osdc at mailbox.org
2017-Mar-29 19:07 UTC
[Samba] Failed to enumerate objects in the container. Access is denied.
Hello Rowland,> Rowland Penny via samba <samba at lists.samba.org> hat am 29. März 2017 um 20:28 geschrieben:> wbinfo goes straight to winbind, getent goes via nsswitch, so you might > not have the required packages installed.I have standard debian jessie with ssh and furthermore installed samba, smbclient, winbind, nsswitch, libnss-winbind, libpam-winbind, krb5, krb5-config, krb5-user So I do not see what is missing. I have been trying to solve that problem with my old setup and ended up copying the idmap.ldb to my fileserver. Quite unsatisfying and dirty solution, but it helped. I would like to do it better this time.> But it might just be down to > 'getent passwd' by default not showing users, try 'getent passwd > username'That did not work either. Help is appreciated. martin
Rowland Penny
2017-Mar-29 19:39 UTC
[Samba] Failed to enumerate objects in the container. Access is denied.
On Wed, 29 Mar 2017 21:07:05 +0200 (CEST) osdc at mailbox.org wrote:> Hello Rowland, > > > Rowland Penny via samba <samba at lists.samba.org> hat am 29. März > > 2017 um 20:28 geschrieben: > > > > wbinfo goes straight to winbind, getent goes via nsswitch, so you > > might not have the required packages installed. > > I have standard debian jessie with ssh and furthermore installed > samba, smbclient, winbind, nsswitch, libnss-winbind, libpam-winbind, > krb5, krb5-config, krb5-userHmm 'krb5' does this mean you have kerberos running on the Unix domain server (what you call a fileserver) ?> > So I do not see what is missing. I have been trying to solve that > problem with my old setup and ended up copying the idmap.ldb to my > fileserver. Quite unsatisfying and dirty solution, but it helped. I > would like to do it better this time.Now that is odd, 'idmap.ldb' only exists on a DC, how did you install your 'fileserver' ? Rowland
osdc at mailbox.org
2017-Mar-30 08:58 UTC
[Samba] Failed to enumerate objects in the container. Access is denied.
> Rowland Penny via samba <samba at lists.samba.org> hat am 29. März 2017 um 21:39 geschrieben:> > Hmm 'krb5' does this mean you have kerberos running on the Unix > domain server (what you call a fileserver) ?I thought I needed it, but for /etc/krb5.conf, kinit and klist but was wrong. Thank you.> > Now that is odd, 'idmap.ldb' only exists on a DC, how did you install > your 'fileserver' ?It was a long day, I mixed it up. I Did not have my bash_history to look it up. One more thing: you recommend ad while L.P.H. van Belle recommends rid. I have read about the advantages and disadvantages of ad, rid and autorid. What is your reason for recommending ad? I will give van Belles setup a try today. Best regards Martin
L.P.H. van Belle
2017-Mar-30 09:37 UTC
[Samba] Failed to enumerate objects in the container. Access is denied.
... Small side note here.> One more thing: you recommend ad while L.P.H. van Belle recommends rid. I > have read about the advantages and disadvantages of ad, rid and autorid. > What is your reason for recommending ad?I dont recommend here.. setup and match with you AD DC settings. Greetz, Louis