[Samba] net ads join -- strange message
nathalie ramat
nathalie.ramat at univ-littoral.fr
Fri Oct 25 07:33:12 UTC 2019
hello,
Le 23/10/2019 à 12:45, Rowland penny via samba a écrit :
> On 23/10/2019 10:51, nathalie ramat via samba wrote:
>> Hello,
>>
>> I have an server ad - everything seems ok
>> I have a windows client and a linux client . The users must to
>> connect on windows or on linux with the same home.
>>
>> when I join my client linux with the command net ads join -U
>> administration I have after the following message
>>
>> net ads join -U administrator
>> Enter administrator's password:
>>
>> Error reading password from file descriptor 0: empty password
>>
>> Error reading password from file descriptor 0: empty password
>>
>> Error reading password from file descriptor 0: empty password
>>
>> Error reading password from file descriptor 0: empty password
>>
>> Error reading password from file descriptor 0: empty password
>>
>> Error reading password from file descriptor 0: empty password
>>
>> Error reading password from file descriptor 0: empty password
>> Using short domain name -- SAMBADOM
>> Joined 'CLIENTBLUESEYE' to dns domain 'sambadom.calais.fr'
>>
>> but my machine is joined to my samba AD.
>>
>> Why I have this error ?
>
> I do not think this has anything to do with Samba, but 'The users must
> to connect on windows or on linux with the same home' may give a hint,
> are you using something like pam-mount ?
>
>
yes i use pam_mount.
I have modified the script pam_mount.conf.xml .to create the directory
of my user.
<?xml version="1.0" encoding="UTF-8"?>
<pam_mount>
<debug enable="1"/>
<mkmountpoint enable="1" />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck" />
<mntoptions require="nosuid,nodev" />
<lsof>/usr/bin/lsof %(MNTPT) </lsof>
<cifsmount> /sbin/mount.cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o
"user=%(USER),domain=SAMBADOM,uid=%(USER),gid=%(USERGID),cifsacl,file_mode=0700,dir_mode=0700"
</cifsmount>
<umount>/bin/umount %(MNTPT) </umount>
<volume
options="username=%(DOMAIN_USER),workgroup=%(DOMAIN_NAME),uid=%(DOMAIN_USER),fmask=700,file_mode=0700,dir_mode=0700"
mountpoint="/etudiants/%(USER)" path="%(DOMAIN_USER)"
server="blueyestest" fstype="cifs" />
</pam_mount>
The home of my user mount correctly. I have juste problem via les acl .
on the server my user have this rights
root at blueyestest:/home/SAMBADOM/specifique/testjeudi# ls -l
total 12
-rwxrwxr--+ 1 SAMBADOM/testjeudi SAMBADOM/specifique 0 oct. 21 11:59
testlinux21102019
drwxrwxr--+ 2 SAMBADOM/testjeudi SAMBADOM/specifique 4096 oct. 17 13:39
testwindow17102019
root at blueyestest:/home/SAMBADOM/specifique/testjeudi# getfacl
testlinux21102019
# file: testlinux21102019
# owner: SAMBADOM/testjeudi
# group: SAMBADOM/specifique
user::rwx
group::r--
group:SAMBADOM/specifique:r--
group:SAMBADOM/testjeudi:rwx
mask::rwx
other::r--
on my client linux the rights are :
-rwx------ 1 testjeudi specifique 0 oct. 21 11:59 testlinux21102019
drwxr-x--- 2 testjeudi specifique 0 oct. 17 13:39 testwindow17102019
I think that acl are not supported by smb3.1.1 ?
>>
>> My smb.conf server is :
>>
>> # Global parameters
>> [global]
>> dns forwarder = 193.49.xxx.xxx
>> netbios name = BLUEYESTEST
>> realm = SAMBADOM.CALAIS.FR
>> server role = active directory domain controller
>> workgroup =SAMBADOM
>> idmap_ldb:use rfc2307 = yes
>> log level =5
>> log file =/var/log/samba3/log.%M
>> max log size = 1000
>> host msdfs = no
>> # vfs objects = acl_xattr
>> # map acl inherit =yes
>> # store dos attributes = yes
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> # for tests only
>> winbind enum users =yes
>> winbind enum groups =yes
>> #
>> winbind separator = /
>> winbind use default domain = yes
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/sambadom.calais.fr/scripts
>> read only = No
>> writable = yes
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>> browsable =yes
>> [homes]
>> path=/home/SAMBADOM/%G/%U
>> writable=yes
>> read only = no
> Er, you do know that 'writable=yes' and 'read only = no' mean the same
> thing, you only need one of them.
>>
>>
>> my smb.conf client linux is
>>
>> [global]
>> security =ADS
>> realm = SAMBADOM.CALAIS.FR
>> workgroup =SAMBADOM
>> netbios name = clientblueseye
>> winbind separator = /
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>>
>> idmap config * : backend=tdb
>> idmap config * : range=1000-2000
> With that line, you cannot have any local Unix users
All users are created in my ad. I have juste one local user (id 1000)-
created during installation. I decided to use backend ad .
I give Uidnumber, GidNumber and UnixHomeDirectory directly in the samba
attributes
>>
>> idmap config SAMBADOM : backend = ad
>> idmap config SAMBADOM : schema_mode =rfc2307
>> idmap config SAMBADOM : backend = rid
>> idmap config SAMBADOM : range = 10000-600000
>> idmap config SAMBADOM : unix_nss_info = yes
>> idmap config SAMBADOM : unix_primary_group = yes
> Sorry, but you cannot use both the 'ad' and 'rid' winbind backend,
> choose one and remove the other and if you choose 'rid', remove the
> unneeded extra 'ad' lines
>> template homedir =/etudiants/%U
>>
>> # template homedir = /home/%D/%G/%U
>>
>> template shell =/bin/bash
>> kerberos method = secrets and keytab
>> dedicated keytab file =/etc/krb5.keytab
>> winbind refresh tickets =yes
>> #
>> # username map = /etc/samba/samba_usermapping
> turn this back on
>>
>> winbind use default domain = yes
>> log file =/var/log/samba/log.%m
>> log level = 3
>> # for acl support on members servers with shares
>> # vfs object = acl_xattr
>> # map acl inherit = yes
>> # store dos attributes = yes
> also turn these on again
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Nathalie RAMAT-LECLERCQ
Service Informatique
Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux
Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699
62228 CALAIS CEDEX
More information about the samba
mailing list