Web lists-archives.com

Re: [Samba] debian 10: errors with my server samba-ad


My user must be able to connect under windows and under linux. The home is common. Their home is on the server.

Like there are students - they are identified by their formation( group) and by their login

for example /home/specifique/testlundi

For me the etudiant belong to a group  and i have create each group on OU

and i take the last number for sid group for gidnumber - it was to find out which group he belonged to - It's not a good idea ?

on my smb.conf on the server i put

    read only = no

Actually - i can't put my client linux in my ad.
net ads join -S nameofsever -U administrator --> doestn't give my response -- It wait  ...

my client linux smb.conf is

    security =ADS
    workgroup =LENZSPITZE2
    netbios name = testbugsterl
    winbind separator = /
    winbind enum users = yes
    winbind enum groups = yes
    idmap config LENZSPITZE2 : backend = ad
    idmap config LENZSPITZE2 : schema_mode =rfc2307
    idmap config LENZSPITZE2 : range = 10000-399999999
    idmap config LENZSPITZE2 : unix_nss_info = yes
    template homedir =/etudiants/%U
    template shell =/bin/bash
    winbind nss info = rfc2307
    kerberos method =  secrets and keytab
    dedicated keytab file =/etc/krb5.keytab
    winbind refresh tickets =yes
    username map = /etc/samba/samba_usermapping
    winbind use default domain = yes
    log file =/var/log/samba/log.%m
    log level = 3
# for acl support on members servers with shares
    vfs object = acl_xattr
    map acl inherit = yes
    store dos attributes = yes
    winbind nss info = rfc2307

Le 14/05/2019 à 10:51, Rowland penny via samba a écrit :
On 14/05/2019 09:27, nathalie ramat via samba wrote:

I modified my file named.conf.options .
When i use dig lenzspitze2.calais.fr I get an answer which contain answer section, authority section and additional section.

I haven't map "Domain users" into "user"

I recover the last number of sid for the uidnumber and the last number for sid group for gidnumber

It isn't recommended to do that any more, RID's start at '1000' and so do local Unix ID's, try starting at the same number that ADUC uses '10000'

But getent passwd testlundi give me this response :


The uidnumber is good but not the gidnumber.

I personally don't think the uidNumber is good (see above), but unless you give 'Domain Users' a gidNumber, the users GID will always be '100', but only on a the DC, on any Unix domain members (using the winbind 'ad' backend) you will get no AD users.

You also do not need to do any of the this if you are either only going to use the DC for authentication or as the only Unix fileserver (no other Unix computers).

getent group specifique


This will never be used as the users primary group on a Samba AD DC.

I have always  this response when I run smbclient -L localhost -U administrator on my server

Enter LENZSPITZE2\administrator's password:

    Sharename       Type      Comment
    ---------       ----      -------
    netlogon        Disk
    sysvol          Disk
    IPC$            IPC       IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------

I don't have any information for my server.

Neither do I, this is because there is no network browsing on a DC.

when I run the command smbclient -L debiantest -U administrator on my client linux I have no response .

but I can ping debiantest and dig debiantest.lenzspitze2.calais.fr give me a response

I am a little confused. I don't know how to search

Try the command like this:

smbclient -L localhost -N



Service Informatique

Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux

Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba