[prev in list] [next in list] [prev in thread] [next in thread]
List: samba
Subject: Re: [Samba] user cannot access shares on new ad-dc
From: Klaus Hartnegg via samba <samba () lists ! samba ! org>
Date: 2017-09-29 15:07:05
Message-ID: E9AB8ED8-618E-4F3A-BE86-D66E327945D8 () gmx ! de
[Download RAW message or body]
On 29.09.2017 16:00 Rowland Penny wrote;
> > But is PAM really necessary on a DC?
> Yes, if you want to use it as a fileserver
> > The Wiki says that winbindd is optional.
> Point me to where it says that and if required, I will alter it.
Page: Setting_up_Samba_as_an_Active_Directory_Domain_Controller
Section: Configuring Winbindd on a Samba AD DC
> Yes, sysvol will work without it, but sysvol is only used by Windows
> clients and users.
But it does not work! Only Administrator can access the contents of shares, users \
cannot.
Can I somehow ask samba to log the reason for why it denies users access to all \
shares? I could not find that in any of the logfiles.
By the way the page Pam_winbind_Link had a typo 368 vs 386 in the command
ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i368-linux-gnu/security/
I fixed that in the wiki, ran the correct command, then ran "pam-auth-update" again.
Chown still cannot use AD-Names.
The wiki is confusing. If several more steps are required to get a working AD (like \
links for nss and pam), it should tell so IN ONE PLACE. Not ask the readers to jump \
around between several different pages, which themselves point to yet other pages.
Klaus
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic