doubt

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

doubt

Samba - General mailing list
I added a linux server to the Active Directory domain, I realized that the
samba-winbind package uses the smb.conf file, but I also need to use the
same linux server with shares, if I install the samba package, this package
use the smb.conf file. Is there a solution?

Then i have problem with 2 services.

Example
systemctl services:

smb.service
winbind.service

My system is Centos 7.

--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
Well...

Perhaps you can use samba with another smb.conf...

smbd -s <path to smb.conf>

man smbd

2017-04-17 12:39 GMT-03:00 Luiz Guilherme Nunes Fernandes via samba <
[hidden email]>:

> I added a linux server to the Active Directory domain, I realized that the
> samba-winbind package uses the smb.conf file, but I also need to use the
> same linux server with shares, if I install the samba package, this package
> use the smb.conf file. Is there a solution?
>
> Then i have problem with 2 services.
>
> Example
> systemctl services:
>
> smb.service
> winbind.service
>
> My system is Centos 7.
>
> --
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
>
> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
> Pai, senão por mim >
>                                                              (João 14:6)
>
>                                                                     Att.
>                                         ♪ ♫  Luiz Guilherme Nunes
> Fernandes  ♫ ♪
>
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--
Obrigado

Cordialmente


Gilberto Ferreira

Consultor TI Linux | IaaS Proxmox, CloudStack, KVM | Zentyal Server |
Zimbra Mail Server

(47) 3025-5907
(47) 99676-7530

Skype: konnectati


www.konnectati.com.br
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 17 Apr 2017 12:39:33 -0300
Luiz Guilherme Nunes Fernandes via samba <[hidden email]> wrote:

> I added a linux server to the Active Directory domain, I realized
> that the samba-winbind package uses the smb.conf file, but I also
> need to use the same linux server with shares, if I install the samba
> package, this package use the smb.conf file. Is there a solution?

Is this actually a problem ???
This is the way Samba usually works, one smb.conf that winbind uses to
get the authentication settings which it passes to smbd (over
simplification) and smbd uses the same smb.conf to get its settings and
the shares info.

It might help if you could tell us just how you expect Samba to work.

>
> Then i have problem with 2 services.
>
> Example
> systemctl services:
>
> smb.service
> winbind.service

Yes, you do have a problem, 'nmb' isn't running ;-)

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
In reply to this post by Samba - General mailing list
Well, i need join 1 server Linux in Active Directory, i need too, create
one domain in samba for shared printers with cups.

But i need use users and groups of ad with shared in samba. This is my
idea. I use samba winbind for read user and groups, i testing with apache
and ssh, with this applications, working,  but for shareding no. Does have
any idea?

2017-04-17 12:39 GMT-03:00 Luiz Guilherme Nunes Fernandes <
[hidden email]>:

> I added a linux server to the Active Directory domain, I realized that the
> samba-winbind package uses the smb.conf file, but I also need to use the
> same linux server with shares, if I install the samba package, this package
> use the smb.conf file. Is there a solution?
>
> Then i have problem with 2 services.
>
> Example
> systemctl services:
>
> smb.service
> winbind.service
>
> My system is Centos 7.
>
> --
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
>
> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
> Pai, senão por mim >
>                                                              (João 14:6)
>
>                                                                     Att.
>                                         ♪ ♫  Luiz Guilherme Nunes
> Fernandes  ♫ ♪
>
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
>



--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
On Mon, Apr 17, 2017 at 11:31 AM Luiz Guilherme Nunes Fernandes via samba <
[hidden email]> wrote:

> Well, i need join 1 server Linux in Active Directory, i need too, create
> one domain in samba for shared printers with cups.
>
> But i need use users and groups of ad with shared in samba. This is my
> idea. I use samba winbind for read user and groups, i testing with apache
> and ssh, with this applications, working,  but for shareding no. Does have
> any idea?
>

still not quite clear.  it sounds like you want to have this server host an
AD as well as join one, but it doesn't seem like you actually need that.

you can have samba as a member server providing file and print services in
external AD domain.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hi Luiz...

I think you just misunderstood the concept of Samba...
You can indeed you samba to make both task... Just join your samba box to
AD and be happy.

2017-04-17 13:26 GMT-03:00 Luiz Guilherme Nunes Fernandes via samba <
[hidden email]>:

> Well, i need join 1 server Linux in Active Directory, i need too, create
> one domain in samba for shared printers with cups.
>
> But i need use users and groups of ad with shared in samba. This is my
> idea. I use samba winbind for read user and groups, i testing with apache
> and ssh, with this applications, working,  but for shareding no. Does have
> any idea?
>
> 2017-04-17 12:39 GMT-03:00 Luiz Guilherme Nunes Fernandes <
> [hidden email]>:
>
> > I added a linux server to the Active Directory domain, I realized that
> the
> > samba-winbind package uses the smb.conf file, but I also need to use the
> > same linux server with shares, if I install the samba package, this
> package
> > use the smb.conf file. Is there a solution?
> >
> > Then i have problem with 2 services.
> >
> > Example
> > systemctl services:
> >
> > smb.service
> > winbind.service
> >
> > My system is Centos 7.
> >
> > --
> > <<<<<<<<<<<<<<<<<<<-----------------------------------------
> > -------------------------->>>>>>>>>>>>>>>>>>>
> >
> > < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
> > Pai, senão por mim >
> >                                                              (João 14:6)
> >
> >                                                                     Att.
> >                                         ♪ ♫  Luiz Guilherme Nunes
> > Fernandes  ♫ ♪
> >
> > <<<<<<<<<<<<<<<<<<<-----------------------------------------
> > -------------------------->>>>>>>>>>>>>>>>>>>
> >
>
>
>
> --
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
>
> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
> Pai, senão por mim >
>                                                              (João 14:6)
>
>                                                                     Att.
>                                         ♪ ♫  Luiz Guilherme Nunes
> Fernandes  ♫ ♪
>
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--
Obrigado

Cordialmente


Gilberto Ferreira

Consultor TI Linux | IaaS Proxmox, CloudStack, KVM | Zentyal Server |
Zimbra Mail Server

(47) 3025-5907
(47) 99676-7530

Skype: konnectati


www.konnectati.com.br
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 17 Apr 2017 13:26:11 -0300
Luiz Guilherme Nunes Fernandes via samba <[hidden email]> wrote:

> Well, i need join 1 server Linux in Active Directory, i need too,
> create one domain in samba for shared printers with cups.
>
> But i need use users and groups of ad with shared in samba. This is my
> idea. I use samba winbind for read user and groups, i testing with
> apache and ssh, with this applications, working,  but for shareding
> no. Does have any idea?
>

OK, it sounds like you need a Unix domain member, have a look here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

If you follow the above, authentication will work and so will ssh.

For Apache see here:

https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory

For printers, see here:

https://wiki.samba.org/index.php/Print_Server_Support

Any questions, just ask and we will try to help ;-)

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
In reply to this post by Samba - General mailing list
This problem, in the computer park there is a domain controller microsoft
without shared printers, I need to use another server with samba shares +
cups, but with authentication in the microsoft active directory.
I try parameters securty = ads (join machine in domain) and user ( cant
read users with nslcd and nsswitch , but only work with ssh and apache.

Topology

1 server microsoft windows ( Have user and groups tree and shared paste) (
This server ok, work with pdc, and shared paste )
1 Linux with samba and need only shared printers with authentication in
previous server . ( No work )


Rowland Penny
What I basically want to do is use the users and groups from the active
directory in my new samba with shared printers. What I can not do this
authentication.

This question is, i can use winbind for new shared printers? i join the
machine in domain, and cups work with anonymous. But any idea?


# My mini tutorial

#########################
(First test)
#########################

realm join --client-software=winbind -U login NONAME.COM.BR
realm list
authconfig --enablewinbindusedefaultdomain --update

wbinfo -t
wbinfo -g
wbinfo -u

Work (join in domain, and list groups and users)

i can use for authentication ssh and apache (work)

### My problem
Acually File with winbind

   workgroup = NONAME
   realm = NONAME.COM.BR
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%U@%D
   template shell = /bin/bash
   kerberos method = secrets only
   winbind use default domain = true
   winbind offline logon = true
   log file = /var/log/samba/log.%m
   log level = 3


passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
winbind refresh tickets = yes
winbind enum groups = no
winbind enum users = no

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
        valid users = abc, bcd, dce, @grups_printers

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775

#########################
(Second test)

### My problem
#########################

yum install -y nss-pam-ldapd nscd

ldapsearch ( work, i can search and groups and users too)

nslcd.conf work too

i can use for authentication ssh and apache (work)

### My problem
Acually File with samba
[global]

workgroup = NOMEDOMINIO
netbios name = MADAGASCAR
server string = Servidor de Arquivos

security = user
encrypt passwords = true
enable privileges = yes
passdb backend = tdbsam

printing = cups
load printers = yes

enable privileges = yes

[homes]
comment = Home Directories
browseable = no
writable = yes

[print$]

path = /var/samba/printers
read only = yes
write list = printer
inherit permissions = yes

[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
guest ok = yes
writable = no
printable = yes
        valid users = abc, bcd, dce, @grups_printers



2017-04-17 13:40 GMT-03:00 Gilberto Nunes <[hidden email]>:

> Hi Luiz...
>
> I think you just misunderstood the concept of Samba...
> You can indeed you samba to make both task... Just join your samba box to
> AD and be happy.
>
> 2017-04-17 13:26 GMT-03:00 Luiz Guilherme Nunes Fernandes via samba <
> [hidden email]>:
>
>> Well, i need join 1 server Linux in Active Directory, i need too, create
>> one domain in samba for shared printers with cups.
>>
>> But i need use users and groups of ad with shared in samba. This is my
>> idea. I use samba winbind for read user and groups, i testing with apache
>> and ssh, with this applications, working,  but for shareding no. Does have
>> any idea?
>>
>> 2017-04-17 12:39 GMT-03:00 Luiz Guilherme Nunes Fernandes <
>> [hidden email]>:
>>
>> > I added a linux server to the Active Directory domain, I realized that
>> the
>> > samba-winbind package uses the smb.conf file, but I also need to use the
>> > same linux server with shares, if I install the samba package, this
>> package
>> > use the smb.conf file. Is there a solution?
>> >
>> > Then i have problem with 2 services.
>> >
>> > Example
>> > systemctl services:
>> >
>> > smb.service
>> > winbind.service
>> >
>> > My system is Centos 7.
>> >
>> > --
>> > <<<<<<<<<<<<<<<<<<<-----------------------------------------
>> > -------------------------->>>>>>>>>>>>>>>>>>>
>> >
>> > < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem
>> ao
>> > Pai, senão por mim >
>> >                                                              (João 14:6)
>> >
>> >                                                                     Att.
>> >                                         ♪ ♫  Luiz Guilherme Nunes
>> > Fernandes  ♫ ♪
>> >
>> > <<<<<<<<<<<<<<<<<<<-----------------------------------------
>> > -------------------------->>>>>>>>>>>>>>>>>>>
>> >
>>
>>
>>
>> --
>> <<<<<<<<<<<<<<<<<<<-----------------------------------------
>> -------------------------->>>>>>>>>>>>>>>>>>>
>>
>> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
>> Pai, senão por mim >
>>                                                              (João 14:6)
>>
>>                                                                     Att.
>>                                         ♪ ♫  Luiz Guilherme Nunes
>> Fernandes  ♫ ♪
>>
>> <<<<<<<<<<<<<<<<<<<-----------------------------------------
>> -------------------------->>>>>>>>>>>>>>>>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> Obrigado
>
> Cordialmente
>
>
> Gilberto Ferreira
>
> Consultor TI Linux | IaaS Proxmox, CloudStack, KVM | Zentyal Server |
> Zimbra Mail Server
>
> (47) 3025-5907
> (47) 99676-7530
>
> Skype: konnectati
>
>
> www.konnectati.com.br
>
>
>


--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
On Mon, 17 Apr 2017 14:28:12 -0300
Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:

> This problem, in the computer park there is a domain controller
> microsoft without shared printers, I need to use another server with
> samba shares + cups, but with authentication in the microsoft active
> directory. I try parameters securty = ads (join machine in domain)
> and user ( cant read users with nslcd and nsswitch , but only work
> with ssh and apache.
>
> Topology
>
> 1 server microsoft windows ( Have user and groups tree and shared
> paste) ( This server ok, work with pdc, and shared paste )
> 1 Linux with samba and need only shared printers with authentication
> in previous server . ( No work )
>
>
> Rowland Penny
> What I basically want to do is use the users and groups from the
> active directory in my new samba with shared printers. What I can not
> do this authentication.
>
> This question is, i can use winbind for new shared printers? i join
> the machine in domain, and cups work with anonymous. But any idea?
>
>
> # My mini tutorial
>
> #########################
> (First test)
> #########################
>
> realm join --client-software=winbind -U login NONAME.COM.BR
> realm list
> authconfig --enablewinbindusedefaultdomain --update
>
> wbinfo -t
> wbinfo -g
> wbinfo -u
>
> Work (join in domain, and list groups and users)
>
> i can use for authentication ssh and apache (work)
>
> ### My problem
> Acually File with winbind
>
>    workgroup = NONAME
>    realm = NONAME.COM.BR
>    security = ads
>    idmap config * : range = 16777216-33554431
>    template homedir = /home/%U@%D
>    template shell = /bin/bash
>    kerberos method = secrets only
>    winbind use default domain = true
>    winbind offline logon = true
>    log file = /var/log/samba/log.%m
>    log level = 3
>
>
> passdb backend = tdbsam
> printing = cups
> printcap name = cups
> load printers = yes
> cups options = raw
> winbind refresh tickets = yes
> winbind enum groups = no
> winbind enum users = no
>
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
>
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> create mask = 0600
> browseable = No
>         valid users = abc, bcd, dce, @grups_printers
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = root
> create mask = 0664
> directory mask = 0775
>
> #########################
> (Second test)
>
> ### My problem
> #########################
>
> yum install -y nss-pam-ldapd nscd
>
> ldapsearch ( work, i can search and groups and users too)
>
> nslcd.conf work too
>
> i can use for authentication ssh and apache (work)
>
> ### My problem
> Acually File with samba
> [global]
>
> workgroup = NOMEDOMINIO
> netbios name = MADAGASCAR
> server string = Servidor de Arquivos
>
> security = user
> encrypt passwords = true
> enable privileges = yes
> passdb backend = tdbsam
>
> printing = cups
> load printers = yes
>
> enable privileges = yes
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
> [print$]
>
> path = /var/samba/printers
> read only = yes
> write list = printer
> inherit permissions = yes
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = yes
> guest ok = yes
> writable = no
> printable = yes
>         valid users = abc, bcd, dce, @grups_printers
>
>
>

Are you using sssd as well ?
If so, you should decide which to use, sssd or winbind, you cannot use
both.

If you are not using sssd, you haven't set up the smb.conf correctly,
see the pages I pointed you to.

If you are using sssd and want to continue using it, you should remove
winbind and then contact the sssd-users mailing list, this is not a
Samba problem.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
Well, i dont have sssd installed.

With winbind i install this packages:
yum install realmd oddjob oddjob-mkhomedir adcli samba-common
samba-common-tools krb5-workstation openldap-clients policycoreutils-python
samba-winbind-clients

My nsswitch.conf

passwd:     files ldap winbind
shadow:     files ldap winbind
group:        files ldap winbind

2017-04-17 14:35 GMT-03:00 Rowland Penny <[hidden email]>:

> On Mon, 17 Apr 2017 14:28:12 -0300
> Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:
>
> > This problem, in the computer park there is a domain controller
> > microsoft without shared printers, I need to use another server with
> > samba shares + cups, but with authentication in the microsoft active
> > directory. I try parameters securty = ads (join machine in domain)
> > and user ( cant read users with nslcd and nsswitch , but only work
> > with ssh and apache.
> >
> > Topology
> >
> > 1 server microsoft windows ( Have user and groups tree and shared
> > paste) ( This server ok, work with pdc, and shared paste )
> > 1 Linux with samba and need only shared printers with authentication
> > in previous server . ( No work )
> >
> >
> > Rowland Penny
> > What I basically want to do is use the users and groups from the
> > active directory in my new samba with shared printers. What I can not
> > do this authentication.
> >
> > This question is, i can use winbind for new shared printers? i join
> > the machine in domain, and cups work with anonymous. But any idea?
> >
> >
> > # My mini tutorial
> >
> > #########################
> > (First test)
> > #########################
> >
> > realm join --client-software=winbind -U login NONAME.COM.BR
> > realm list
> > authconfig --enablewinbindusedefaultdomain --update
> >
> > wbinfo -t
> > wbinfo -g
> > wbinfo -u
> >
> > Work (join in domain, and list groups and users)
> >
> > i can use for authentication ssh and apache (work)
> >
> > ### My problem
> > Acually File with winbind
> >
> >    workgroup = NONAME
> >    realm = NONAME.COM.BR
> >    security = ads
> >    idmap config * : range = 16777216-33554431
> >    template homedir = /home/%U@%D
> >    template shell = /bin/bash
> >    kerberos method = secrets only
> >    winbind use default domain = true
> >    winbind offline logon = true
> >    log file = /var/log/samba/log.%m
> >    log level = 3
> >
> >
> > passdb backend = tdbsam
> > printing = cups
> > printcap name = cups
> > load printers = yes
> > cups options = raw
> > winbind refresh tickets = yes
> > winbind enum groups = no
> > winbind enum users = no
> >
> > [homes]
> > comment = Home Directories
> > valid users = %S, %D%w%S
> > browseable = No
> > read only = No
> > inherit acls = Yes
> >
> > [printers]
> > comment = All Printers
> > path = /var/tmp
> > printable = Yes
> > create mask = 0600
> > browseable = No
> >         valid users = abc, bcd, dce, @grups_printers
> >
> > [print$]
> > comment = Printer Drivers
> > path = /var/lib/samba/drivers
> > write list = root
> > create mask = 0664
> > directory mask = 0775
> >
> > #########################
> > (Second test)
> >
> > ### My problem
> > #########################
> >
> > yum install -y nss-pam-ldapd nscd
> >
> > ldapsearch ( work, i can search and groups and users too)
> >
> > nslcd.conf work too
> >
> > i can use for authentication ssh and apache (work)
> >
> > ### My problem
> > Acually File with samba
> > [global]
> >
> > workgroup = NOMEDOMINIO
> > netbios name = MADAGASCAR
> > server string = Servidor de Arquivos
> >
> > security = user
> > encrypt passwords = true
> > enable privileges = yes
> > passdb backend = tdbsam
> >
> > printing = cups
> > load printers = yes
> >
> > enable privileges = yes
> >
> > [homes]
> > comment = Home Directories
> > browseable = no
> > writable = yes
> >
> > [print$]
> >
> > path = /var/samba/printers
> > read only = yes
> > write list = printer
> > inherit permissions = yes
> >
> > [printers]
> > comment = All Printers
> > path = /var/spool/samba
> > browseable = yes
> > guest ok = yes
> > writable = no
> > printable = yes
> >         valid users = abc, bcd, dce, @grups_printers
> >
> >
> >
>
> Are you using sssd as well ?
> If so, you should decide which to use, sssd or winbind, you cannot use
> both.
>
> If you are not using sssd, you haven't set up the smb.conf correctly,
> see the pages I pointed you to.
>
> If you are using sssd and want to continue using it, you should remove
> winbind and then contact the sssd-users mailing list, this is not a
> Samba problem.
>
> Rowland
>



--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
On Mon, 17 Apr 2017 14:57:45 -0300
Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:

> Well, i dont have sssd installed.

OK, now we know that ;-)

>
> With winbind i install this packages:
> yum install realmd oddjob oddjob-mkhomedir adcli samba-common
> samba-common-tools krb5-workstation openldap-clients
> policycoreutils-python samba-winbind-clients

I use Devuan and install these:

samba acl attr quota fam winbind libpam-winbind libpam-krb5
libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools

You probably have the red-hat versions of these packages installed, but
it might be worth checking.
 
>
> My nsswitch.conf
>
> passwd:     files ldap winbind
> shadow:     files ldap winbind
> group:        files ldap winbind

Remove 'ldap' you do not need it and it will use 'ldap' before 'winbind'


> > > # My mini tutorial
> > >
> > > #########################
> > > (First test)
> > > #########################
> > >
> > > realm join --client-software=winbind -U login NONAME.COM.BR
> > > realm list
> > > authconfig --enablewinbindusedefaultdomain --update
> > >
> > > wbinfo -t
> > > wbinfo -g
> > > wbinfo -u
> > >
> > > Work (join in domain, and list groups and users)

You need to get 'getent' to show your users & groups, until they are
shown, your OS doesn't know them.

> > >
> > > i can use for authentication ssh and apache (work)

Use the info on the wiki page I posted for apache.

> > >
> > > ### My problem
> > > Acually File with winbind
> > >
> > >    workgroup = NONAME
> > >    realm = NONAME.COM.BR
> > >    security = ads
> > >    idmap config * : range = 16777216-33554431
> > >    template homedir = /home/%U@%D
> > >    template shell = /bin/bash
> > >    kerberos method = secrets only
> > >    winbind use default domain = true
> > >    winbind offline logon = true

Use 'security = ads' and add something like

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config NONAME : backend = rid
idmap config NONAME : range = 10000-999999

You can change the ranges if you like, but there is no real point.
Incidentally, the range you used '167777216-33554431' looks like the
numbers sssd uses.

Please read the wiki pages I pointed you to, if you follow them, you
should end up with a working system that does what you require.

Rowland
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
Ok thanks, i make new tests.

2017-04-17 15:21 GMT-03:00 Rowland Penny <[hidden email]>:

> On Mon, 17 Apr 2017 14:57:45 -0300
> Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:
>
> > Well, i dont have sssd installed.
>
> OK, now we know that ;-)
>
> >
> > With winbind i install this packages:
> > yum install realmd oddjob oddjob-mkhomedir adcli samba-common
> > samba-common-tools krb5-workstation openldap-clients
> > policycoreutils-python samba-winbind-clients
>
> I use Devuan and install these:
>
> samba acl attr quota fam winbind libpam-winbind libpam-krb5
> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools
>
> You probably have the red-hat versions of these packages installed, but
> it might be worth checking.
>
> >
> > My nsswitch.conf
> >
> > passwd:     files ldap winbind
> > shadow:     files ldap winbind
> > group:        files ldap winbind
>
> Remove 'ldap' you do not need it and it will use 'ldap' before 'winbind'
>
>
> > > > # My mini tutorial
> > > >
> > > > #########################
> > > > (First test)
> > > > #########################
> > > >
> > > > realm join --client-software=winbind -U login NONAME.COM.BR
> > > > realm list
> > > > authconfig --enablewinbindusedefaultdomain --update
> > > >
> > > > wbinfo -t
> > > > wbinfo -g
> > > > wbinfo -u
> > > >
> > > > Work (join in domain, and list groups and users)
>
> You need to get 'getent' to show your users & groups, until they are
> shown, your OS doesn't know them.
>
> > > >
> > > > i can use for authentication ssh and apache (work)
>
> Use the info on the wiki page I posted for apache.
>
> > > >
> > > > ### My problem
> > > > Acually File with winbind
> > > >
> > > >    workgroup = NONAME
> > > >    realm = NONAME.COM.BR
> > > >    security = ads
> > > >    idmap config * : range = 16777216-33554431
> > > >    template homedir = /home/%U@%D
> > > >    template shell = /bin/bash
> > > >    kerberos method = secrets only
> > > >    winbind use default domain = true
> > > >    winbind offline logon = true
>
> Use 'security = ads' and add something like
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config NONAME : backend = rid
> idmap config NONAME : range = 10000-999999
>
> You can change the ranges if you like, but there is no real point.
> Incidentally, the range you used '167777216-33554431' looks like the
> numbers sssd uses.
>
> Please read the wiki pages I pointed you to, if you follow them, you
> should end up with a working system that does what you require.
>
> Rowland
>
>
>


--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
         Dear, I really do not know, what is wrong.
Remembering, I add a linux in active directory domain and I need to add
local printers shared with AD authentication.

My tutorial and errors
########################################
# Install Packages
yum install perl gcc attr libacl-devel libblkid-devel gnutls-devel
readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel
setroubleshoot-server libaio-devel setroubleshoot-plugins
policycoreutils-python libsemanage-python perl-ExtUtils-MakeMaker
perl-Parse-Yapp popt-devel libxml2-devel libattr-devel keyutils-libs-devel
cups-devel bind-utils libxslt docbook-style-xsl openldap-devel autoconf
python-crypto pam-devel ntp wget vim

# Update Operation System
yum update -y

# Update ntp.conf
server rede.com.br iburst

# Syncronize time and start service
ntpdate redecamara.camara.gov.br
systemctl start ntpd.service

# Config Kerberos file
cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = REDE.COM.BR
 dns_lookup_realm = false
 dns_lookup_kdc = true
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_ccache_name = KEYRING:persistent:%{uid}

# Show hots (OK)
getent hosts REDE

# Download last version Samba
wget https://download.samba.org/pub/samba/stable/samba-4.6.2.tar.gz

# Descompact
tar -vxf samba-4.6.2.tar.gz

# Configure and compile Samba
./configure --prefix /usr --enable-fhs --enable-cups --sysconfdir=/etc
--localstatedir=/var --with-privatedir=/var/lib/samba/private
--with-piddir=/var/run/samba --with-automount --datadir=/usr/share
--with-lockdir=/var/run/samba --with-statedir=/var/lib/samba
--with-cachedir=/var/cache/samba --with-systemd --with-winbind && make &&
make install

# Update Libs
ldconfig

# Show Configs of Samba
smbd  -b | grep CONFIGFILE
   CONFIGFILE: /etc/samba/smb.conf

smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
   LOCKDIR: /var/run/samba
   STATEDIR: /var/lib/samba
   CACHEDIR: /var/cache/samba
   PRIVATE_DIR: /var/lib/samba/private

smbd -b | grep "CUPS"
   HAVE_CUPS_CUPS_H
   HAVE_CUPS_LANGUAGE_H
   HAVE_CUPS
   HAVE_LIBCUPS

# Create smb.conf
[global]
       security = ADS
       workgroup = REDE
       realm = REDE.COM.BR

       log file = /var/log/samba/%m.log
       log level = 1

       # Default ID mapping configuration for local BUILTIN accounts
       # and groups on a domain member. The default (*) domain:
       # - must not overlap with any domain ID mapping configuration!
       # - must use an read-write-enabled back end, such as tdb.
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999
       winbind use default domain = yes
       case sensitive = no

       [printers]
       path = /var/spool/samba/
       printable = yes
       print ok = yes
       browseable = yes

# Create directory and permissions
mkdir -p /var/spool/samba/
chmod 1777 /var/spool/samba/

# Join Machine in Domain
net ads join -U user -W REDE

vim /etc/nsswitch.conf
passwd:     files winbind
shadow:     files winbind
group:      files winbind

# Start Winbind
winbindd

# Check Winbind
wbinfo -t
checking the trust secret for domain REDE via RPC calls succeeded

wbinfo --ping-dc

wbinfo -g (work)
wbinfo -u (work)

# Shared printers in CUPS
smbd
nmbd

netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN

tcp6       0      0 :::139                  :::*                    LISTEN

tcp6       0      0 :::22                   :::*                    LISTEN

tcp6       0      0 :::631                  :::*                    LISTEN

tcp6       0      0 ::1:25                  :::*                    LISTEN

tcp6       0      0 :::445                  :::*                    LISTEN


#
smbclient -L localhost -U root
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Enter REDE\root's password:
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Domain=[REDE] OS=[] Server=[]

Sharename       Type      Comment
---------       ----      -------
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
IPC$            IPC       IPC Service (Samba 4.6.2)
* Ricoh-Aficio-MP-5002 Printer   CENIN03-13CP (work without Winbind)*
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Domain=[REDE] OS=[] Server=[]

Server               Comment
---------            -------
AGUA
DELOREAN1            Samba 4.6.2

Workgroup            Master
---------            -------
REDE           AGUA


# Error in Log
==> /var/log/samba/winbindd.log <==
[2017/04/24 15:45:29.112300,  1]
../source3/winbindd/winbindd_pam.c:2494(extract_pac_vrfy_sigs)
  Failed to initialize kerberos context: Invalid argument
[2017/04/24 15:45:29.112356,  1]
../source3/winbindd/winbindd_pam.c:2559(winbindd_pam_auth_pac_send)
  Error during PAC signature verification: NT_STATUS_UNSUCCESSFUL

# Commands test Kerberos

kinit root
Password for [hidden email]:

klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [hidden email]

Valid starting       Expires              Service principal
04/24/2017 16:17:24  04/25/2017 02:17:24  krbtgt/[hidden email]
renew until 04/25/2017 16:17:22


2017-04-17 15:35 GMT-03:00 Luiz Guilherme Nunes Fernandes <
[hidden email]>:

