[Samba] debian 10: errors with my server samba-ad

nathalie ramat nathalie.ramat at univ-littoral.fr
Tue May 14 09:58:29 UTC 2019 

hi,

My user must be able to connect under windows and under linux. The home 
is common. Their home is on the server.

Like there are students - they are identified by their formation( group) 
and by their login

for example /home/specifique/testlundi
                   /home/l1info/testmardi

For me the etudiant belong to a group  and i have create each group on OU




and i take the last number for sid group for gidnumber - it was to find 
out which group he belonged to - It's not a good idea ?


on my smb.conf on the server i put

[homes]
     path=/home/%G/%U
     read only = no


Actually - i can't put my client linux in my ad.
net ads join -S nameofsever -U administrator --> doestn't give my 
response -- It wait  ...

my client linux smb.conf is


  [global]
     security =ADS
     realm = LENZSPITZE2.CALAIS.FR
     workgroup =LENZSPITZE2
     netbios name = testbugsterl
     winbind separator = /
     winbind enum users = yes
     winbind enum groups = yes
     idmap config LENZSPITZE2 : backend = ad
     idmap config LENZSPITZE2 : schema_mode =rfc2307
     idmap config LENZSPITZE2 : range = 10000-399999999
     idmap config LENZSPITZE2 : unix_nss_info = yes
     template homedir =/etudiants/%U
     template shell =/bin/bash
     winbind nss info = rfc2307
     kerberos method =  secrets and keytab
     dedicated keytab file =/etc/krb5.keytab
     winbind refresh tickets =yes
     username map = /etc/samba/samba_usermapping
     winbind use default domain = yes
     log file =/var/log/samba/log.%m
     log level = 3
# for acl support on members servers with shares
     vfs object = acl_xattr
     map acl inherit = yes
     store dos attributes = yes
     winbind nss info = rfc2307




Le 14/05/2019 à 10:51, Rowland penny via samba a écrit :
> On 14/05/2019 09:27, nathalie ramat via samba wrote:
>> hi,
>>
>> I modified my file named.conf.options .
>> When i use dig lenzspitze2.calais.fr I get an answer which contain 
>> answer section, authority section and additional section.
>>
>> I haven't map "Domain users" into "user"
>>
>> I recover the last number of sid for the uidnumber and the last 
>> number for sid group for gidnumber
>
>
> It isn't recommended to do that any more, RID's start at '1000' and so 
> do local Unix ID's, try starting at the same number that ADUC uses 
> '10000'
>
>>
>> But getent passwd testlundi give me this response :
>>
>> LENZSPITZE2\testlundi:*:1108:100:testlundi:/home/LENZSPITZE2/testlundi:/bin/bash 
>>
>>
>> The uidnumber is good but not the gidnumber.
>
> I personally don't think the uidNumber is good (see above), but unless 
> you give 'Domain Users' a gidNumber, the users GID will always be 
> '100', but only on a the DC, on any Unix domain members (using the 
> winbind 'ad' backend) you will get no AD users.
>
> You also do not need to do any of the this if you are either only 
> going to use the DC for authentication or as the only Unix fileserver 
> (no other Unix computers).
>
>>
>> getent group specifique
>>
>> LENZSPITZE2\specifique:x:1105:
>>
> This will never be used as the users primary group on a Samba AD DC.
>
>
>>
>> I have always  this response when I run smbclient -L localhost -U 
>> administrator on my server
>>
>> Enter LENZSPITZE2\administrator's password:
>>
>>     Sharename       Type      Comment
>>     ---------       ----      -------
>>     netlogon        Disk
>>     sysvol          Disk
>>     IPC$            IPC       IPC Service (Samba 
>> 4.9.5-Debian)
>> Reconnecting with SMB1 for workgroup listing.
>>
>>     Server               Comment
>>     ---------            -------
>>
>>     Workgroup            Master
>>     ---------            -------
>>
>>
>> I don't have any information for my server.
>
>
> Neither do I, this is because there is no network browsing on a DC.
>
>>
>> when I run the command smbclient -L debiantest -U administrator on my 
>> client linux I have no response .
>>
>> but I can ping debiantest and dig debiantest.lenzspitze2.calais.fr 
>> give me a response
>>
>> I am a little confused. I don't know how to search
>>
> Try the command like this:
>
> smbclient -L localhost -N
>
> Rowland
>
>

-- 
Nathalie RAMAT-LECLERCQ

Service Informatique

Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux

Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699
62228 CALAIS CEDEX

More information about the samba mailing list