uidNumber' attribute containing a unique number in the range you set in > > smb.conf (20001-99999), have you also also given 'Domain users' a > > 'gidNumber' inside the same range ? > > > > Does 'getent passwd <ausername>', run on the domain member, return > > anything ? > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >