Ubuntu 20 client for neth7 AD access

NethServer 7.8.2003

Hi everyone, I have a problem that at the moment I can’t solve on linux. On active directory managed by nethserver, I have currently credited 3 linux pc to the domain. I connect regularly in ssh, samba using the accounts on neth7 and related policies. On an ubuntu 20.10 I managed to credit on neth7, unfortunately I can not start smbd to be able to access the domain windows pc on the new linux ubuntu. The problem is with the failed part of the id mapping:

WARNING: The “idmap backend” option is deprecated
WARNING: The “idmap uid” option is deprecated
WARNING: The “idmap gid” option is deprecated

Here is my cfg:
[global]
min protocol = nt1
max protocol = SMB3
workgroup = internal2
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
#password server = AD.internal2.lan.LAN
realm = AD.INTERNAL2.LAN
security = ads
idmap backend = tdb
idmap uid = 50-9999999999
idmap gid = 50-9999999999

Can anyone give me an indication?

Is ldap uri configured as ldap or as ldaps?

Hi Robb, I don’t know which configuration you are referring to. This linux machine is credited regularly on neth7, I can’t understand why smbd won’t start. I have a centos7 and an ubuntu 18 and smbd starts with the configuration listed above.

However, I changed the smbd cfg and the error is different, moreover the testparm no longer reports anomalies

Global parameters

[global]
client signing = if_required
kerberos method = system keytab
log file = /var/log/samba/%m.log
ntlm auth = mschapv2-and-ntlmv2-only
realm = AD.INTERNAL2.LAN
restrict anonymous = 2
security = ADS
workgroup = INTERNAL2
idmap config * : range = 3000-7999
idmap config * : backend = tdb

[homes]
create mask = 0770
directory mask = 0770
read only = No
Looking at the samba log the error specifically is this:
[2020/11/29 20: 12: 04.073547, 0] …/…/source3/auth/auth_util.c:1397(make_new_session_info_guest)
create_local_token failed: NT_STATUS_INVALID_PARAMETER_MIX
[2020/11/29 20: 12: 04.074185, 0] …/…/source3/smbd/server.c:2042(main)
ERROR: failed to setup guest info.

At the moment I solved it by commenting on the samba global parameters the security = ads parameter - and inserted min protocol = nt1
max protocol = SMB3
Now all windows and linux users accredited on neth7 are able to access the ubuntu 20 pc by browsing the network, and have their home contents. Everything works, but does anyone have any technical sources that what has been done is correct?

It seems like there are a lot of problems with Ubuntu 20 and AD.
Have also a look here:

1 Like

Hi, I solved both the AD part with sssd.conf and the GUI configuration via xfce4. Here are the changes I made to my configuration file:
sssd:

[sssd]
domains = ad.internal2.lan
config_file_version = 2
services = nss, pam, ssh

[domain / ad.internal2.lan]
default_shell = / bin / bash
override_shell = / bin / bash
fallback_shell = / bin / bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD.INTERNAL2.LAN
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = / home /% u @% d
ad_domain = ad.internal2.lan
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple
override_homedir = / home /% u @% d

samba:

[global]
min protocol = nt1
max protocol = SMB3
workgroup = INTERNAL2
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
#password server = AD.INTERNAL2.LAN
realm = AD.INTERNAL2.LAN
security = auto
dns proxy = No
idmap config *: range = 3000-7999
[homes]
comment = Home Directories
browseable = No
writable = Yes

Another change for the graphic session, so access via eg. Xfce4 and lightdm:

create the file under lightdm.conf.d / 00-hide-user-list.conf

in the section :

[SeatDefaults]
greeter-hide-users = true

greeter-show-manual-login = true

allow-guest = false

4 Likes