[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] user cannot access shares on new ad-dc
From:       Klaus Hartnegg via samba <samba () lists ! samba ! org>
Date:       2017-09-29 15:07:05
Message-ID: E9AB8ED8-618E-4F3A-BE86-D66E327945D8 () gmx ! de
[Download RAW message or body]

On 29.09.2017 16:00 Rowland Penny wrote;
> > But is PAM really necessary on a DC?
> Yes, if you want to use it as a fileserver
> > The Wiki says that winbindd is optional.
> Point me to where it says that and if required, I will alter it.

Page: Setting_up_Samba_as_an_Active_Directory_Domain_Controller
Section: Configuring Winbindd on a Samba AD DC

> Yes, sysvol will work without it, but sysvol is only used by Windows
> clients and users.

But it does not work! Only Administrator can access the contents of shares, users \
cannot.

Can I somehow ask samba to log the reason for why it denies users access to all \
shares? I could not find that in any of the logfiles.

By the way the page Pam_winbind_Link had a typo 368 vs 386 in the command
ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/i368-linux-gnu/security/
I fixed that in the wiki, ran the correct command, then ran "pam-auth-update" again.
Chown still cannot use AD-Names.

The wiki is confusing. If several more steps are required to get a working AD (like \
links for nss and pam), it should tell so IN ONE PLACE. Not ask the readers to jump \
around between several different pages, which themselves point to yet other pages.

Klaus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[prev in list] [next in list] [prev in thread] [next in thread]