On Fri, 15 Jun 2018 14:04:01 +0000
Suman Koirala via samba <samba at lists.samba.org> wrote:
> Hi,
>
>
> I was trying to mount a samba share from a host server using
> pam_mount module. This is my smb.conf for client machine and my
> pam-mount.conf.xml.
>
>
> [global]
> log level = all:10
> security = ads
> # auth methods = guest sam winbind:ntdomain
> client ldap sasl wrapping = seal
> netbios name = STAT1
> realm = EXAMPLE.EDU
> workgroup = WORKGROUP
> client max protocol = NT1
> idmap config * : backend = ldap
> #idmap config * : ldap_url = ldaps://newserver.example.edu
> idmap config * : ldap_url = ldap://newserver.example.edu
> idmap config * : ldap_base_dn >
ou=idmap,dc=newserver,dc=example,dc=edu idmap config * : ldap_user_dn
> = cn=admin,dc=newserver,dc=example,dc=edu idmap config * : default > yes
#idmap config * : range = 120001-190000
> idmap config * : range = 10000-999999
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> template homedir = /home/mountpoint/%U
> template shell = /bin/bash
> client use spnego = yes
> domain master = no
> local master = no
> preferred master = no
> os level = 0
> wins support = no
> name resolve order = wins bcast host
> ldap admin dn = cn=admin,dc=newserver,dc=example,dc=edu
> ldap ssl = no
>
That smb.conf is so wrong, I don't really know where to start ;-)
Lets try here: It is for a Unix domain member, or at least 'security
ads' says it is. You cannot use the ldap backend!
Try reading this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
If you have added uidNumber & gidNumber attributes to AD, use the
'ad'
backend, if you haven't, use the 'rid' backend.
Rowland