Hello, I have an server ad? - everything seems ok I have a windows client and a linux client . The users must to connect on windows or on linux with the same home. when I join my client linux with the command net ads join -U administration I have after the following message net ads join -U administrator Enter administrator's password: Error reading password from file descriptor 0: empty password Error reading password from file descriptor 0: empty password Error reading password from file descriptor 0: empty password Error reading password from file descriptor 0: empty password Error reading password from file descriptor 0: empty password Error reading password from file descriptor 0: empty password Error reading password from file descriptor 0: empty password Using short domain name -- SAMBADOM Joined 'CLIENTBLUESEYE' to dns domain 'sambadom.calais.fr' but my machine is joined to my samba AD. Why I have this error ? In my log samba I have : ?load_auth_module: Attempting to find an auth method to match samba4 /usr/sbin/smbd: load_auth_module: auth method samba4 has a valid init /usr/sbin/smbd: ldb_wrap open of secrets.ldb /usr/sbin/smbd: Starting GENSEC mechanism spnego /usr/sbin/smbd: Starting GENSEC submechanism gssapi_krb5 Does it test different authentication methods ? My smb.conf server is? : # Global parameters [global] ??? dns forwarder = 193.49.xxx.xxx ??? netbios name = BLUEYESTEST ??? realm = SAMBADOM.CALAIS.FR ??? server role = active directory domain controller ??? workgroup =SAMBADOM ??? idmap_ldb:use rfc2307 = yes ??? log level =5 ??? log file =/var/log/samba3/log.%M ??? max log size = 1000 ??? host msdfs = no #??? vfs objects = acl_xattr #??? map acl inherit =yes #??? store dos attributes = yes ??? load printers = no ??? printing = bsd ??? printcap name = /dev/null ??? disable spoolss = yes #? for tests only ??? winbind enum users =yes ??? winbind enum groups =yes # ??? winbind separator = / ??? winbind use default domain = yes [netlogon] ??? path = /var/lib/samba/sysvol/sambadom.calais.fr/scripts ??? read only = No ??? writable = yes [sysvol] ??? path = /var/lib/samba/sysvol ??? read only = No ??? browsable =yes [homes] ??? path=/home/SAMBADOM/%G/%U ??? writable=yes ??? read only = no my smb.conf client linux is [global] ??? security =ADS ??? realm = SAMBADOM.CALAIS.FR ??? workgroup =SAMBADOM ??? netbios name = clientblueseye ??? winbind separator = / ??? winbind enum users = yes ??? winbind enum groups = yes ??? idmap config * : backend=tdb ??? idmap config * : range=1000-2000 ??? idmap config SAMBADOM : backend = ad ??? idmap config SAMBADOM : schema_mode =rfc2307 ??? idmap config SAMBADOM : backend = rid ??? idmap config SAMBADOM : range = 10000-600000 ??? idmap config SAMBADOM : unix_nss_info = yes ??? idmap config SAMBADOM : unix_primary_group = yes ??? template homedir =/etudiants/%U #??? template homedir = /home/%D/%G/%U ??? template shell =/bin/bash ??? kerberos method =? secrets and keytab ??? dedicated keytab file =/etc/krb5.keytab ??? winbind refresh tickets =yes # #??? username map = /etc/samba/samba_usermapping ??? winbind use default domain = yes ??? log file =/var/log/samba/log.%m ??? log level = 3 # for acl support on members servers with shares #??? vfs object = acl_xattr #??? map acl inherit = yes #??? store dos attributes = yes #??? winbind nss info = rfc2307 Thanks for your help Sincerely -- Nathalie RAMAT-LECLERCQ Service Informatique Universite du Littoral-C?te d'Opale SCoSI - Service Commun du Syst?me d'Information P?le Syst?mes et r?seaux Centre de Gestion Universitaire de Calais 50 rue ferdinand Buisson C.S 80699 62228 CALAIS CEDEX
On 23/10/2019 10:51, nathalie ramat via samba wrote:> Hello, > > I have an server ad? - everything seems ok > I have a windows client and a linux client . The users must to connect > on windows or on linux with the same home. > > when I join my client linux with the command net ads join -U > administration I have after the following message > > net ads join -U administrator > Enter administrator's password: > > Error reading password from file descriptor 0: empty password > > Error reading password from file descriptor 0: empty password > > Error reading password from file descriptor 0: empty password > > Error reading password from file descriptor 0: empty password > > Error reading password from file descriptor 0: empty password > > Error reading password from file descriptor 0: empty password > > Error reading password from file descriptor 0: empty password > Using short domain name -- SAMBADOM > Joined 'CLIENTBLUESEYE' to dns domain 'sambadom.calais.fr' > > but my machine is joined to my samba AD. > > Why I have this error ?I do not think this has anything to do with Samba, but 'The users must to connect on windows or on linux with the same home' may give a hint, are you using something like pam-mount ?