Hi again, Thanks. Now, please see my smb.conf and my testparm. ;) smb.conf https://pastebin.com/WR2CY9SW testparm https://pastebin.com/2jMDtWs2 And yes, if I do getent passwd boubou, I have a good answer. I paste the output in the testparm link. If I type \\FILESRV on my PC, credentials are asked, I can see the share FTPFiles and boubou but I cant browse or display the content. Why ? rwxr-xr-x 4 boubou boubou 4.0K Aug 17 16:56 boubou drwsrwxrwx 11 root BUILTIN\administrators 4.0K Aug 11 16:46 site Thanks! Sébastien -----Message d'origine----- De : samba [mailto:samba-bounces at lists.samba.org] De la part de Rowland Penny via samba Envoyé : 17 août 2017 16:29 À : samba at lists.samba.org Objet : Re: [Samba] Share access problem On Thu, 17 Aug 2017 15:53:59 -0400 <Sebastien.Boulianne at cpu.ca> wrote:> Hi Rowland, > > Thanks AGAIN for your answer. > I followed what you advise me to do... > If you tell me something and I didn't change it, I forget it. > > I give you more infos this time: > > Please look at my full smb.conf > https://pastebin.com/WR2CY9SW > > Now, please check my testparm result > https://pastebin.com/2jMDtWs2 > > Can you explain that sir ? >Yes OH sorry, you want me to tell you why you have got this in the testparm result. idmap config cpu : range = 10000-20000 idmap config cpu : backend = rid idmap config * : range = 10000-20000 idmap config * : backend = tdb I already have!!!! If I remove all the default settings (and the ones that shouldn't be there) from your smb.conf, I get this: [global] netbios name = FILESRV domain master = no local master = no preferred master = no workgroup = DOMAIN realm = DOMAIN.QC.CA security = ADS username map = /usr/local/samba/etc/user.map interfaces = eth0 log file = /var/log/samba/log.%m log level = 3 passdb:5 auth:5 max log size = 1000 panic action = /usr/share/samba/panic-action %d server role = member server idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config domain : backend = rid idmap config domain : range = 10000-20000 winbind use default domain = yes winbind refresh tickets = yes winbind offline logon = true template shell = /bin/bash template homedir = /home/%D client ntlmv2 auth = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes usershare max shares = 100 printcap name = /etc/printcap load printers = no [homes] comment = Home Directories browseable = no writable = yes [FTPFiles] comment = Files path = /glftpd/site read only = yes create mask = 0777 directory mask = 0777 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers You will notice that I have removed 'winbind gid = 10000-20000' and look, the range you are getting from testparm is '10000-20000' (hint, hint) Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Thu, 17 Aug 2017 17:18:38 -0400 <Sebastien.Boulianne at cpu.ca> wrote:> Hi again, > > Thanks. > Now, please see my smb.conf and my testparm. ;) > > smb.conf > https://pastebin.com/WR2CY9SW > > testparm > https://pastebin.com/2jMDtWs2 > > And yes, if I do getent passwd boubou, I have a good answer. > I paste the output in the testparm link. > > If I type \\FILESRV on my PC, > credentials are asked, > I can see the share FTPFiles and boubou but I cant browse or display > the content. Why ? rwxr-xr-x 4 boubou boubou 4.0K Aug 17 16:56 > boubou drwsrwxrwx 11 root BUILTIN\administrators 4.0K Aug 11 16:46 > site >I went through your smb conf and removed any lines that were the default settings or shouldn't be there and posted the result, you could have cut and pasted that over your smb.conf. Mind you, it wouldn't have helped with your problem. If you look at the idmap block in your smb.conf, there is this: idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config domain : backend = rid idmap config domain : range = 10000-20000 The '*' range is for the Well Known SIDS The 'domain' range is for the AD users & groups You have now posted this: getent passwd boubou boubou:x:1000:1000:Sebastien Boulianne,,,:/home/boubou:/bin/bash Hmm, '1000' isn't inside '3000-7999' or '10000-20000' If we look at your /etc/nsswitch.conf we find these lines: passwd: files winbind group: files winbind This means that /etc/passwd is checked first for 'boubou' and if found this user is returned, if not found, winbind is checked and if found the user is returned. Now, as I said above, the ID for 'boubou' isn't inside either of the domain ranges, this leads to only one conclusion, 'boubou' is in /etc/passwd. Is 'boubou' also in AD ? You cannot have a user in /etc/passwd and AD Until 'getent passwd boubou' returns an ID number inside the '10000-20000' range, he will not be recognised by the Unix machine as an AD user. Rowland
Good morning Rowland, I agree, the user boubou is a local user and an AD user too. If I use another user, vakjak: # getent passwd vakjak vakjak:*:11049:10004::/home/DOMAIN:/bin/bash I got that output so I bet its right. How can I login with a login name as Sebastien[space]Boulianne on Samba ? Thanks! Sébastien -----Messa ge d'origine----- De : samba [mailto:samba-bounces at lists.samba.org] De la part de Rowland Penny via samba Envoyé : 18 août 2017 02:51 À : samba at lists.samba.org Objet : Re: [Samba] Share access problem On Thu, 17 Aug 2017 17:18:38 -0400 <Sebastien.Boulianne at cpu.ca> wrote:> Hi again, > > Thanks. > Now, please see my smb.conf and my testparm. ;) > > smb.conf > https://pastebin.com/WR2CY9SW > > testparm > https://pastebin.com/2jMDtWs2 > > And yes, if I do getent passwd boubou, I have a good answer. > I paste the output in the testparm link. > > If I type \\FILESRV on my PC, > credentials are asked, > I can see the share FTPFiles and boubou but I cant browse or display > the content. Why ? rwxr-xr-x 4 boubou boubou 4.0K Aug 17 16:56 > boubou drwsrwxrwx 11 root BUILTIN\administrators 4.0K Aug 11 16:46 > site >I went through your smb conf and removed any lines that were the default settings or shouldn't be there and posted the result, you could have cut and pasted that over your smb.conf. Mind you, it wouldn't have helped with your problem. If you look at the idmap block in your smb.conf, there is this: idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config domain : backend = rid idmap config domain : range = 10000-20000 The '*' range is for the Well Known SIDS The 'domain' range is for the AD users & groups You have now posted this: getent passwd boubou boubou:x:1000:1000:Sebastien Boulianne,,,:/home/boubou:/bin/bash Hmm, '1000' isn't inside '3000-7999' or '10000-20000' If we look at your /etc/nsswitch.conf we find these lines: passwd: files winbind group: files winbind This means that /etc/passwd is checked first for 'boubou' and if found this user is returned, if not found, winbind is checked and if found the user is returned. Now, as I said above, the ID for 'boubou' isn't inside either of the domain ranges, this leads to only one conclusion, 'boubou' is in /etc/passwd. Is 'boubou' also in AD ? You cannot have a user in /etc/passwd and AD Until 'getent passwd boubou' returns an ID number inside the '10000-20000' range, he will not be recognised by the Unix machine as an AD user. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba