Rowland Penny
2017-Jun-19 12:56 UTC
[Samba] New AD user cannot access file share from member server
On Mon, 19 Jun 2017 14:46:34 +0200 Viktor Trojanovic <viktor at troja.ch> wrote:> On 19 June 2017 at 14:20, lingpanda101 via samba > <samba at lists.samba.org> wrote: > > > On 6/19/2017 7:51 AM, Viktor Trojanovic via samba wrote: > > > >> That's correct, I don't have "Unix Attributes" but through the > >> advanced view I have access to all attributes. > >> > >> The ldbsearch command is not returning anything in my case, it > >> gives me 0 records - no matter which user I try, even the > >> Administrator. I checked the > >> command several times to make sure there are no typos. I even > >> changed the objectclass from "person" to "user" to see if it makes > >> any difference but it doesn't. > >> > >> I tried borth /var/lib/samba/sam.ldb > >> and /var/lib/samba/private/sam.ldb) and the environment > >> environment has LDB_MODULES_PATH set. > >> > >> I can easily look at the objects using the ADUC from the RSAT, not > >> sure why > >> this isn't working... > >> > >> On 19 June 2017 at 12:59, Rowland Penny via samba > >> <samba at lists.samba.org> wrote: > >> > >> On Mon, 19 Jun 2017 12:38:09 +0200 > >>> Viktor Trojanovic <viktor at troja.ch> wrote: > >>> > >>> Here is the DC's smb.conf: > >>>> > >>>> > >>>> [global] > >>>> workgroup = SAMDOM > >>>> realm = SAMDOM.EXAMPLE.COM > >>>> netbios name = DC > >>>> interfaces = lo br-lxc > >>>> bind interfaces only = Yes > >>>> server role = active directory domain controller > >>>> dns forwarder = 192.168.1.2 > >>>> idmap_ldb:use rfc2307 = yes > >>>> > >>>> [netlogon] > >>>> path = /var/lib/samba/sysvol/samdom.example.com/scripts > >>>> read only = No > >>>> > >>>> [sysvol] > >>>> path = /var/lib/samba/sysvol > >>>> read only = No > >>>> > >>> Nothing wrong there > >>> > >>> I'm not sure what you mean by showing you the user's AD object, > >>> can > >>>> you elaborate? > >>>> > >>> OK, install ldb-tools if not installed, then run this: > >>> > >>> ldbsearch -H /usr/local/samba/private/sam.ldb -b > >>> 'cn=users,dc=samdom,dc=example,dc=com' -s sub > >>> "(&(objectclass=person)(samaccountname=rowland))" > >>> > >>> Just in case it has got split up over multiple lines, the above > >>> should just one line. > >>> > >>> Replace: > >>> /usr/local/samba/private/sam.ldb with the path to your sam.ldb > >>> > >>> dc=samdom,dc=example,dc=com with your dns/realm names > >>> > >>> rowland with your users name > >>> > >>> You should get something like this back: > >>> > >>> # record 1 > >>> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com > >>> CN: Rowland Penny > >>> sn: Penny > >>> description: A Unix user > >>> givenName: Rowland > >>> instanceType: 4 > >>> whenCreated: 20151109093821.0Z > >>> displayName: Rowland Penny > >>> uSNCreated: 3365 > >>> name: Rowland Penny > >>> objectGUID: 28103293-9fc9-4681-b19c-ae1150fe2b72 > >>> userAccountControl: 66048 > >>> codePage: 0 > >>> countryCode: 0 > >>> homeDrive: H: > >>> pwdLastSet: 130915355010000000 > >>> primaryGroupID: 513 > >>> objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107 > >>> accountExpires: 0 > >>> sAMAccountName: rowland > >>> sAMAccountType: 805306368 > >>> userPrincipalName: rowland at samdom.example.com > >>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC> >>> example,DC=c > >>> om > >>> unixUserPassword: ABCD!efgh12345$67890 > >>> uid: rowland > >>> msSFU30Name: rowland > >>> msSFU30NisDomain: samdom > >>> uidNumber: 10000 > >>> gecos: Rowland Penny > >>> unixHomeDirectory: /home/rowland > >>> loginShell: /bin/bash > >>> memberOf: CN=DnsAdmins,CN=Users,DC=samdom,DC=example,DC=com > >>> memberOf: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com > >>> memberOf: CN=TestGroup,CN=Users,DC=samdom,DC=example,DC=com > >>> memberOf: CN=Unix Admins,CN=Users,DC=samdom,DC=example,DC=com > >>> memberOf: CN=Group12,CN=Users,DC=samdom,DC=example,DC=com > >>> homeDirectory: \\MEMBER1\home\rowland > >>> objectClass: top > >>> objectClass: securityPrincipal > >>> objectClass: person > >>> objectClass: organizationalPerson > >>> objectClass: user > >>> gidNumber: 10000 > >>> lastLogonTimestamp: 131418520439158520 > >>> whenChanged: 20170613182723.0Z > >>> uSNChanged: 121030 > >>> lastLogon: 131423412865104840 > >>> logonCount: 633 > >>> distinguishedName: CN=Rowland > >>> Penny,CN=Users,DC=samdom,DC=example,DC=com > >>> > >>> # returned 1 records > >>> # 1 entries > >>> # 0 referrals > >>> > >>> Please post that, though you can sanitise it if you like, but if > >>> you do, use the same changes through out. > >>> > >>> Samba is running on (Arch) Linux with Kernel 4.11. Clients are > >>>> Windows 10 with all the latest updates, I'm running the RSAT from > >>>> there. > >>>> > >>>> In which case you will not have 'Unix Attributes' tab in ADUC. > >>> > >>> Rowland > >>> > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > >>> > >>> Use this command replace my name with your username. > > > > /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb > > -b 'dc=samdom,dc=example,dc=local' -s sub > > "(&(objectclass=person)(samacc ountname=james))" > > > > Rowland was linking to the CN=users. Yours may not be located there. > > > > > > I could swear I tried this before, too, but it didn't give me any > > results. > Now all of a sudden it does. I must have made a mistake. It gives me > one entry and 3 referrals. > > [root at DC ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b > 'dc=samdom,dc=example,dc=ch' -s sub > "(&(objectclass=person)(samaccountname=jd))" > # record 1 > dn: CN=First Last,OU=OFFICE,DC=samdom,DC=example,DC=ch > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: Jane Doe > sn: Doe > givenName: Jane > instanceType: 4 > whenCreated: 20170618195208.0Z > displayName: Jane Doe > uSNCreated: 26951 > name: Jane Doe > objectGUID: e2df5086-fa25-4a25-93f2-d8f5e85a47e7 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > badPasswordTime: 0 > lastLogoff: 0 > primaryGroupID: 513 > objectSid: S-1-5-21-4280320235-2980747731-3738778716-1116 > accountExpires: 9223372036854775807 > sAMAccountName: jd > sAMAccountType: 805306368 > userPrincipalName: jd at samdom.example.ch > objectCategory: > CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example ,DC=ch > userAccountControl: 512 > msSFU30NisDomain: samdom > homeDrive: P: > homeDirectory: \\fileserver\users\jd > lastLogonTimestamp: 131422908301256970 > pwdLastSet: 131422908304075720 > uidNumber: 11008 > whenChanged: 20170618203831.0Z > uSNChanged: 26964 > lastLogon: 131423462588474750 > logonCount: 49 > distinguishedName: CN=Jane Doe,OU=OFFICE,DC=samdom,DC=example,DC=chOK, glad we got that sorted out ;-) Your user 'Jane Doe' does not have a 'gidNumber' attribute, does 'Domain Users have a 'gidNumber attribute' ? Rowland
Viktor Trojanovic
2017-Jun-19 13:12 UTC
[Samba] New AD user cannot access file share from member server
On 19 June 2017 at 14:56, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Mon, 19 Jun 2017 14:46:34 +0200 > Viktor Trojanovic <viktor at troja.ch> wrote: > > > On 19 June 2017 at 14:20, lingpanda101 via samba > > <samba at lists.samba.org> wrote: > > > > > On 6/19/2017 7:51 AM, Viktor Trojanovic via samba wrote: > > > > > >> That's correct, I don't have "Unix Attributes" but through the > > >> advanced view I have access to all attributes. > > >> > > >> The ldbsearch command is not returning anything in my case, it > > >> gives me 0 records - no matter which user I try, even the > > >> Administrator. I checked the > > >> command several times to make sure there are no typos. I even > > >> changed the objectclass from "person" to "user" to see if it makes > > >> any difference but it doesn't. > > >> > > >> I tried borth /var/lib/samba/sam.ldb > > >> and /var/lib/samba/private/sam.ldb) and the environment > > >> environment has LDB_MODULES_PATH set. > > >> > > >> I can easily look at the objects using the ADUC from the RSAT, not > > >> sure why > > >> this isn't working... > > >> > > >> On 19 June 2017 at 12:59, Rowland Penny via samba > > >> <samba at lists.samba.org> wrote: > > >> > > >> On Mon, 19 Jun 2017 12:38:09 +0200 > > >>> Viktor Trojanovic <viktor at troja.ch> wrote: > > >>> > > >>> Here is the DC's smb.conf: > > >>>> > > >>>> > > >>>> [global] > > >>>> workgroup = SAMDOM > > >>>> realm = SAMDOM.EXAMPLE.COM > > >>>> netbios name = DC > > >>>> interfaces = lo br-lxc > > >>>> bind interfaces only = Yes > > >>>> server role = active directory domain controller > > >>>> dns forwarder = 192.168.1.2 > > >>>> idmap_ldb:use rfc2307 = yes > > >>>> > > >>>> [netlogon] > > >>>> path = /var/lib/samba/sysvol/samdom.example.com/scripts > > >>>> read only = No > > >>>> > > >>>> [sysvol] > > >>>> path = /var/lib/samba/sysvol > > >>>> read only = No > > >>>> > > >>> Nothing wrong there > > >>> > > >>> I'm not sure what you mean by showing you the user's AD object, > > >>> can > > >>>> you elaborate? > > >>>> > > >>> OK, install ldb-tools if not installed, then run this: > > >>> > > >>> ldbsearch -H /usr/local/samba/private/sam.ldb -b > > >>> 'cn=users,dc=samdom,dc=example,dc=com' -s sub > > >>> "(&(objectclass=person)(samaccountname=rowland))" > > >>> > > >>> Just in case it has got split up over multiple lines, the above > > >>> should just one line. > > >>> > > >>> Replace: > > >>> /usr/local/samba/private/sam.ldb with the path to your sam.ldb > > >>> > > >>> dc=samdom,dc=example,dc=com with your dns/realm names > > >>> > > >>> rowland with your users name > > >>> > > >>> You should get something like this back: > > >>> > > >>> # record 1 > > >>> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com > > >>> CN: Rowland Penny > > >>> sn: Penny > > >>> description: A Unix user > > >>> givenName: Rowland > > >>> instanceType: 4 > > >>> whenCreated: 20151109093821.0Z > > >>> displayName: Rowland Penny > > >>> uSNCreated: 3365 > > >>> name: Rowland Penny > > >>> objectGUID: 28103293-9fc9-4681-b19c-ae1150fe2b72 > > >>> userAccountControl: 66048 > > >>> codePage: 0 > > >>> countryCode: 0 > > >>> homeDrive: H: > > >>> pwdLastSet: 130915355010000000 > > >>> primaryGroupID: 513 > > >>> objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107 > > >>> accountExpires: 0 > > >>> sAMAccountName: rowland > > >>> sAMAccountType: 805306368 > > >>> userPrincipalName: rowland at samdom.example.com > > >>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC> > >>> example,DC=c > > >>> om > > >>> unixUserPassword: ABCD!efgh12345$67890 > > >>> uid: rowland > > >>> msSFU30Name: rowland > > >>> msSFU30NisDomain: samdom > > >>> uidNumber: 10000 > > >>> gecos: Rowland Penny > > >>> unixHomeDirectory: /home/rowland > > >>> loginShell: /bin/bash > > >>> memberOf: CN=DnsAdmins,CN=Users,DC=samdom,DC=example,DC=com > > >>> memberOf: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com > > >>> memberOf: CN=TestGroup,CN=Users,DC=samdom,DC=example,DC=com > > >>> memberOf: CN=Unix Admins,CN=Users,DC=samdom,DC=example,DC=com > > >>> memberOf: CN=Group12,CN=Users,DC=samdom,DC=example,DC=com > > >>> homeDirectory: \\MEMBER1\home\rowland > > >>> objectClass: top > > >>> objectClass: securityPrincipal > > >>> objectClass: person > > >>> objectClass: organizationalPerson > > >>> objectClass: user > > >>> gidNumber: 10000 > > >>> lastLogonTimestamp: 131418520439158520 > > >>> whenChanged: 20170613182723.0Z > > >>> uSNChanged: 121030 > > >>> lastLogon: 131423412865104840 > > >>> logonCount: 633 > > >>> distinguishedName: CN=Rowland > > >>> Penny,CN=Users,DC=samdom,DC=example,DC=com > > >>> > > >>> # returned 1 records > > >>> # 1 entries > > >>> # 0 referrals > > >>> > > >>> Please post that, though you can sanitise it if you like, but if > > >>> you do, use the same changes through out. > > >>> > > >>> Samba is running on (Arch) Linux with Kernel 4.11. Clients are > > >>>> Windows 10 with all the latest updates, I'm running the RSAT from > > >>>> there. > > >>>> > > >>>> In which case you will not have 'Unix Attributes' tab in ADUC. > > >>> > > >>> Rowland > > >>> > > >>> -- > > >>> To unsubscribe from this list go to the following URL and read the > > >>> instructions: https://lists.samba.org/mailman/options/samba > > >>> > > >>> Use this command replace my name with your username. > > > > > > /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb > > > -b 'dc=samdom,dc=example,dc=local' -s sub > > > "(&(objectclass=person)(samacc ountname=james))" > > > > > > Rowland was linking to the CN=users. Yours may not be located there. > > > > > > > > > I could swear I tried this before, too, but it didn't give me any > > > results. > > Now all of a sudden it does. I must have made a mistake. It gives me > > one entry and 3 referrals. > > > > [root at DC ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b > > 'dc=samdom,dc=example,dc=ch' -s sub > > "(&(objectclass=person)(samaccountname=jd))" > > # record 1 > > dn: CN=First Last,OU=OFFICE,DC=samdom,DC=example,DC=ch > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: user > > cn: Jane Doe > > sn: Doe > > givenName: Jane > > instanceType: 4 > > whenCreated: 20170618195208.0Z > > displayName: Jane Doe > > uSNCreated: 26951 > > name: Jane Doe > > objectGUID: e2df5086-fa25-4a25-93f2-d8f5e85a47e7 > > badPwdCount: 0 > > codePage: 0 > > countryCode: 0 > > badPasswordTime: 0 > > lastLogoff: 0 > > primaryGroupID: 513 > > objectSid: S-1-5-21-4280320235-2980747731-3738778716-1116 > > accountExpires: 9223372036854775807 > > sAMAccountName: jd > > sAMAccountType: 805306368 > > userPrincipalName: jd at samdom.example.ch > > objectCategory: > > CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example ,DC=ch > > userAccountControl: 512 > > msSFU30NisDomain: samdom > > homeDrive: P: > > homeDirectory: \\fileserver\users\jd > > lastLogonTimestamp: 131422908301256970 > > pwdLastSet: 131422908304075720 > > uidNumber: 11008 > > whenChanged: 20170618203831.0Z > > uSNChanged: 26964 > > lastLogon: 131423462588474750 > > logonCount: 49 > > distinguishedName: CN=Jane Doe,OU=OFFICE,DC=samdom,DC=example,DC=ch > > OK, glad we got that sorted out ;-) > > Your user 'Jane Doe' does not have a 'gidNumber' attribute, does > 'Domain Users have a 'gidNumber attribute' ? >It does, it's set to 10001. And none of the users have gidNumber set.
