On 1/12/21 8:46 AM, jmpatagonia via samba wrote:> Hello we have a samba 4 AD --> Version 4.11.13-Debian > > We have a netlogon share > [netlogon] > browseable = no > read list = "+MIDOMINIO\Domain Users" > path = /etc/samba/netlogon > comment = Script de logueo en la red > valid users = "+MIDOMINIO\Domain Users" > public = yes > writeable = no > > From a user logged on domain, we need access to the share "netlogon" from > command line "smbclient or similar" without introducing user or password, > just direct. like from file navigator smb://domain-server2/netlogon > > And finally and the second time copy a file from the share netlogon to a > client folder. > > Regards. >You can try with Kerberos (-k), but that will require a proper Kerberos enable user session", or doing kinit before it. If ehat you are trying is to script these actions, take a look at smbclient documentation: ===================================== -A|--authentication-file=filename This option allows you to specify a file from which to read the username and password used in the connection. The format of the file is username = <value> password = <value> domain = <value> Make certain that the permissions on the file restrict access from unwanted users. ======================================
On 12/01/2021 15:52, Robert Marcano via samba wrote:> On 1/12/21 8:46 AM, jmpatagonia via samba wrote: >> Hello we have a samba 4 AD --> Version 4.11.13-Debian >> >> We have a netlogon share >> [netlogon] >> ???????? browseable = no >> ???????? read list = "+MIDOMINIO\Domain Users" >> ???????? path = /etc/samba/netlogon >> ???????? comment = Script de logueo en la red >> ???????? valid users = "+MIDOMINIO\Domain Users" >> ???????? public = yes >> ???????? writeable = no >> >> ?From a user logged on domain, we need access to the share "netlogon" >> from >> command line "smbclient or similar" without introducing user or >> password, >> just direct. like from file navigator smb://domain-server2/netlogon >> >> And finally and the second time copy a file from the share netlogon to a >> client folder. >> >> Regards. >> > > > You can try with Kerberos (-k), but that will require a proper > Kerberos enable user session", or doing kinit before it. > > If ehat you are trying is to script these actions, take a look at > smbclient documentation: > > =====================================> ?????? -A|--authentication-file=filename > ?????????? This option allows you to specify a file from which to read > the username and password used in the connection. The format of the > file is > > ?????????????? username = <value> > ?????????????? password = <value> > ?????????????? domain?? = <value> > > ?????????? Make certain that the permissions on the file restrict > access from unwanted users. > =====================================>If you must do this and want to do something as the user logs into Linux, then I would investigate pam script, you can use the users name and password. Rowland
On 1/12/21 11:52 AM, Robert Marcano wrote:> On 1/12/21 8:46 AM, jmpatagonia via samba wrote: >> Hello we have a samba 4 AD --> Version 4.11.13-Debian >> >> We have a netlogon share >> [netlogon] >> ???????? browseable = no >> ???????? read list = "+MIDOMINIO\Domain Users" >> ???????? path = /etc/samba/netlogon >> ???????? comment = Script de logueo en la red >> ???????? valid users = "+MIDOMINIO\Domain Users" >> ???????? public = yes >> ???????? writeable = no >> >> ?From a user logged on domain, we need access to the share "netlogon" >> from >> command line "smbclient or similar" without introducing user or password, >> just direct. like from file navigator smb://domain-server2/netlogon >> >> And finally and the second time copy a file from the share netlogon to a >> client folder. >> >> Regards. >> > > > You can try with Kerberos (-k), but that will require a proper Kerberos > enable user session", or doing kinit before it. > > If ehat you are trying is to script these actions, take a look at > smbclient documentation: > > =====================================> ?????? -A|--authentication-file=filename > ?????????? This option allows you to specify a file from which to read > the username and password used in the connection. The format of the file is > > ?????????????? username = <value> > ?????????????? password = <value> > ?????????????? domain?? = <value> > > ?????????? Make certain that the permissions on the file restrict > access from unwanted users. > =====================================Another way if you are thinking on using stored credentials on the user desktop keyring, for example the user navigated with GNOME Files to a share an stored the credentials, then you would need to use something like: gio mount smb://servername/sharename/ gio is a GNOME framework (used by the file manager), other desktops have other tools. Using this means you are not using Samba directly but a 3rd party client of the Samba libraries.