> > My smb.conf server is? : > > # Global parameters > [global] > ??? dns forwarder = 193.49.xxx.xxx > ??? netbios name = BLUEYESTEST > ??? realm = SAMBADOM.CALAIS.FR > ??? server role = active directory domain controller > ??? workgroup =SAMBADOM > ??? idmap_ldb:use rfc2307 = yes > ??? log level =5 > ??? log file =/var/log/samba3/log.%M > ??? max log size = 1000 > ??? host msdfs = no > #??? vfs objects = acl_xattr > #??? map acl inherit =yes > #??? store dos attributes = yes > ??? load printers = no > ??? printing = bsd > ??? printcap name = /dev/null > ??? disable spoolss = yes > > #? for tests only > ??? winbind enum users =yes > ??? winbind enum groups =yes > # > ??? winbind separator = / > ??? winbind use default domain = yes > > [netlogon] > ??? path = /var/lib/samba/sysvol/sambadom.calais.fr/scripts > ??? read only = No > ??? writable = yes > > [sysvol] > ??? path = /var/lib/samba/sysvol > ??? read only = No > ??? browsable =yes > [homes] > ??? path=/home/SAMBADOM/%G/%U > ??? writable=yes > ??? read only = noEr, you do know that 'writable=yes' and 'read only = no' mean the same thing, you only need one of them.> > > my smb.conf client linux is > > [global] > ??? security =ADS > ??? realm = SAMBADOM.CALAIS.FR > ??? workgroup =SAMBADOM > ??? netbios name = clientblueseye > ??? winbind separator = / > ??? winbind enum users = yes > ??? winbind enum groups = yes > > > ??? idmap config * : backend=tdb > ??? idmap config * : range=1000-2000With that line, you cannot have any local Unix users> > ??? idmap config SAMBADOM : backend = ad > ??? idmap config SAMBADOM : schema_mode =rfc2307 > ??? idmap config SAMBADOM : backend = rid > ??? idmap config SAMBADOM : range = 10000-600000 > ??? idmap config SAMBADOM : unix_nss_info = yes > ??? idmap config SAMBADOM : unix_primary_group = yesSorry, but you cannot use both the 'ad' and 'rid' winbind backend, choose one and remove the other and if you choose 'rid', remove the unneeded extra 'ad' lines> template homedir =/etudiants/%U > > #??? template homedir = /home/%D/%G/%U > > ??? template shell =/bin/bash > ??? kerberos method =? secrets and keytab > ??? dedicated keytab file =/etc/krb5.keytab > ??? winbind refresh tickets =yes > # > #??? username map = /etc/samba/samba_usermappingturn this back on> > ??? winbind use default domain = yes > ??? log file =/var/log/samba/log.%m > ??? log level = 3 > # for acl support on members servers with shares > #??? vfs object = acl_xattr > #??? map acl inherit = yes > #??? store dos attributes = yesalso turn these on again Rowland
hello, Le 23/10/2019 ? 12:45, Rowland penny via samba a ?crit?:> On 23/10/2019 10:51, nathalie ramat via samba wrote: >> Hello, >> >> I have an server ad? - everything seems ok >> I have a windows client and a linux client . The users must to >> connect on windows or on linux with the same home. >> >> when I join my client linux with the command net ads join -U >> administration I have after the following message >> >> net ads join -U administrator >> Enter administrator's password: >> >> Error reading password from file descriptor 0: empty password >> >> Error reading password from file descriptor 0: empty password >> >> Error reading password from file descriptor 0: empty password >> >> Error reading password from file descriptor 0: empty password >> >> Error reading password from file descriptor 0: empty password >> >> Error reading password from file descriptor 0: empty password >> >> Error reading password from file descriptor 0: empty password >> Using short domain name -- SAMBADOM >> Joined 'CLIENTBLUESEYE' to dns domain 'sambadom.calais.fr' >> >> but my machine is joined to my samba AD. >> >> Why I have this error ? > > I do not think this has anything to do with Samba, but 'The users must > to connect on windows or on linux with the same home' may give a hint, > are you using something like pam-mount ? > >yes i use pam_mount. I have modified the script pam_mount.conf.xml .to create the directory of my? user. <?xml version="1.0" encoding="UTF-8"?> <pam_mount> <debug enable="1"/> <mkmountpoint enable="1" /> <mntoptions allow="nosuid,nodev,loop,encryption,fsck" /> <mntoptions require="nosuid,nodev" /> <lsof>/usr/bin/lsof %(MNTPT) </lsof> <cifsmount> /sbin/mount.cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "user=%(USER),domain=SAMBADOM,uid=%(USER),gid=%(USERGID),cifsacl,file_mode=0700,dir_mode=0700" </cifsmount> <umount>/bin/umount %(MNTPT) </umount> <volume options="username=%(DOMAIN_USER),workgroup=%(DOMAIN_NAME),uid=%(DOMAIN_USER),fmask=700,file_mode=0700,dir_mode=0700" mountpoint="/etudiants/%(USER)" path="%(DOMAIN_USER)" server="blueyestest" fstype="cifs" /> </pam_mount> The home of my user? mount correctly. I have juste problem via les acl . on the server my user have this rights root at blueyestest:/home/SAMBADOM/specifique/testjeudi# ls -l total 12 -rwxrwxr--+ 1 SAMBADOM/testjeudi SAMBADOM/specifique??? 0 oct.? 21 11:59 testlinux21102019 drwxrwxr--+ 2 SAMBADOM/testjeudi SAMBADOM/specifique 4096 oct.? 17 13:39 testwindow17102019 root at blueyestest:/home/SAMBADOM/specifique/testjeudi# getfacl testlinux21102019 # file: testlinux21102019 # owner: SAMBADOM/testjeudi # group: SAMBADOM/specifique user::rwx group::r-- group:SAMBADOM/specifique:r-- group:SAMBADOM/testjeudi:rwx mask::rwx other::r-- on my client linux the rights are : ?-rwx------ 1 testjeudi specifique??? 0 oct.? 21 11:59 testlinux21102019 drwxr-x--- 2 testjeudi specifique??? 0 oct.? 17 13:39 testwindow17102019 I think that acl are not supported by smb3.1.1 ?>> >> My smb.conf server is? : >> >> # Global parameters >> [global] >> ??? dns forwarder = 193.49.xxx.xxx >> ??? netbios name = BLUEYESTEST >> ??? realm = SAMBADOM.CALAIS.FR >> ??? server role = active directory domain controller >> ??? workgroup =SAMBADOM >> ??? idmap_ldb:use rfc2307 = yes >> ??? log level =5 >> ??? log file =/var/log/samba3/log.%M >> ??? max log size = 1000 >> ??? host msdfs = no >> #??? vfs objects = acl_xattr >> #??? map acl inherit =yes >> #??? store dos attributes = yes >> ??? load printers = no >> ??? printing = bsd >> ??? printcap name = /dev/null >> ??? disable spoolss = yes >> >> #? for tests only >> ??? winbind enum users =yes >> ??? winbind enum groups =yes >> # >> ??? winbind separator = / >> ??? winbind use default domain = yes >> >> [netlogon] >> ??? path = /var/lib/samba/sysvol/sambadom.calais.fr/scripts >> ??? read only = No >> ??? writable = yes >> >> [sysvol] >> ??? path = /var/lib/samba/sysvol >> ??? read only = No >> ??? browsable =yes >> [homes] >> ??? path=/home/SAMBADOM/%G/%U >> ??? writable=yes >> ??? read only = no > Er, you do know that 'writable=yes' and 'read only = no' mean the same > thing, you only need one of them. >> >> >> my smb.conf client linux is >> >> [global] >> ??? security =ADS >> ??? realm = SAMBADOM.CALAIS.FR >> ??? workgroup =SAMBADOM >> ??? netbios name = clientblueseye >> ??? winbind separator = / >> ??? winbind enum users = yes >> ??? winbind enum groups = yes >> >> >> ??? idmap config * : backend=tdb >> ??? idmap config * : range=1000-2000 > With that line, you cannot have any local Unix usersAll users are created in my ad. I have juste one local user (id 1000)- created during installation. I decided to use backend ad . I give Uidnumber, GidNumber and UnixHomeDirectory directly in the samba attributes>> >> ??? idmap config SAMBADOM : backend = ad >> ??? idmap config SAMBADOM : schema_mode =rfc2307 >> ??? idmap config SAMBADOM : backend = rid >> ??? idmap config SAMBADOM : range = 10000-600000 >> ??? idmap config SAMBADOM : unix_nss_info = yes >> ??? idmap config SAMBADOM : unix_primary_group = yes > Sorry, but you cannot use both the 'ad' and 'rid' winbind backend, > choose one and remove the other and if you choose 'rid', remove the > unneeded extra 'ad' lines >> template homedir =/etudiants/%U >> >> #??? template homedir = /home/%D/%G/%U >> >> ??? template shell =/bin/bash >> ??? kerberos method =? secrets and keytab >> ??? dedicated keytab file =/etc/krb5.keytab >> ??? winbind refresh tickets =yes >> # >> #??? username map = /etc/samba/samba_usermapping > turn this back on >> >> ??? winbind use default domain = yes >> ??? log file =/var/log/samba/log.%m >> ??? log level = 3 >> # for acl support on members servers with shares >> #??? vfs object = acl_xattr >> #??? map acl inherit = yes >> #??? store dos attributes = yes > also turn these on again > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Nathalie RAMAT-LECLERCQ Service Informatique Universite du Littoral-C?te d'Opale SCoSI - Service Commun du Syst?me d'Information P?le Syst?mes et r?seaux Centre de Gestion Universitaire de Calais 50 rue ferdinand Buisson C.S 80699 62228 CALAIS CEDEX
Possibly Parallel Threads
- net ads join -- strange message
- message error NT_STATUS_OBJECT_NAME_NOT_FOUND regulary in the log
- message error NT_STATUS_OBJECT_NAME_NOT_FOUND regulary in the log
- net ads join -- strange message
- message error NT_STATUS_OBJECT_NAME_NOT_FOUND regulary in the log