[Samba] net ads join -- strange message
Rowland penny
rpenny at samba.org
Wed Oct 23 10:45:20 UTC 2019
On 23/10/2019 10:51, nathalie ramat via samba wrote:
> Hello,
>
> I have an server ad - everything seems ok
> I have a windows client and a linux client . The users must to connect
> on windows or on linux with the same home.
>
> when I join my client linux with the command net ads join -U
> administration I have after the following message
>
> net ads join -U administrator
> Enter administrator's password:
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
> Using short domain name -- SAMBADOM
> Joined 'CLIENTBLUESEYE' to dns domain 'sambadom.calais.fr'
>
> but my machine is joined to my samba AD.
>
> Why I have this error ?
I do not think this has anything to do with Samba, but 'The users must
to connect on windows or on linux with the same home' may give a hint,
are you using something like pam-mount ?
>
> My smb.conf server is :
>
> # Global parameters
> [global]
> dns forwarder = 193.49.xxx.xxx
> netbios name = BLUEYESTEST
> realm = SAMBADOM.CALAIS.FR
> server role = active directory domain controller
> workgroup =SAMBADOM
> idmap_ldb:use rfc2307 = yes
> log level =5
> log file =/var/log/samba3/log.%M
> max log size = 1000
> host msdfs = no
> # vfs objects = acl_xattr
> # map acl inherit =yes
> # store dos attributes = yes
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> # for tests only
> winbind enum users =yes
> winbind enum groups =yes
> #
> winbind separator = /
> winbind use default domain = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/sambadom.calais.fr/scripts
> read only = No
> writable = yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> browsable =yes
> [homes]
> path=/home/SAMBADOM/%G/%U
> writable=yes
> read only = no
Er, you do know that 'writable=yes' and 'read only = no' mean the same
thing, you only need one of them.
>
>
> my smb.conf client linux is
>
> [global]
> security =ADS
> realm = SAMBADOM.CALAIS.FR
> workgroup =SAMBADOM
> netbios name = clientblueseye
> winbind separator = /
> winbind enum users = yes
> winbind enum groups = yes
>
>
> idmap config * : backend=tdb
> idmap config * : range=1000-2000
With that line, you cannot have any local Unix users
>
> idmap config SAMBADOM : backend = ad
> idmap config SAMBADOM : schema_mode =rfc2307
> idmap config SAMBADOM : backend = rid
> idmap config SAMBADOM : range = 10000-600000
> idmap config SAMBADOM : unix_nss_info = yes
> idmap config SAMBADOM : unix_primary_group = yes
Sorry, but you cannot use both the 'ad' and 'rid' winbind backend,
choose one and remove the other and if you choose 'rid', remove the
unneeded extra 'ad' lines
> template homedir =/etudiants/%U
>
> # template homedir = /home/%D/%G/%U
>
> template shell =/bin/bash
> kerberos method = secrets and keytab
> dedicated keytab file =/etc/krb5.keytab
> winbind refresh tickets =yes
> #
> # username map = /etc/samba/samba_usermapping
turn this back on
>
> winbind use default domain = yes
> log file =/var/log/samba/log.%m
> log level = 3
> # for acl support on members servers with shares
> # vfs object = acl_xattr
> # map acl inherit = yes
> # store dos attributes = yes
also turn these on again
Rowland
More information about the samba
mailing list