lingpanda101
2017-Jun-19 13:31 UTC
[Samba] New AD user cannot access file share from member server
On 6/19/2017 9:12 AM, Viktor Trojanovic via samba wrote:> On 19 June 2017 at 14:56, Rowland Penny via samba <samba at lists.samba.org> > wrote: > >> On Mon, 19 Jun 2017 14:46:34 +0200 >> Viktor Trojanovic <viktor at troja.ch> wrote: >> >>> On 19 June 2017 at 14:20, lingpanda101 via samba >>> <samba at lists.samba.org> wrote: >>> >>>> On 6/19/2017 7:51 AM, Viktor Trojanovic via samba wrote: >>>> >>>>> That's correct, I don't have "Unix Attributes" but through the >>>>> advanced view I have access to all attributes. >>>>> >>>>> The ldbsearch command is not returning anything in my case, it >>>>> gives me 0 records - no matter which user I try, even the >>>>> Administrator. I checked the >>>>> command several times to make sure there are no typos. I even >>>>> changed the objectclass from "person" to "user" to see if it makes >>>>> any difference but it doesn't. >>>>> >>>>> I tried borth /var/lib/samba/sam.ldb >>>>> and /var/lib/samba/private/sam.ldb) and the environment >>>>> environment has LDB_MODULES_PATH set. >>>>> >>>>> I can easily look at the objects using the ADUC from the RSAT, not >>>>> sure why >>>>> this isn't working... >>>>> >>>>> On 19 June 2017 at 12:59, Rowland Penny via samba >>>>> <samba at lists.samba.org> wrote: >>>>> >>>>> On Mon, 19 Jun 2017 12:38:09 +0200 >>>>>> Viktor Trojanovic <viktor at troja.ch> wrote: >>>>>> >>>>>> Here is the DC's smb.conf: >>>>>>> >>>>>>> [global] >>>>>>> workgroup = SAMDOM >>>>>>> realm = SAMDOM.EXAMPLE.COM >>>>>>> netbios name = DC >>>>>>> interfaces = lo br-lxc >>>>>>> bind interfaces only = Yes >>>>>>> server role = active directory domain controller >>>>>>> dns forwarder = 192.168.1.2 >>>>>>> idmap_ldb:use rfc2307 = yes >>>>>>> >>>>>>> [netlogon] >>>>>>> path = /var/lib/samba/sysvol/samdom.example.com/scripts >>>>>>> read only = No >>>>>>> >>>>>>> [sysvol] >>>>>>> path = /var/lib/samba/sysvol >>>>>>> read only = No >>>>>>> >>>>>> Nothing wrong there >>>>>> >>>>>> I'm not sure what you mean by showing you the user's AD object, >>>>>> can >>>>>>> you elaborate? >>>>>>> >>>>>> OK, install ldb-tools if not installed, then run this: >>>>>> >>>>>> ldbsearch -H /usr/local/samba/private/sam.ldb -b >>>>>> 'cn=users,dc=samdom,dc=example,dc=com' -s sub >>>>>> "(&(objectclass=person)(samaccountname=rowland))" >>>>>> >>>>>> Just in case it has got split up over multiple lines, the above >>>>>> should just one line. >>>>>> >>>>>> Replace: >>>>>> /usr/local/samba/private/sam.ldb with the path to your sam.ldb >>>>>> >>>>>> dc=samdom,dc=example,dc=com with your dns/realm names >>>>>> >>>>>> rowland with your users name >>>>>> >>>>>> You should get something like this back: >>>>>> >>>>>> # record 1 >>>>>> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com >>>>>> CN: Rowland Penny >>>>>> sn: Penny >>>>>> description: A Unix user >>>>>> givenName: Rowland >>>>>> instanceType: 4 >>>>>> whenCreated: 20151109093821.0Z >>>>>> displayName: Rowland Penny >>>>>> uSNCreated: 3365 >>>>>> name: Rowland Penny >>>>>> objectGUID: 28103293-9fc9-4681-b19c-ae1150fe2b72 >>>>>> userAccountControl: 66048 >>>>>> codePage: 0 >>>>>> countryCode: 0 >>>>>> homeDrive: H: >>>>>> pwdLastSet: 130915355010000000 >>>>>> primaryGroupID: 513 >>>>>> objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107 >>>>>> accountExpires: 0 >>>>>> sAMAccountName: rowland >>>>>> sAMAccountType: 805306368 >>>>>> userPrincipalName: rowland at samdom.example.com >>>>>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC>>>>>> example,DC=c >>>>>> om >>>>>> unixUserPassword: ABCD!efgh12345$67890 >>>>>> uid: rowland >>>>>> msSFU30Name: rowland >>>>>> msSFU30NisDomain: samdom >>>>>> uidNumber: 10000 >>>>>> gecos: Rowland Penny >>>>>> unixHomeDirectory: /home/rowland >>>>>> loginShell: /bin/bash >>>>>> memberOf: