Samba Server on AD
by DanWIT24 from LinuxQuestions.org on (#6QAXK)
I wonder if anyone could help please as we are on a deadline at our company to complete this. We have a Samba server on Debian 11 with an inscure share that we are attempting to secure. I have recently bound it to our Active Directory domain using Winbind. When testing the share using smbclient I get back NT_STATUS_ACCESS_DENIED. Furthermore the Samba jouirnal logs are full of failed to convert SID to UID. Running wbinfo -u and wbinfo -g shows a list of users and groups on the domain respectively, however querying a particular users with wbinfo -i returns back failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND. It seems this error but I have searched none of the solution I have tried on the web have worked thus far. Please not that Kerberos is set and works fetching a ticket with kinit and klist.
The smb.conf config:-
Code:[global]
workgroup = DOMAIN
security = ads
realm = DOMAIN.COM
idmap config * : range = 10000-20000
idmap config * : backend = tdb
idmap config DOMAIN: range = 20000-30000
idmap config DOMAIN: backend = rid
winbind use default domain = true
winbind offline logon = false
template shell = /bin/bash
template homedir = /home/%U
log level = 5
[share]
comment = SHARE
read only = no
path = /path/to/share
guest ok = no
public = no
writable = yes
valid users = @"DOMAIN\\Domain Users"
The smb.conf config:-
Code:[global]
workgroup = DOMAIN
security = ads
realm = DOMAIN.COM
idmap config * : range = 10000-20000
idmap config * : backend = tdb
idmap config DOMAIN: range = 20000-30000
idmap config DOMAIN: backend = rid
winbind use default domain = true
winbind offline logon = false
template shell = /bin/bash
template homedir = /home/%U
log level = 5
[share]
comment = SHARE
read only = no
path = /path/to/share
guest ok = no
public = no
writable = yes
valid users = @"DOMAIN\\Domain Users"