samba - Oct 2017 - Using GPO to mount shares on Linux

Hello,

El 20 oct. 2017 4:50 p. m., "Rowland Penny via samba" <samba at
lists.samba.org>
escribió:

On Fri, 20 Oct 2017 14:57:42 +0200
Daniel Carrasco via samba <samba at lists.samba.org> wrote:
> Hello,
>
> Sorry for take so long to answer, but I was not able to do the tests
> because the computer is in use and out of my office.
>
> Finally I've progressed in this topic with realmd, sssd and autofs,
> but now I'm locked on mounting shares from my member server.
> I'm able to use autofs and smbclient to mount and connect to sysvol
> share on my DC server, but when I try to connect to my member server
> I get this error:
> ----------------
> smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R host
> -k -d 3 lp_load_ex: refreshing parameters
Is 'DOMAIN.DOM' really your NetBIOS domain name (aka workgroup) ?


My domain is domain.dom, so maybe the wg is domain only.

> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) smbclient: Can't load /etc/samba/smb.conf - run testparm to
> debug it
Why can smbclient not read the smb.conf ?


I'm not using samba to connect to the domain, so this file don't exists.
I've tested to mount and connect to domain server and works even without
that file. It's important?, because I've not tried to create that file
(I'm
using realmd and sssd to connect to the domain).


>added interface enp1s0 ip=192.168.0.xx bcast=192.168.0.255
> netmask=255.255.255.0
> Client started (version 4.3.11-Ubuntu).
> tdb(/var/run/samba/gencache_notrans.tdb): tdb_open_ex: could not open
> file /var/run/samba/gencache_notrans.tdb: Permiso denegado
> tdb(/var/run/samba/gencache_notrans.tdb): tdb_open_ex: could not open
> file /var/run/samba/gencache_notrans.tdb: Permiso denegado
> resolve_hosts: Attempting host lookup for name
server.domain.dom<0x20>
> tdb(/var/run/samba/gencache_notrans.tdb): tdb_open_ex: could not open
> file /var/run/samba/gencache_notrans.tdb: Permiso denegado
You seem to have a problem with permissions.


I think that really don't care, because fails even using root account (that
had permissions) and even granting permissions to user (I've already tested
it, but are ephemeral files).

> gss_init_sec_context failed with [ Miscellaneous failure (see text):
> Server (cifs/server at DOMAIN.DOM) unknown]
> SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed:
> NT_STATUS_INTERNAL_ERROR SPNEGO login failed: An internal error
> occurred. session setup failed: NT_STATUS_INTERNAL_ERROR
> ----------
You seem to have a missing SPN.


I'll search about it, because I'm a bit new and I don't know what
is.


Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Fri, 20 Oct 2017 17:15:32 +0200
Daniel Carrasco via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> El 20 oct. 2017 4:50 p. m., "Rowland Penny via samba"
> <samba at lists.samba.org> escribió:
> 
> On Fri, 20 Oct 2017 14:57:42 +0200
> Daniel Carrasco via samba <samba at lists.samba.org> wrote:
> 
> > Hello,
> >
> > Sorry for take so long to answer, but I was not able to do the tests
> > because the computer is in use and out of my office.
> >
> > Finally I've progressed in this topic with realmd, sssd and
autofs,
> > but now I'm locked on mounting shares from my member server.
> > I'm able to use autofs and smbclient to mount and connect to
sysvol
> > share on my DC server, but when I try to connect to my member server
> > I get this error:
> > ----------------
> > smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R host
> > -k -d 3 lp_load_ex: refreshing parameters
> 
> Is 'DOMAIN.DOM' really your NetBIOS domain name (aka workgroup) ?
> 
> 
> My domain is domain.dom, so maybe the wg is domain only.
-W, --workgroup=WORKGROUP                 Set the workgroup name
> 
> 
> > Initialising global parameters
> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> > (16384) smbclient: Can't load /etc/samba/smb.conf - run testparm
to
> > debug it
> 
> Why can smbclient not read the smb.conf ?
> 
> 
> I'm not using samba to connect to the domain, so this file don't
> exists. I've tested to mount and connect to domain server and works
> even without that file. It's important?, because I've not tried to
> create that file (I'm using realmd and sssd to connect to the domain).
If you are using sssd, you are on the wrong mailing list, sssd has
nothing to do with Samba, you will get better help on the sssd-users
mailing list, unless you want help with setting up Samba correctly.

Rowland

Thanks Rowland.

I'll give a try to both things (WG and SPN).

To be honest, I ask here because the sssd daemon is working as expected
allowing the authentication of the machine to the domain, and the real
problem is that I'm not able to access to a shared drive using a Kerberos
authentication (cifs and smbclient) and i've thought that maybe was a
misconfiguration on member server (because works fine with domain server),
and this server is configured as Samba4 member server without sssd.

Greetings!

2017-10-20 17:52 GMT+02:00 Rowland Penny <rpenny at samba.org>:
> On Fri, 20 Oct 2017 17:15:32 +0200
> Daniel Carrasco via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > El 20 oct. 2017 4:50 p. m., "Rowland Penny via samba"
> > <samba at lists.samba.org> escribió:
> >
> > On Fri, 20 Oct 2017 14:57:42 +0200
> > Daniel Carrasco via samba <samba at lists.samba.org> wrote:
> >
> > > Hello,
> > >
> > > Sorry for take so long to answer, but I was not able to do the
tests
> > > because the computer is in use and out of my office.
> > >
> > > Finally I've progressed in this topic with realmd, sssd and
autofs,
> > > but now I'm locked on mounting shares from my member server.
> > > I'm able to use autofs and smbclient to mount and connect to
sysvol
> > > share on my DC server, but when I try to connect to my member
server
> > > I get this error:
> > > ----------------
> > > smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R
host
> > > -k -d 3 lp_load_ex: refreshing parameters
> >
> > Is 'DOMAIN.DOM' really your NetBIOS domain name (aka
workgroup) ?
> >
> >
> > My domain is domain.dom, so maybe the wg is domain only.
>
> -W, --workgroup=WORKGROUP                 Set the workgroup name
> >
> >
> > > Initialising global parameters
> > > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> > > (16384) smbclient: Can't load /etc/samba/smb.conf - run
testparm to
> > > debug it
> >
> > Why can smbclient not read the smb.conf ?
> >
> >
> > I'm not using samba to connect to the domain, so this file
don't
> > exists. I've tested to mount and connect to domain server and
works
> > even without that file. It's important?, because I've not
tried to
> > create that file (I'm using realmd and sssd to connect to the
domain).
>
> If you are using sssd, you are on the wrong mailing list, sssd has
> nothing to do with Samba, you will get better help on the sssd-users
> mailing list, unless you want help with setting up Samba correctly.
>
> Rowland
>


-- 
_________________________________________

      Daniel Carrasco Marín
      Ingeniería para la Innovación i2TIC, S.L.
      Tlf:  +34 911 12 32 84 Ext: 223
      www.i2tic.com
_________________________________________