[Samba] [Solved] Users can't mount shares on a domain member file server
MAS Jean-Louis
jean-louis.mas at imag.fr
Mon Dec 21 16:26:57 UTC 2020
Le 18/12/2020 à 15:49, Rowland penny via samba a écrit :
> posixAccount and shadowAccount are auxiliaryClasses of the 'user'
> objectclass and inetOrgPerson is a subclass of 'user' , so you don't
> need them to get the attributes.
OK, we've got a lot of old accounts with inetOrgPerson, now it's fixed.
All our new accounts came with the objectclass posixAccount and
shadowAccount. I suppose that the account creation script is the
culprit. Yet an other thing to check on my side.
> You have a line missing from your smb.conf:
>
> idmap config EXAMPLE : unix_nss_info = yes
Quite right. This line fixed our problems.
I messed with /etc/krb5.conf, in the same time, but back with our
initial krb5.conf version, samba run fine.
>> The only wrong point came from 'net ads testjoin'
>>
>> # net ads testjoin
>>
>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for
>> ldap/our-ad.example.com with user[OUR-FILESERVER$] realm[EXAMPLE.COM]:
>> An invalid parameter was passed to a service or function.
>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for
>> ldap/our-ad.example.com with user[OUR-FILESERVER$] realm[EXAMPLE.COM]:
>> An invalid parameter was passed to a service or function.
>> Join to domain is not valid: An invalid parameter was passed to a
>> service or function.
> Did you run the command as root, if not try again using root or sudo
Yes.
I have prefixed all root commands by #, and standard user commands by $,
for the sake of clarity.
This point is not solved yet, although it's not quite important, as
Samba run fine. Just a bit of curiosity, in fact.
Thank you very much for your very helpful remarks.
--
Jean Louis Mas
More information about the samba
mailing list