Hello, El 20 oct. 2017 4:50 p. m., "Rowland Penny via samba" <samba at lists.samba.org> escribió: On Fri, 20 Oct 2017 14:57:42 +0200 Daniel Carrasco via samba <samba at lists.samba.org> wrote:> Hello, > > Sorry for take so long to answer, but I was not able to do the tests > because the computer is in use and out of my office. > > Finally I've progressed in this topic with realmd, sssd and autofs, > but now I'm locked on mounting shares from my member server. > I'm able to use autofs and smbclient to mount and connect to sysvol > share on my DC server, but when I try to connect to my member server > I get this error: > ---------------- > smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R host > -k -d 3 lp_load_ex: refreshing parametersIs 'DOMAIN.DOM' really your NetBIOS domain name (aka workgroup) ? My domain is domain.dom, so maybe the wg is domain only.> Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) smbclient: Can't load /etc/samba/smb.conf - run testparm to > debug itWhy can smbclient not read the smb.conf ? I'm not using samba to connect to the domain, so this file don't exists. I've tested to mount and connect to domain server and works even without that file. It's important?, because I've not tried to create that file (I'm using realmd and sssd to connect to the domain).>added interface enp1s0 ip=192.168.0.xx bcast=192.168.0.255 > netmask=255.255.255.0 > Client started (version 4.3.11-Ubuntu). > tdb(/var/run/samba/gencache_notrans.tdb): tdb_open_ex: could not open > file /var/run/samba/gencache_notrans.tdb: Permiso denegado > tdb(/var/run/samba/gencache_notrans.tdb): tdb_open_ex: could not open > file /var/run/samba/gencache_notrans.tdb: Permiso denegado > resolve_hosts: Attempting host lookup for name server.domain.dom<0x20> > tdb(/var/run/samba/gencache_notrans.tdb): tdb_open_ex: could not open > file /var/run/samba/gencache_notrans.tdb: Permiso denegadoYou seem to have a problem with permissions. I think that really don't care, because fails even using root account (that had permissions) and even granting permissions to user (I've already tested it, but are ephemeral files).> gss_init_sec_context failed with [ Miscellaneous failure (see text): > Server (cifs/server at DOMAIN.DOM) unknown] > SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: > NT_STATUS_INTERNAL_ERROR SPNEGO login failed: An internal error > occurred. session setup failed: NT_STATUS_INTERNAL_ERROR > ----------You seem to have a missing SPN. I'll search about it, because I'm a bit new and I don't know what is. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Fri, 20 Oct 2017 17:15:32 +0200 Daniel Carrasco via samba <samba at lists.samba.org> wrote:> Hello, > > El 20 oct. 2017 4:50 p. m., "Rowland Penny via samba" > <samba at lists.samba.org> escribió: > > On Fri, 20 Oct 2017 14:57:42 +0200 > Daniel Carrasco via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > Sorry for take so long to answer, but I was not able to do the tests > > because the computer is in use and out of my office. > > > > Finally I've progressed in this topic with realmd, sssd and autofs, > > but now I'm locked on mounting shares from my member server. > > I'm able to use autofs and smbclient to mount and connect to sysvol > > share on my DC server, but when I try to connect to my member server > > I get this error: > > ---------------- > > smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R host > > -k -d 3 lp_load_ex: refreshing parameters > > Is 'DOMAIN.DOM' really your NetBIOS domain name (aka workgroup) ? > > > My domain is domain.dom, so maybe the wg is domain only.-W, --workgroup=WORKGROUP Set the workgroup name> > > > Initialising global parameters > > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > > (16384) smbclient: Can't load /etc/samba/smb.conf - run testparm to > > debug it > > Why can smbclient not read the smb.conf ? > > > I'm not using samba to connect to the domain, so this file don't > exists. I've tested to mount and connect to domain server and works > even without that file. It's important?, because I've not tried to > create that file (I'm using realmd and sssd to connect to the domain).If you are using sssd, you are on the wrong mailing list, sssd has nothing to do with Samba, you will get better help on the sssd-users mailing list, unless you want help with setting up Samba correctly. Rowland
Thanks Rowland. I'll give a try to both things (WG and SPN). To be honest, I ask here because the sssd daemon is working as expected allowing the authentication of the machine to the domain, and the real problem is that I'm not able to access to a shared drive using a Kerberos authentication (cifs and smbclient) and i've thought that maybe was a misconfiguration on member server (because works fine with domain server), and this server is configured as Samba4 member server without sssd. Greetings! 2017-10-20 17:52 GMT+02:00 Rowland Penny <rpenny at samba.org>:> On Fri, 20 Oct 2017 17:15:32 +0200 > Daniel Carrasco via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > El 20 oct. 2017 4:50 p. m., "Rowland Penny via samba" > > <samba at lists.samba.org> escribió: > > > > On Fri, 20 Oct 2017 14:57:42 +0200 > > Daniel Carrasco via samba <samba at lists.samba.org> wrote: > > > > > Hello, > > > > > > Sorry for take so long to answer, but I was not able to do the tests > > > because the computer is in use and out of my office. > > > > > > Finally I've progressed in this topic with realmd, sssd and autofs, > > > but now I'm locked on mounting shares from my member server. > > > I'm able to use autofs and smbclient to mount and connect to sysvol > > > share on my DC server, but when I try to connect to my member server > > > I get this error: > > > ---------------- > > > smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R host > > > -k -d 3 lp_load_ex: refreshing parameters > > > > Is 'DOMAIN.DOM' really your NetBIOS domain name (aka workgroup) ? > > > > > > My domain is domain.dom, so maybe the wg is domain only. > > -W, --workgroup=WORKGROUP Set the workgroup name> > > > > > > Initialising global parameters > > > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > > > (16384) smbclient: Can't load /etc/samba/smb.conf - run testparm to > > > debug it > > > > Why can smbclient not read the smb.conf ? > > > > > > I'm not using samba to connect to the domain, so this file don't > > exists. I've tested to mount and connect to domain server and works > > even without that file. It's important?, because I've not tried to > > create that file (I'm using realmd and sssd to connect to the domain). > > If you are using sssd, you are on the wrong mailing list, sssd has > nothing to do with Samba, you will get better help on the sssd-users > mailing list, unless you want help with setting up Samba correctly. > > Rowland >-- _________________________________________ Daniel Carrasco Marín Ingeniería para la Innovación i2TIC, S.L. Tlf: +34 911 12 32 84 Ext: 223 www.i2tic.com _________________________________________