Well, i use samba wiki tutorial, well my actually config:
I use winbind for work with getent searchs. In network no package sssd
installed. I start services winbind, smbd and nmbd
Well, really, about the confusion, I did not understand what you meant.
The other config are not changed, they are the same ones when you helped
the problems of the kerberos.
Last detail, with shared backup, i test with several users: users_1,
users_2 for example, and only users of ad can create, remove, rename paste
and files. This part works perfectly.
My new configs:
##################################
# NSS with Winbind
ln -s /usr/lib/libnss_winbind.so.2 /lib64/
ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
ldconfig
##################################
[global]
security = ADS
workgroup = REDE
realm = REDE.COM.BR
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-19999 # I add for 19,999 for search
all users of ad
winbind use default domain = yes
case sensitive = no
winbind enum users = yes
winbind enum groups = yes
printing = cups
load printers = yes
[backup]
path = /opt/backup
read only = No
create mask = 1666
directory mask = 1777
valid users = users_1, users_2
[printers]
path = /var/spool/samba/
print ok = yes
guest ok = no
valid users = users_1, users_2
##################################
Result with smbclient:
smbclient -L localhost
Enter users_1 at REDE.COM.BR's password:
Domain=[REDE] OS=[] Server=[]
Sharename Type Comment
--------- ---- -------
backup Disk
IPC$ IPC IPC Service (Samba 4.6.2)
Ricoh-Aficio-MP-5002 Printer CEST
Domain=[REDE] OS=[] Server=[]
Server Comment
--------- -------
AGUA
DELOREAN1 Samba 4.6.2
Workgroup Master
--------- -------
REDE AGUA
2017-04-25 11:18 GMT-03:00 Rowland Penny <rpenny at samba.org>:
> On Tue, 25 Apr 2017 11:05:20 -0300
> Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
>
> > Well, i add new configuration in my smb.conf. I try connecting in
> > shared backup, this work with authentication, in shared printers, It
> > prints with anonymous users and when I insert one valid ad user, it
> > prints and displays the following error: "Idle - "Session
setup
> > failed: NT_STATUS_LOGON_FAILURE"
> >
> > Another doubt, in directory /var/spool/samba/, no have files, This
> > folder should not have the files? i dont need now add drivers in
> > network.
> >
> > [backup]
> > path = /opt/backup
> > read only = No
> > create mask = 1666
> > directory mask = 1777
> > valid users = user_1, user_2
> >
> > [printers]
> > path = /var/spool/samba/
> > print ok = yes
> > guest ok = no
> > valid users = user_1, user_2
> >
>
> Did you copy this from the Samba wiki ?:
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use an read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> If you did, did you miss (or misunderstand) this:
>
> You must add an ID mapping configuration for every domain in the
> [global] section of your smb.conf file. Please select from the
> following Samba domain back ends:
>
> You need to add either the 'ad' or 'rid' backend lines to
your
> smb.conf. You will also need to remove sssd if it is installed.
>
> Rowland
>
--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
(João 14:6)
Att.
♪ ♫ Luiz Guilherme Nunes
Fernandes ♫ ♪
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>