[Samba] debian 10: errors with my server samba-ad
nathalie ramat
nathalie.ramat at univ-littoral.fr
Tue May 14 09:58:29 UTC 2019
hi,
My user must be able to connect under windows and under linux. The home
is common. Their home is on the server.
Like there are students - they are identified by their formation( group)
and by their login
for example /home/specifique/testlundi
/home/l1info/testmardi
For me the etudiant belong to a group and i have create each group on OU
and i take the last number for sid group for gidnumber - it was to find
out which group he belonged to - It's not a good idea ?
on my smb.conf on the server i put
[homes]
path=/home/%G/%U
read only = no
Actually - i can't put my client linux in my ad.
net ads join -S nameofsever -U administrator --> doestn't give my
response -- It wait ...
my client linux smb.conf is
[global]
security =ADS
realm = LENZSPITZE2.CALAIS.FR
workgroup =LENZSPITZE2
netbios name = testbugsterl
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
idmap config LENZSPITZE2 : backend = ad
idmap config LENZSPITZE2 : schema_mode =rfc2307
idmap config LENZSPITZE2 : range = 10000-399999999
idmap config LENZSPITZE2 : unix_nss_info = yes
template homedir =/etudiants/%U
template shell =/bin/bash
winbind nss info = rfc2307
kerberos method = secrets and keytab
dedicated keytab file =/etc/krb5.keytab
winbind refresh tickets =yes
username map = /etc/samba/samba_usermapping
winbind use default domain = yes
log file =/var/log/samba/log.%m
log level = 3
# for acl support on members servers with shares
vfs object = acl_xattr
map acl inherit = yes
store dos attributes = yes
winbind nss info = rfc2307
Le 14/05/2019 à 10:51, Rowland penny via samba a écrit :
> On 14/05/2019 09:27, nathalie ramat via samba wrote:
>> hi,
>>
>> I modified my file named.conf.options .
>> When i use dig lenzspitze2.calais.fr I get an answer which contain
>> answer section, authority section and additional section.
>>
>> I haven't map "Domain users" into "user"
>>
>> I recover the last number of sid for the uidnumber and the last
>> number for sid group for gidnumber
>
>
> It isn't recommended to do that any more, RID's start at '1000' and so
> do local Unix ID's, try starting at the same number that ADUC uses
> '10000'
>
>>
>> But getent passwd testlundi give me this response :
>>
>> LENZSPITZE2\testlundi:*:1108:100:testlundi:/home/LENZSPITZE2/testlundi:/bin/bash
>>
>>
>> The uidnumber is good but not the gidnumber.
>
> I personally don't think the uidNumber is good (see above), but unless
> you give 'Domain Users' a gidNumber, the users GID will always be
> '100', but only on a the DC, on any Unix domain members (using the
> winbind 'ad' backend) you will get no AD users.
>
> You also do not need to do any of the this if you are either only
> going to use the DC for authentication or as the only Unix fileserver
> (no other Unix computers).
>
>>
>> getent group specifique
>>
>> LENZSPITZE2\specifique:x:1105:
>>
> This will never be used as the users primary group on a Samba AD DC.
>
>
>>
>> I have always this response when I run smbclient -L localhost -U
>> administrator on my server
>>
>> Enter LENZSPITZE2\administrator's password:
>>
>>     Sharename      Type     Comment
>> Â Â Â Â ---------Â Â Â Â Â Â ----Â Â Â Â Â -------
>>     netlogon       Disk
>>     sysvol         Disk
>> Â Â Â Â IPC$Â Â Â Â Â Â Â Â Â Â Â IPCÂ Â Â Â Â Â IPC Service (Samba
>> 4.9.5-Debian)
>> Reconnecting with SMB1 for workgroup listing.
>>
>>     Server              Comment
>> Â Â Â Â ---------Â Â Â Â Â Â Â Â Â Â Â -------
>>
>>     Workgroup           Master
>> Â Â Â Â ---------Â Â Â Â Â Â Â Â Â Â Â -------
>>
>>
>> I don't have any information for my server.
>
>
> Neither do I, this is because there is no network browsing on a DC.
>
>>
>> when I run the command smbclient -L debiantest -U administrator on my
>> client linux I have no response .
>>
>> but I can ping debiantest and dig debiantest.lenzspitze2.calais.fr
>> give me a response
>>
>> I am a little confused. I don't know how to search
>>
> Try the command like this:
>
> smbclient -L localhost -N
>
> Rowland
>
>
--
Nathalie RAMAT-LECLERCQ
Service Informatique
Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux
Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699
62228 CALAIS CEDEX
More information about the samba
mailing list