D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Samba Active Directory

 



On 03/12/2019 19:09, mr meowski wrote:
On 03/12/2019 17:57, Martin Gautier wrote:
Hi

Does anyone have any experience of using Samba as an Active Directory
connecting Win10 clients?

I seem to have everything loaded and working including drive maps and
GPO but I'm struggling with Folder Redirection. Basically, it doesn't
work. The client logs in Event Viewer complain with Event ID 502 Access
Denied.

I've followed the Samba docs' recommended methods of setting it up and
double-checked with other online sources too. Everything else works and
I get no errors in the server logs.

Permissions "seem" correct and clients can CRUD files and directories on
the drive mappings manually. Obviously the server doesn't like the
permissions for some reason but I'm buggered if I can work out what...

Any ideas? Gotchas? troubleshooting tips?

Cheers


There's a million things that could go wrong here but you're probably
right - it's going to be permissions which will be easier to _diagnose_
from the client side but you'll have to _fix_ on the server side.

Without access to a lot more information that isn't suitable for sharing
on public mailing lists the exact issue is going to be hard for anyone
without access to the boxes themselves to dig into but have you checked
the relevant part of the GPO is actually getting applied to the clients
correctly? What if you gpupdate /force on a client with issues? Should
give you hints about security descriptors etc if you're lucky.

Good luck, this can be like descending into the seventh circle of hell!
Yes, lol. I'm in hell.

There no errors on the GPO side. It's all accepted and implemented. It's just that when a user logs in, they get no folder redirects and an error in Event Viewer for each directory saying "access denied".

I've implemented it via [https://wiki.samba.org/index.php/User_Home_Folders]

There's a few other howtos out there that basically say the same thing. Most suggest adding "Authenticated Users" to the share permissions - which I've done.

Dialling the Samba logs up to 11 basically gives me the same "access denied" error in the samba logs - with no clue as to who's/what's permissions were refused.

Thanks anyway.

--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq