MAS Jean-Louis
2020-Dec-21 16:26 UTC
[Samba] [Solved] Users can't mount shares on a domain member file server
Le 18/12/2020 ? 15:49, Rowland penny via samba a ?crit?:> posixAccount and shadowAccount are auxiliaryClasses of the 'user' > objectclass and inetOrgPerson is a subclass of 'user' , so you don't > need them to get the attributes.OK, we've got a lot of old accounts with inetOrgPerson, now it's fixed. All our new accounts came with the objectclass posixAccount and shadowAccount. I suppose that the account creation script is the culprit. Yet an other thing to check on my side.> You have a line missing from your smb.conf: > > idmap config EXAMPLE : unix_nss_info = yesQuite right. This line fixed our problems. I messed with /etc/krb5.conf, in the same time, but back with our initial krb5.conf version, samba run fine.>> The only wrong point came from 'net ads testjoin' >> >> # net ads testjoin >> >> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for >> ldap/our-ad.example.com with user[OUR-FILESERVER$] realm[EXAMPLE.COM]: >> An invalid parameter was passed to a service or function. >> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for >> ldap/our-ad.example.com with user[OUR-FILESERVER$] realm[EXAMPLE.COM]: >> An invalid parameter was passed to a service or function. >> Join to domain is not valid: An invalid parameter was passed to a >> service or function.> Did you run the command as root, if not try again using root or sudoYes. I have prefixed all root commands by #, and standard user commands by $, for the sake of clarity. This point is not solved yet, although it's not quite important, as Samba run fine. Just a bit of curiosity, in fact. Thank you very much for your very helpful remarks. -- Jean Louis Mas
MAS Jean-Louis
2020-Dec-22 15:34 UTC
[Samba] [Solved] Users can't mount shares on a domain member file server
Le 21/12/2020 ? 17:26, MAS Jean-Louis via samba a ?crit?:>>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for >>> ldap/our-ad.example.com with user[OUR-FILESERVER$] >>> realm[EXAMPLE.COM]: An invalid parameter was passed to a service or >>> function. >>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for >>> ldap/our-ad.example.com with user[OUR-FILESERVER$] >>> realm[EXAMPLE.COM]: An invalid parameter was passed to a service or >>> function. >>> Join to domain is not valid: An invalid parameter was passed to a >>> service or function.> This point is not solved yet, although it's not quite important, as > Samba run fine. Just a bit of curiosity, in fact.Hi, I solved this one also. I was using a convenient alias for our DC with the 'net ads' command Using the real FQDN of the DC with the 'net ads testjoin' command' is much better. # net ads testjoin -S our-smb4-ad.example.com Join is OK Regards -- Jean Louis Mas