[Samba] net ads join -- strange message

Rowland penny rpenny at samba.org
Wed Oct 23 10:45:20 UTC 2019


On 23/10/2019 10:51, nathalie ramat via samba wrote:
> Hello,
>
> I have an server ad  - everything seems ok
> I have a windows client and a linux client . The users must to connect 
> on windows or on linux with the same home.
>
> when I join my client linux with the command net ads join -U 
> administration I have after the following message
>
> net ads join -U administrator
> Enter administrator's password:
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
>
> Error reading password from file descriptor 0: empty password
> Using short domain name -- SAMBADOM
> Joined 'CLIENTBLUESEYE' to dns domain 'sambadom.calais.fr'
>
> but my machine is joined to my samba AD.
>
> Why I have this error ?

I do not think this has anything to do with Samba, but 'The users must 
to connect on windows or on linux with the same home' may give a hint, 
are you using something like pam-mount ?


>
> My smb.conf server is  :
>
> # Global parameters
> [global]
>     dns forwarder = 193.49.xxx.xxx
>     netbios name = BLUEYESTEST
>     realm = SAMBADOM.CALAIS.FR
>     server role = active directory domain controller
>     workgroup =SAMBADOM
>     idmap_ldb:use rfc2307 = yes
>     log level =5
>     log file =/var/log/samba3/log.%M
>     max log size = 1000
>     host msdfs = no
> #    vfs objects = acl_xattr
> #    map acl inherit =yes
> #    store dos attributes = yes
>     load printers = no
>     printing = bsd
>     printcap name = /dev/null
>     disable spoolss = yes
>
> #  for tests only
>     winbind enum users =yes
>     winbind enum groups =yes
> #
>     winbind separator = /
>     winbind use default domain = yes
>
> [netlogon]
>     path = /var/lib/samba/sysvol/sambadom.calais.fr/scripts
>     read only = No
>     writable = yes
>
> [sysvol]
>     path = /var/lib/samba/sysvol
>     read only = No
>     browsable =yes
> [homes]
>     path=/home/SAMBADOM/%G/%U
>     writable=yes
>     read only = no
Er, you do know that 'writable=yes' and 'read only = no' mean the same 
thing, you only need one of them.
>
>
> my smb.conf client linux is
>
> [global]
>     security =ADS
>     realm = SAMBADOM.CALAIS.FR
>     workgroup =SAMBADOM
>     netbios name = clientblueseye
>     winbind separator = /
>     winbind enum users = yes
>     winbind enum groups = yes
>
>
>     idmap config * : backend=tdb
>     idmap config * : range=1000-2000
With that line, you cannot have any local Unix users
>
>     idmap config SAMBADOM : backend = ad
>     idmap config SAMBADOM : schema_mode =rfc2307
>     idmap config SAMBADOM : backend = rid
>     idmap config SAMBADOM : range = 10000-600000
>     idmap config SAMBADOM : unix_nss_info = yes
>     idmap config SAMBADOM : unix_primary_group = yes
Sorry, but you cannot use both the 'ad' and 'rid' winbind backend, 
choose one and remove the other and if you choose 'rid', remove the 
unneeded extra 'ad' lines
> template homedir =/etudiants/%U
>
> #    template homedir = /home/%D/%G/%U
>
>     template shell =/bin/bash
>     kerberos method =  secrets and keytab
>     dedicated keytab file =/etc/krb5.keytab
>     winbind refresh tickets =yes
> #
> #    username map = /etc/samba/samba_usermapping
turn this back on
>
>     winbind use default domain = yes
>     log file =/var/log/samba/log.%m
>     log level = 3
> # for acl support on members servers with shares
> #    vfs object = acl_xattr
> #    map acl inherit = yes
> #    store dos attributes = yes
also turn these on again

Rowland





More information about the samba mailing list