search for: stephenellwood

...DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH" --home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH" --login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER" --gid-number=10000 -U "administrator%$SAMBA_ADMIN_PASSWORD" User 'stephenellwood' created successfully After entering this, you see I get a confirmation prompt indicating my user was created. When I hop onto my domain fileserver, I can see the new user, and this gives me additional confidence this has actually been created: pi at fs1:~ $ wbinfo -u stephenellwood admini...

...Rowland, thanks for your suggestions. I have read and re-read the Samba docs to try and understand where I went wrong here. I added the uidNumber and gidNumber exactly as per your comments and that seems to improve the situation markedly. I can now at least see that the share exists from SAMDOM\stephenellwood which wasn't possible before. File access is now possible from SAMDOM/stephenellwood when I configure NTFS security permissions to allow read and write access for group Everyone. I am still seeing issues with fileshare access from custom AD groups though. For example, I removed the NTFS se...

...home="$UNIXHOMEFOLDERPATH" > --home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH" > --login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER" > --gid-number=10000 -U "administrator%$SAMBA_ADMIN_PASSWORD" > User 'stephenellwood' created successfully > > After entering this, you see I get a confirmation prompt > indicating my > user was created. When I hop onto my domain fileserver, I can see the > new user, and this gives me additional confidence this has > actually been > created: > &gt...

...to see if it could be upgraded using apt to something a little more recent but apparently not :( > dns forwarder = XXX XXX XXX (obliterated here for privacy reasons!) > > You might as well 'obliterate' totally, it is only used on a DC. Duly noted, thanks for the tip. > So, stephenellwood is an AD user, but is it also a Unix user? Aha! That's probably why my setup is not working! My passwd file on fs1 below suggests there is no stephenellwood unix user account pi at fs1:~ $ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2...

...SAMDOM/Administrator. However when I checked using Windows RSAT ADUC there is apparently no uidNumber set for this Administrator account by default. Is that what you would expect to see, presumably I do not need to supply uidNumbers for built-in default accounts? 2) I originally created SAMDOM/stephenellwood at the the DC command-line like so: sudo samba-tool user add your_domain_user --given-name=your_name --surname=your_username --mail-address=your_domain_user at tecmint.lan --login-shell=/bin/bash The Samba docs here https://wiki.samba.org/index.php/Idmap_config_ad appear to suggest that the s...

...something a little more > recent but apparently not :( > > > dns forwarder = XXX XXX XXX (obliterated here for privacy reasons!) > > > > You might as well 'obliterate' totally, it is only used on a DC. > > Duly noted, thanks for the tip. > > > So, stephenellwood is an AD user, but is it also a Unix user? > > Aha! That's probably why my setup is not working! My passwd file on > fs1 below suggests there is no stephenellwood unix user account > > pi at fs1:~ $ cat /etc/passwd > root:x:0:0:root:/root:/bin/bash > daemon:x:1:1:daemon...

...suggestions. I have read and re-read the > Samba docs to try and understand where I went wrong here. > > I added the uidNumber and gidNumber exactly as per your comments and > that seems to improve the situation markedly. I can now at least see > that the share exists from SAMDOM\stephenellwood which wasn't > possible before. File access is now possible from > SAMDOM/stephenellwood when I configure NTFS security permissions to > allow read and write access for group Everyone. > > I am still seeing issues with fileshare access from custom AD groups > though. For exa...

...= Yes   store dos attributes = Yes [OgdenFiles]        path = /fsrv/shares/OgdenFiles        read only = no When I enter wbinfo on the fileserver I can see the user account stephene that I wish to use to access the share, but it doesn't seem to work in Windows. pi at fs1:~ $ wbinfo -u stephenellwood administrator krbtgt guest Can anyone possibly suggest what I am doing wrong here - possibly a permissions issue? This is a little frustrating as I seem very close to getting everything I need working here! Thanks Stephen Ellwood

...] >        path = /fsrv/shares/OgdenFiles >        read only = no > > > When I enter wbinfo on the fileserver I can see the user account > stephene that I wish to use to access the share, but it doesn't seem > to work in Windows. > > pi at fs1:~ $ wbinfo -u > stephenellwood > administrator > krbtgt > guest So, stephenellwood is an AD user, but is it also a Unix user? Have you added RFC2307 attributes to AD ? Have you installed these packages: libpam-winbind libnss-winbind libpam-krb5 Have you added 'winbind' to the 'passwd' & 'group...