[Samba] Using GPO to mount shares on Linux

L.P.H. van Belle belle at bazuin.nl
Tue Oct 24 14:52:33 UTC 2017 

Hai, 

I did a re-read of you thread. 

First. 
If you use smblcient, with a samba installed, use -s /path/alternative/smbclient.conf 

If i did read it correct. 
Your connecting from  xUbuntu (samba version ??) to (debian8) samba 4.2 member

How did you join the xUbuntu? 
https://docs.pagure.org/SSSD.sssd/users/ad_provider.html 
Like this setup? ^^^ 

> This setup is working as expected (some windows bugs hide 
> network drives, but is not samba problem). 
Not a windows bug, but probely a ACL problem on sysvol, check windows event logs. 
Works fine here since samba 4.2 DC's. 

Now, i can only give a few advices. 
1) upgrade the debian jessie to debian stretch, and start with samba 4.5.12 from debian. 
2) tell us the xUbuntu version and the samba (smbclient) version 

If i recall correct.. 
Sssd lower then 1.12 my have problems, but as Rowland also said, 
I (we) know nothing about sssd here, except what i google. 
If you did not read this one, please do.
https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/ 
I dont know it it helps, but it shows some good settings and its good explained. 
And if you get it working, please share the solution.  ;-) 

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Daniel Carrasco via samba
> Verzonden: dinsdag 24 oktober 2017 15:42
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Using GPO to mount shares on Linux
> 
> Hello,
> 
> My actual setup is:
> 
>    - 2 Domain Controller using Samba 4.7 stable (synced)
>    - Multiple Windows Workstations that has joined the Domain without
>    problem
>    - 1 Linux server using Debian 8 with Samba 4.2 as Member 
> Server joined
>    also to that Domain
> 
> This setup is working as expected (some windows bugs hide 
> network drives,
> but is not samba problem). All workstations are able to login 
> with domain
> credentials, and connect to shared drives on Linux server 
> (managed by GPO
> and ACL).
> 
> Now I've an xUbuntu workstation that I want to join to that 
> Domain and I've
> used realm and sssd to the job. The basic setup works fine and:
> 
>    - I'm able to login with domain users credentials into the linux
>    workstation
>    - I can get the domain data like for example users and 
> groups, and even
>    use domain data to manage autofs
>    - I can mount shares stored on a DC using Kerberos authentication
>    - I can connect to shares using smbclient using Kerberos 
> authentication
> 
> My problem comes when I try to mount o connect to a share 
> that is on Member
> server from the xUbuntu workstation, that give me the errors 
> I've commented
> before. After your comments and research about SPN on google 
> I think that
> maybe is the problem, but for now I'm not able to test it.
> 
> Greetings!!
> 
> 2017-10-24 14:40 GMT+02:00 Rowland Penny via samba 
> <samba at lists.samba.org>:
> 
> > On Tue, 24 Oct 2017 14:11:15 +0200
> > Daniel Carrasco <d.carrasco at i2tic.com> wrote:
> >
> > > Thanks Rowland.
> > >
> > > I'll give a try to both things (WG and SPN).
> > >
> > > To be honest, I ask here because the sssd daemon is working as
> > > expected allowing the authentication of the machine to the domain,
> > > and the real problem is that I'm not able to access to a 
> shared drive
> > > using a Kerberos authentication (cifs and smbclient) and 
> i've thought
> > > that maybe was a misconfiguration on member server (because works
> > > fine with domain server), and this server is configured as Samba4
> > > member server without sssd.
> > >
> >
> > Sorry, but I don't understand what you are trying to say.
> > Do you mean that it works on a Unix domain member against a 
> Samba AD DC
> > and the Unix domain member isn't using sssd ?
> > Or do you mean something else, if so, please explain your set up.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> 
> -- 
> _________________________________________
> 
>       Daniel Carrasco Marín
>       Ingeniería para la Innovación i2TIC, S.L.
>       Tlf:  +34 911 12 32 84 Ext: 223
>       www.i2tic.com
> _________________________________________
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list