> Ok thanks, i make new tests.
>
> 2017-04-17 15:21 GMT-03:00 Rowland Penny <[hidden email]>:
>
>> On Mon, 17 Apr 2017 14:57:45 -0300
>> Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:
>>
>> > Well, i dont have sssd installed.
>>
>> OK, now we know that ;-)
>>
>> >
>> > With winbind i install this packages:
>> > yum install realmd oddjob oddjob-mkhomedir adcli samba-common
>> > samba-common-tools krb5-workstation openldap-clients
>> > policycoreutils-python samba-winbind-clients
>>
>> I use Devuan and install these:
>>
>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools
>>
>> You probably have the red-hat versions of these packages installed, but
>> it might be worth checking.
>>
>> >
>> > My nsswitch.conf
>> >
>> > passwd:     files ldap winbind
>> > shadow:     files ldap winbind
>> > group:        files ldap winbind
>>
>> Remove 'ldap' you do not need it and it will use 'ldap' before 'winbind'
>>
>>
>> > > > # My mini tutorial
>> > > >
>> > > > #########################
>> > > > (First test)
>> > > > #########################
>> > > >
>> > > > realm join --client-software=winbind -U login NONAME.COM.BR
>> > > > realm list
>> > > > authconfig --enablewinbindusedefaultdomain --update
>> > > >
>> > > > wbinfo -t
>> > > > wbinfo -g
>> > > > wbinfo -u
>> > > >
>> > > > Work (join in domain, and list groups and users)
>>
>> You need to get 'getent' to show your users & groups, until they are
>> shown, your OS doesn't know them.
>>
>> > > >
>> > > > i can use for authentication ssh and apache (work)
>>
>> Use the info on the wiki page I posted for apache.
>>
>> > > >
>> > > > ### My problem
>> > > > Acually File with winbind
>> > > >
>> > > >    workgroup = NONAME
>> > > >    realm = NONAME.COM.BR
>> > > >    security = ads
>> > > >    idmap config * : range = 16777216-33554431
>> > > >    template homedir = /home/%U@%D
>> > > >    template shell = /bin/bash
>> > > >    kerberos method = secrets only
>> > > >    winbind use default domain = true
>> > > >    winbind offline logon = true
>>
>> Use 'security = ads' and add something like
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config NONAME : backend = rid
>> idmap config NONAME : range = 10000-999999
>>
>> You can change the ranges if you like, but there is no real point.
>> Incidentally, the range you used '167777216-33554431' looks like the
>> numbers sssd uses.
>>
>> Please read the wiki pages I pointed you to, if you follow them, you
>> should end up with a working system that does what you require.
>>
>> Rowland
>>
>>
>>
>
>
> --
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
>
> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
> Pai, senão por mim >
>                                                              (João 14:6)
>
>                                                                     Att.
>                                         ♪ ♫  Luiz Guilherme Nunes
> Fernandes  ♫ ♪
>
> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
>



--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
On Mon, 24 Apr 2017 16:21:30 -0300
Luiz Guilherme Nunes Fernandes via samba <[hidden email]> wrote:

>          Dear, I really do not know, what is wrong.

I do ;-)


>
> # Config Kerberos file
> cat /etc/krb5.conf
> # Configuration snippets may be placed in this directory as well
> includedir /etc/krb5.conf.d/

and that line above is it!

Remove the line that starts 'includedir'

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
Well, i add new configuration in my smb.conf. I try connecting in shared
backup, this work with authentication, in shared printers, It prints with
anonymous users and when I insert one valid ad user, it prints and displays
the following error: "Idle - "Session setup failed: NT_STATUS_LOGON_FAILURE"

Another doubt, in directory /var/spool/samba/, no have files, This folder
should not have the files? i dont need now add drivers in network.

    [backup]
    path = /opt/backup
    read only = No
    create mask = 1666
    directory mask = 1777
    valid users = user_1, user_2

    [printers]
    path = /var/spool/samba/
    print ok = yes
    guest ok = no
    valid users = user_1, user_2


2017-04-24 16:39 GMT-03:00 Rowland Penny <[hidden email]>:

> On Mon, 24 Apr 2017 16:21:30 -0300
> Luiz Guilherme Nunes Fernandes via samba <[hidden email]> wrote:
>
> >          Dear, I really do not know, what is wrong.
>
> I do ;-)
>
>
> >
> > # Config Kerberos file
> > cat /etc/krb5.conf
> > # Configuration snippets may be placed in this directory as well
> > includedir /etc/krb5.conf.d/
>
> and that line above is it!
>
> Remove the line that starts 'includedir'
>
> Rowland
>
>


--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
On Tue, 25 Apr 2017 11:05:20 -0300
Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:

> Well, i add new configuration in my smb.conf. I try connecting in
> shared backup, this work with authentication, in shared printers, It
> prints with anonymous users and when I insert one valid ad user, it
> prints and displays the following error: "Idle - "Session setup
> failed: NT_STATUS_LOGON_FAILURE"
>
> Another doubt, in directory /var/spool/samba/, no have files, This
> folder should not have the files? i dont need now add drivers in
> network.
>
>     [backup]
>     path = /opt/backup
>     read only = No
>     create mask = 1666
>     directory mask = 1777
>     valid users = user_1, user_2
>
>     [printers]
>     path = /var/spool/samba/
>     print ok = yes
>     guest ok = no
>     valid users = user_1, user_2
>

Did you copy this from the Samba wiki ?:

       # Default ID mapping configuration for local BUILTIN accounts
       # and groups on a domain member. The default (*) domain:
       # - must not overlap with any domain ID mapping configuration!
       # - must use an read-write-enabled back end, such as tdb.
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999

If you did, did you miss (or misunderstand) this:

You must add an ID mapping configuration for every domain in the
[global] section of your smb.conf file. Please select from the
following Samba domain back ends:

You need to add either the 'ad' or 'rid' backend lines to your
smb.conf. You will also need to remove sssd if it is installed.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
Well, i use samba wiki tutorial, well my actually config:

I use winbind for work with getent searchs. In network no package sssd
installed. I start services winbind, smbd and nmbd

Well, really, about the confusion, I did not understand what you meant.

