[Samba] debian 10: errors with my server samba-ad

nathalie ramat nathalie.ramat at univ-littoral.fr
Tue May 14 09:58:29 UTC 2019


My user must be able to connect under windows and under linux. The home 
is common. Their home is on the server.

Like there are students - they are identified by their formation( group) 
and by their login

for example /home/specifique/testlundi

For me the etudiant belong to a group  and i have create each group on OU

and i take the last number for sid group for gidnumber - it was to find 
out which group he belonged to - It's not a good idea ?

on my smb.conf on the server i put

     read only = no

Actually - i can't put my client linux in my ad.
net ads join -S nameofsever -U administrator --> doestn't give my 
response -- It wait  ...

my client linux smb.conf is

     security =ADS
     workgroup =LENZSPITZE2
     netbios name = testbugsterl
     winbind separator = /
     winbind enum users = yes
     winbind enum groups = yes
     idmap config LENZSPITZE2 : backend = ad
     idmap config LENZSPITZE2 : schema_mode =rfc2307
     idmap config LENZSPITZE2 : range = 10000-399999999
     idmap config LENZSPITZE2 : unix_nss_info = yes
     template homedir =/etudiants/%U
     template shell =/bin/bash
     winbind nss info = rfc2307
     kerberos method =  secrets and keytab
     dedicated keytab file =/etc/krb5.keytab
     winbind refresh tickets =yes
     username map = /etc/samba/samba_usermapping
     winbind use default domain = yes
     log file =/var/log/samba/log.%m
     log level = 3
# for acl support on members servers with shares
     vfs object = acl_xattr
     map acl inherit = yes
     store dos attributes = yes
     winbind nss info = rfc2307

Le 14/05/2019 à 10:51, Rowland penny via samba a écrit :
> On 14/05/2019 09:27, nathalie ramat via samba wrote:
>> hi,
>> I modified my file named.conf.options .
>> When i use dig lenzspitze2.calais.fr I get an answer which contain 
>> answer section, authority section and additional section.
>> I haven't map "Domain users" into "user"
>> I recover the last number of sid for the uidnumber and the last 
>> number for sid group for gidnumber
> It isn't recommended to do that any more, RID's start at '1000' and so 
> do local Unix ID's, try starting at the same number that ADUC uses 
> '10000'
>> But getent passwd testlundi give me this response :
>> LENZSPITZE2\testlundi:*:1108:100:testlundi:/home/LENZSPITZE2/testlundi:/bin/bash 
>> The uidnumber is good but not the gidnumber.
> I personally don't think the uidNumber is good (see above), but unless 
> you give 'Domain Users' a gidNumber, the users GID will always be 
> '100', but only on a the DC, on any Unix domain members (using the 
> winbind 'ad' backend) you will get no AD users.
> You also do not need to do any of the this if you are either only 
> going to use the DC for authentication or as the only Unix fileserver 
> (no other Unix computers).
>> getent group specifique
>> LENZSPITZE2\specifique:x:1105:
> This will never be used as the users primary group on a Samba AD DC.
>> I have always  this response when I run smbclient -L localhost -U 
>> administrator on my server
>> Enter LENZSPITZE2\administrator's password:
>>     Sharename       Type      Comment
>>     ---------       ----      -------
>>     netlogon        Disk
>>     sysvol          Disk
>>     IPC$            IPC       IPC Service (Samba 
>> 4.9.5-Debian)
>> Reconnecting with SMB1 for workgroup listing.
>>     Server               Comment
>>     ---------            -------
>>     Workgroup            Master
>>     ---------            -------
>> I don't have any information for my server.
> Neither do I, this is because there is no network browsing on a DC.
>> when I run the command smbclient -L debiantest -U administrator on my 
>> client linux I have no response .
>> but I can ping debiantest and dig debiantest.lenzspitze2.calais.fr 
>> give me a response
>> I am a little confused. I don't know how to search
> Try the command like this:
> smbclient -L localhost -N
> Rowland


Service Informatique

Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux

Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699

More information about the samba mailing list