[Samba] [Solved] Users can't mount shares on a domain member file server

[MAS Jean-Louis]

Le 18/12/2020 à 15:49, Rowland penny via samba a écrit :

> posixAccount and shadowAccount are auxiliaryClasses of the 'user' 
> objectclass and inetOrgPerson is a subclass of 'user' , so you don't 
> need them to get the attributes.

OK, we've got a lot of old accounts with inetOrgPerson, now it's fixed.

All our new accounts came with the objectclass posixAccount and 
shadowAccount. I suppose that the account creation script is the 
culprit. Yet an other thing to check on my side.

> You have a line missing from your smb.conf:
> 
> idmap config EXAMPLE : unix_nss_info = yes

Quite right. This line fixed our problems.

I messed with /etc/krb5.conf, in the same time, but back with our 
initial krb5.conf version, samba run fine.

>> The only wrong point came from 'net ads testjoin'
>>
>> # net ads testjoin
>>
>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for 
>> ldap/our-ad.example.com with user[OUR-FILESERVER$] realm[EXAMPLE.COM]: 
>> An invalid parameter was passed to a service or function.
>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for 
>> ldap/our-ad.example.com with user[OUR-FILESERVER$] realm[EXAMPLE.COM]: 
>> An invalid parameter was passed to a service or function.
>> Join to domain is not valid: An invalid parameter was passed to a 
>> service or function.

> Did you run the command as root, if not try again using root or sudo

Yes.
I have prefixed all root commands by #, and standard user commands by $, 
for the sake of clarity.

This point is not solved yet, although it's not quite important, as 
Samba run fine. Just a bit of curiosity, in fact.

Thank you very much for your very helpful remarks.

-- 
Jean Louis Mas