[Samba] net ads join explication ?
nathalie ramat
nathalie.ramat at univ-littoral.fr
Thu Nov 7 13:00:31 UTC 2019
My Dc is under linux - my version of linux is 5.2.0-3-amd64
My client os is also under linux et the version is 5.2.0-2-amd64. I have
also client windows10.
I put the result of the test
Collected config --- 2019-11-07-13:14 -----------
Hostname: clientblues2
DNS Domain: sambadom.calais.fr
FQDN: clientblues2.sambadom.calais.fr
ipaddress: 192.168.xx.233
-----------
Kerberos SRV _kerberos._tcp.sambadom.calais.fr record verified ok,
sample output:
Server: 192.168.xx.230
Address: 192.168.xx.230#53
_kerberos._tcp.sambadom.calais.fr service = 0 100 88
blueyestest.sambadom.calais.fr.
Samba is running as an Unix domain member but 'winbindd' is NOT running.
Check that the winbind package is installed.
Detected, Samba is running winbind only. Auth-only server, Unix domain
member
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux bullseye/sid"
NAME="Debian GNU/Linux"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian bullseye/sid x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether a2:75:42:40:54:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.xx.233/24 brd 192.168.22.255 scope global
noprefixroute ens18
inet6 fe80::a075:42ff:fe40:546b/64 scope link noprefixroute
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
192.168.xx.233 clientblues2.sambadom.calais.fr clientblues2
192.168.xx.230 blueyestest.sambadom.calais.fr blueyestest
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
-----------
Checking file: /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.xx.230
nameserver 193.49.xx.10
nameserver 195.220.xx.10
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = SAMBADOM.CALAIS.FR
kdc_timesync =1
ccache_type = 4
forwardable = true
proxiable = true
dns_lookup_realm = false
dns_lookup_kdc = true
#fcc-mit-ticketflags = true
#allow_weak_crypto = true
#default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
#default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes= as256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
[realms]
SAMBADOM.CALAIS.FR = {
kdc = blueyestest.sambadom.calais.fr
admin_server = blueyestest.sambadom.calais.fr
default_domain =sambadom.calais.fr
}
[domain_realm]
sambadom.calais.fr = SAMBADOM.CALAIS.FR
.sambadom.calais.fr = SAMBADOM.CALAIS.FR
[logging]
default=file:/var/log/krb5.log
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files winbind systemd
group: files winbind systemd
shadow: files winbind systemd
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
[global]
security =ADS
realm = SAMBADOM.CALAIS.FR
workgroup =SAMBADOM
netbios name = clientblues2
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
idmap config * : backend=tdb
idmap config * : range=1000-2000
idmap config SAMBADOM : backend = ad
idmap config SAMBADOM : schema_mode =rfc2307
idmap config SAMBADOM : range = 10000-600000
idmap config SAMBADOM : unix_nss_info = yes
idmap config SAMBADOM : unix_primary_group = yes
winbind nss info = template
template homedir =/etudiants/%U
template shell =/bin/bash
kerberos method = secrets and keytab
dedicated keytab file =/etc/krb5.keytab
winbind refresh tickets =yes
#
username map = /etc/samba/user.map
winbind use default domain = yes
log file =/var/log/samba/log.%m
log level = 5
# for acl support on members servers with shares
vfs object = acl_xattr
map acl inherit = yes
store dos attributes = yes
# winbind nss info = rfc2307
-----------
Running as Unix domain member and user.map detected.
Contents of /etc/samba/user.map
!root = SAMBADOM\administrator
Server Role is set to : auto
-----------
Installed packages:
ii acl 2.2.53-5 amd64 access control list
- utilities
ii fonts-quicksand 0.2016-2 all
sans-serif font with round attributes
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-locales 1.17-6 all
internationalization support for MIT Kerberos
ii krb5-user 1.17-6 amd64 basic
programs to authenticate using MIT Kerberos
ii libacl1:amd64 2.2.53-5 amd64 access
control list - shared library
ii libattr1:amd64 1:2.4.48-5 amd64 extended
attribute handling - shared library
ii libgssapi-krb5-2:amd64 1.17-6 amd64
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3:amd64 1.17-6 amd64 MIT
Kerberos runtime libraries
ii libkrb5support0:amd64 1.17-6 amd64
MIT Kerberos runtime libraries - Support library
ii libnss-winbind:amd64 2:4.9.13+dfsg-1 amd64
Samba nameservice integration plugins
ii libpam-winbind:amd64 2:4.9.13+dfsg-1 amd64
Windows domain authentication integration plugin
ii libsmbclient:amd64 2:4.9.13+dfsg-1 amd64
shared library for communication with SMB/CIFS servers
ii libwbclient0:amd64 2:4.9.13+dfsg-1 amd64
Samba winbind client library
ii python-samba 2:4.9.13+dfsg-1 amd64 Python
bindings for Samba
ii samba-common 2:4.9.13+dfsg-1 all common
files used by both the Samba server and client
ii samba-common-bin 2:4.9.13+dfsg-1 amd64 Samba
common files used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.9.13+dfsg-1
amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.9.13+dfsg-1 amd64 Samba
core libraries
ii winbind 2:4.9.13+dfsg-1 amd64 service to
resolve user and group information from Windows NT servers
-----------
Le 07/11/2019 à 12:37, Rowland penny via samba a écrit :
> On 07/11/2019 11:08, nathalie ramat via samba wrote:
>> Hello ,
>>
>> I want to add my linux client in my ad .
>>
>> I use net ads join -U administrator
>> passwd : xxxx
>>
>> and I wait and I have no reponse but if I put 8 times t he key
>> enter, my machine is add to my add but I have this message error :
>> error reading from file descriptor 0 : empty password which come
>> from the server
>>
>> I don't understand why .
>>
>>
>> My server is samba 4.11 and my client use winbind .
>
> There doesn't seem to be anything wrong with your smb.conf, were
> 'smdb', 'nmbd' and 'winbind' running before the join ?
>
> Can you download this:
> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>
> Run it on the Unix domain member and post the output into a reply to
> this post, do not attach it, this list strips attachments.
>
> Also, what is he DC ? OS and version.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Nathalie RAMAT-LECLERCQ
Service Informatique
Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux
Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699
62228 CALAIS CEDEX
More information about the samba
mailing list