The other config are not changed, they are the same ones when you helped
the problems of the kerberos.

Last detail, with shared backup, i test with several users: users_1,
users_2 for example, and only users of ad can create, remove, rename paste
and files. This part works perfectly.

My new configs:
##################################
# NSS with Winbind
ln -s /usr/lib/libnss_winbind.so.2 /lib64/
ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
ldconfig

##################################
[global]
       security = ADS
       workgroup = REDE
       realm = REDE.COM.BR

       log file = /var/log/samba/%m.log
       log level = 1

       idmap config * : backend = tdb
       idmap config * : range = 3000-19999   #  I add for 19,999 for search
all users of ad
       winbind use default domain = yes
       case sensitive = no

       winbind enum users = yes
       winbind enum groups = yes

       printing = cups
       load printers = yes

   [backup]
   path = /opt/backup
   read only = No
   create mask = 1666
   directory mask = 1777
   valid users = users_1, users_2

   [printers]
   path = /var/spool/samba/
   print ok = yes
   guest ok = no
   valid users =  users_1, users_2
##################################
Result with smbclient:

 smbclient -L localhost
Enter [hidden email]'s password:
Domain=[REDE] OS=[] Server=[]

Sharename       Type      Comment
---------       ----      -------
backup          Disk
IPC$            IPC       IPC Service (Samba 4.6.2)
Ricoh-Aficio-MP-5002 Printer   CEST
Domain=[REDE] OS=[] Server=[]

Server               Comment
---------            -------
AGUA
DELOREAN1            Samba 4.6.2

Workgroup            Master
---------            -------
REDE           AGUA


2017-04-25 11:18 GMT-03:00 Rowland Penny <[hidden email]>:

> On Tue, 25 Apr 2017 11:05:20 -0300
> Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:
>
> > Well, i add new configuration in my smb.conf. I try connecting in
> > shared backup, this work with authentication, in shared printers, It
> > prints with anonymous users and when I insert one valid ad user, it
> > prints and displays the following error: "Idle - "Session setup
> > failed: NT_STATUS_LOGON_FAILURE"
> >
> > Another doubt, in directory /var/spool/samba/, no have files, This
> > folder should not have the files? i dont need now add drivers in
> > network.
> >
> >     [backup]
> >     path = /opt/backup
> >     read only = No
> >     create mask = 1666
> >     directory mask = 1777
> >     valid users = user_1, user_2
> >
> >     [printers]
> >     path = /var/spool/samba/
> >     print ok = yes
> >     guest ok = no
> >     valid users = user_1, user_2
> >
>
> Did you copy this from the Samba wiki ?:
>
>        # Default ID mapping configuration for local BUILTIN accounts
>        # and groups on a domain member. The default (*) domain:
>        # - must not overlap with any domain ID mapping configuration!
>        # - must use an read-write-enabled back end, such as tdb.
>        idmap config * : backend = tdb
>        idmap config * : range = 3000-7999
>
> If you did, did you miss (or misunderstand) this:
>
> You must add an ID mapping configuration for every domain in the
> [global] section of your smb.conf file. Please select from the
> following Samba domain back ends:
>
> You need to add either the 'ad' or 'rid' backend lines to your
> smb.conf. You will also need to remove sssd if it is installed.
>
> Rowland
>



--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: doubt

Samba - General mailing list
On Tue, 25 Apr 2017 11:46:01 -0300
Luiz Guilherme Nunes Fernandes <[hidden email]> wrote:

> Well, i use samba wiki tutorial, well my actually config:
>
> I use winbind for work with getent searchs. In network no package sssd
> installed. I start services winbind, smbd and nmbd
>
> Well, really, about the confusion, I did not understand what you
> meant.

I thought you had missed it, I always thought it wasn't very clear ;-(

If you read this wiki page:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Under the block of code there is this line:

 You must add an ID mapping configuration for every domain in the
 [global] section of your smb.conf file. Please select from the
 following Samba domain back ends

This isn't very clear and it would seem that you didn't understand it.

Under the line there is a box that lists the winbind backends. You are
supposed to select one to use and click on the required link to go to
the page that will tell you how to set it up.

I will attempt to make it clearer.

>
> The other config are not changed, they are the same ones when you
> helped the problems of the kerberos.

Sorry, but I missed that you hadn't set up the winbind DOMAIN backend.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...