[Samba] Using GPO to mount shares on Linux
L.P.H. van Belle
belle at bazuin.nl
Tue Oct 24 14:52:33 UTC 2017
Hai,
I did a re-read of you thread.
First.
If you use smblcient, with a samba installed, use -s /path/alternative/smbclient.conf
If i did read it correct.
Your connecting from xUbuntu (samba version ??) to (debian8) samba 4.2 member
How did you join the xUbuntu?
https://docs.pagure.org/SSSD.sssd/users/ad_provider.html
Like this setup? ^^^
> This setup is working as expected (some windows bugs hide
> network drives, but is not samba problem).
Not a windows bug, but probely a ACL problem on sysvol, check windows event logs.
Works fine here since samba 4.2 DC's.
Now, i can only give a few advices.
1) upgrade the debian jessie to debian stretch, and start with samba 4.5.12 from debian.
2) tell us the xUbuntu version and the samba (smbclient) version
If i recall correct..
Sssd lower then 1.12 my have problems, but as Rowland also said,
I (we) know nothing about sssd here, except what i google.
If you did not read this one, please do.
https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
I dont know it it helps, but it shows some good settings and its good explained.
And if you get it working, please share the solution. ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Daniel Carrasco via samba
> Verzonden: dinsdag 24 oktober 2017 15:42
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Using GPO to mount shares on Linux
>
> Hello,
>
> My actual setup is:
>
> - 2 Domain Controller using Samba 4.7 stable (synced)
> - Multiple Windows Workstations that has joined the Domain without
> problem
> - 1 Linux server using Debian 8 with Samba 4.2 as Member
> Server joined
> also to that Domain
>
> This setup is working as expected (some windows bugs hide
> network drives,
> but is not samba problem). All workstations are able to login
> with domain
> credentials, and connect to shared drives on Linux server
> (managed by GPO
> and ACL).
>
> Now I've an xUbuntu workstation that I want to join to that
> Domain and I've
> used realm and sssd to the job. The basic setup works fine and:
>
> - I'm able to login with domain users credentials into the linux
> workstation
> - I can get the domain data like for example users and
> groups, and even
> use domain data to manage autofs
> - I can mount shares stored on a DC using Kerberos authentication
> - I can connect to shares using smbclient using Kerberos
> authentication
>
> My problem comes when I try to mount o connect to a share
> that is on Member
> server from the xUbuntu workstation, that give me the errors
> I've commented
> before. After your comments and research about SPN on google
> I think that
> maybe is the problem, but for now I'm not able to test it.
>
> Greetings!!
>
> 2017-10-24 14:40 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
>
> > On Tue, 24 Oct 2017 14:11:15 +0200
> > Daniel Carrasco <d.carrasco at i2tic.com> wrote:
> >
> > > Thanks Rowland.
> > >
> > > I'll give a try to both things (WG and SPN).
> > >
> > > To be honest, I ask here because the sssd daemon is working as
> > > expected allowing the authentication of the machine to the domain,
> > > and the real problem is that I'm not able to access to a
> shared drive
> > > using a Kerberos authentication (cifs and smbclient) and
> i've thought
> > > that maybe was a misconfiguration on member server (because works
> > > fine with domain server), and this server is configured as Samba4
> > > member server without sssd.
> > >
> >
> > Sorry, but I don't understand what you are trying to say.
> > Do you mean that it works on a Unix domain member against a
> Samba AD DC
> > and the Unix domain member isn't using sssd ?
> > Or do you mean something else, if so, please explain your set up.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> _________________________________________
>
> Daniel Carrasco Marín
> Ingeniería para la Innovación i2TIC, S.L.
> Tlf: +34 911 12 32 84 Ext: 223
> www.i2tic.com
> _________________________________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list