CN=DnsAdmins,CN=Users,DC=samdom,DC=example,DC=com >>>>>> memberOf: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com >>>>>> memberOf: CN=TestGroup,CN=Users,DC=samdom,DC=example,DC=com >>>>>> memberOf: CN=Unix Admins,CN=Users,DC=samdom,DC=example,DC=com >>>>>> memberOf: CN=Group12,CN=Users,DC=samdom,DC=example,DC=com >>>>>> homeDirectory: \\MEMBER1\home\rowland >>>>>> objectClass: top >>>>>> objectClass: securityPrincipal >>>>>> objectClass: person >>>>>> objectClass: organizationalPerson >>>>>> objectClass: user >>>>>> gidNumber: 10000 >>>>>> lastLogonTimestamp: 131418520439158520 >>>>>> whenChanged: 20170613182723.0Z >>>>>> uSNChanged: 121030 >>>>>> lastLogon: 131423412865104840 >>>>>> logonCount: 633 >>>>>> distinguishedName: CN=Rowland >>>>>> Penny,CN=Users,DC=samdom,DC=example,DC=com >>>>>> >>>>>> # returned 1 records >>>>>> # 1 entries >>>>>> # 0 referrals >>>>>> >>>>>> Please post that, though you can sanitise it if you like, but if >>>>>> you do, use the same changes through out. >>>>>> >>>>>> Samba is running on (Arch) Linux with Kernel 4.11. Clients are >>>>>>> Windows 10 with all the latest updates, I'm running the RSAT from >>>>>>> there. >>>>>>> >>>>>>> In which case you will not have 'Unix Attributes' tab in ADUC. >>>>>> Rowland >>>>>> >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and read the >>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>> >>>>>> Use this command replace my name with your username. >>>> /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb >>>> -b 'dc=samdom,dc=example,dc=local' -s sub >>>> "(&(objectclass=person)(samacc ountname=james))" >>>> >>>> Rowland was linking to the CN=users. Yours may not be located there. >>>> >>>> >>>> I could swear I tried this before, too, but it didn't give me any >>>> results. >>> Now all of a sudden it does. I must have made a mistake. It gives me >>> one entry and 3 referrals. >>> >>> [root at DC ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b >>> 'dc=samdom,dc=example,dc=ch' -s sub >>> "(&(objectclass=person)(samaccountname=jd))" >>> # record 1 >>> dn: CN=First Last,OU=OFFICE,DC=samdom,DC=example,DC=ch >>> objectClass: top >>> objectClass: person >>> objectClass: organizationalPerson >>> objectClass: user >>> cn: Jane Doe >>> sn: Doe >>> givenName: Jane >>> instanceType: 4 >>> whenCreated: 20170618195208.0Z >>> displayName: Jane Doe >>> uSNCreated: 26951 >>> name: Jane Doe >>> objectGUID: e2df5086-fa25-4a25-93f2-d8f5e85a47e7 >>> badPwdCount: 0 >>> codePage: 0 >>> countryCode: 0 >>> badPasswordTime: 0 >>> lastLogoff: 0 >>> primaryGroupID: 513 >>> objectSid: S-1-5-21-4280320235-2980747731-3738778716-1116 >>> accountExpires: 9223372036854775807 >>> sAMAccountName: jd >>> sAMAccountType: 805306368 >>> userPrincipalName: jd at samdom.example.ch >>> objectCategory: >>> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example ,DC=ch >>> userAccountControl: 512 >>> msSFU30NisDomain: samdom >>> homeDrive: P: >>> homeDirectory: \\fileserver\users\jd >>> lastLogonTimestamp: 131422908301256970 >>> pwdLastSet: 131422908304075720 >>> uidNumber: 11008 >>> whenChanged: 20170618203831.0Z >>> uSNChanged: 26964 >>> lastLogon: 131423462588474750 >>> logonCount: 49 >>> distinguishedName: CN=Jane Doe,OU=OFFICE,DC=samdom,DC=example,DC=ch >> OK, glad we got that sorted out ;-) >> >> Your user 'Jane Doe' does not have a 'gidNumber' attribute, does >> 'Domain Users have a 'gidNumber attribute' ? >> > It does, it's set to 10001. > > And none of the users have gidNumber set.Is the users Primary group name/GID set as 'Domain Users'? -- -- James
Apparently Analagous Threads
- New AD user cannot access file share from member server
- New AD user cannot access file share from member server
- New AD user cannot access file share from member server
- New AD user cannot access file share from member server
- New AD user cannot access file share from member server