samba - Apr 2017 - doubt

Well, i add new configuration in my smb.conf. I try connecting in shared
backup, this work with authentication, in shared printers, It prints with
anonymous users and when I insert one valid ad user, it prints and displays
the following error: "Idle - "Session setup failed:
NT_STATUS_LOGON_FAILURE"

Another doubt, in directory /var/spool/samba/, no have files, This folder
should not have the files? i dont need now add drivers in network.

    [backup]
    path = /opt/backup
    read only = No
    create mask = 1666
    directory mask = 1777
    valid users = user_1, user_2

    [printers]
    path = /var/spool/samba/
    print ok = yes
    guest ok = no
    valid users = user_1, user_2


2017-04-24 16:39 GMT-03:00 Rowland Penny <rpenny at samba.org>:
> On Mon, 24 Apr 2017 16:21:30 -0300
> Luiz Guilherme Nunes Fernandes via samba <samba at lists.samba.org>
wrote:
>
> >          Dear, I really do not know, what is wrong.
>
> I do ;-)
>
>
> >
> > # Config Kerberos file
> > cat /etc/krb5.conf
> > # Configuration snippets may be placed in this directory as well
> > includedir /etc/krb5.conf.d/
>
> and that line above is it!
>
> Remove the line that starts 'includedir'
>
> Rowland
>
>

-- 
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

On Tue, 25 Apr 2017 11:05:20 -0300
Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
> Well, i add new configuration in my smb.conf. I try connecting in
> shared backup, this work with authentication, in shared printers, It
> prints with anonymous users and when I insert one valid ad user, it
> prints and displays the following error: "Idle - "Session setup
> failed: NT_STATUS_LOGON_FAILURE"
> 
> Another doubt, in directory /var/spool/samba/, no have files, This
> folder should not have the files? i dont need now add drivers in
> network.
> 
>     [backup]
>     path = /opt/backup
>     read only = No
>     create mask = 1666
>     directory mask = 1777
>     valid users = user_1, user_2
> 
>     [printers]
>     path = /var/spool/samba/
>     print ok = yes
>     guest ok = no
>     valid users = user_1, user_2
> 
Did you copy this from the Samba wiki ?:

       # Default ID mapping configuration for local BUILTIN accounts
       # and groups on a domain member. The default (*) domain:
       # - must not overlap with any domain ID mapping configuration!
       # - must use an read-write-enabled back end, such as tdb.
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999

If you did, did you miss (or misunderstand) this:

You must add an ID mapping configuration for every domain in the
[global] section of your smb.conf file. Please select from the
following Samba domain back ends:

You need to add either the 'ad' or 'rid' backend lines to your
smb.conf. You will also need to remove sssd if it is installed.

Rowland

Well, i use samba wiki tutorial, well my actually config:

I use winbind for work with getent searchs. In network no package sssd
installed. I start services winbind, smbd and nmbd

Well, really, about the confusion, I did not understand what you meant.

The other config are not changed, they are the same ones when you helped
the problems of the kerberos.

Last detail, with shared backup, i test with several users: users_1,
users_2 for example, and only users of ad can create, remove, rename paste
and files. This part works perfectly.

My new configs:
##################################
# NSS with Winbind
ln -s /usr/lib/libnss_winbind.so.2 /lib64/
ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
ldconfig

##################################
[global]
       security = ADS
       workgroup = REDE
       realm = REDE.COM.BR

       log file = /var/log/samba/%m.log
       log level = 1

       idmap config * : backend = tdb
       idmap config * : range = 3000-19999   #  I add for 19,999 for search
all users of ad
       winbind use default domain = yes
       case sensitive = no

       winbind enum users = yes
       winbind enum groups = yes

       printing = cups
       load printers = yes

   [backup]
   path = /opt/backup
   read only = No
   create mask = 1666
   directory mask = 1777
   valid users = users_1, users_2

   [printers]
   path = /var/spool/samba/
   print ok = yes
   guest ok = no
   valid users =  users_1, users_2
##################################
Result with smbclient:

 smbclient -L localhost
Enter users_1 at REDE.COM.BR's password:
Domain=[REDE] OS=[] Server=[]

Sharename       Type      Comment
---------       ----      -------
backup          Disk
IPC$            IPC       IPC Service (Samba 4.6.2)
Ricoh-Aficio-MP-5002 Printer   CEST
Domain=[REDE] OS=[] Server=[]

Server               Comment
---------            -------
AGUA
DELOREAN1            Samba 4.6.2

Workgroup            Master
---------            -------
REDE           AGUA


2017-04-25 11:18 GMT-03:00 Rowland Penny <rpenny at samba.org>:
> On Tue, 25 Apr 2017 11:05:20 -0300
> Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
>
> > Well, i add new configuration in my smb.conf. I try connecting in
> > shared backup, this work with authentication, in shared printers, It
> > prints with anonymous users and when I insert one valid ad user, it
> > prints and displays the following error: "Idle - "Session
setup
> > failed: NT_STATUS_LOGON_FAILURE"
> >
> > Another doubt, in directory /var/spool/samba/, no have files, This
> > folder should not have the files? i dont need now add drivers in
> > network.
> >
> >     [backup]
> >     path = /opt/backup
> >     read only = No
> >     create mask = 1666
> >     directory mask = 1777
> >     valid users = user_1, user_2
> >
> >     [printers]
> >     path = /var/spool/samba/
> >     print ok = yes
> >     guest ok = no
> >     valid users = user_1, user_2
> >
>
> Did you copy this from the Samba wiki ?:
>
>        # Default ID mapping configuration for local BUILTIN accounts
>        # and groups on a domain member. The default (*) domain:
>        # - must not overlap with any domain ID mapping configuration!
>        # - must use an read-write-enabled back end, such as tdb.
>        idmap config * : backend = tdb
>        idmap config * : range = 3000-7999
>
> If you did, did you miss (or misunderstand) this:
>
> You must add an ID mapping configuration for every domain in the
> [global] section of your smb.conf file. Please select from the
> following Samba domain back ends:
>
> You need to add either the 'ad' or 'rid' backend lines to
your
> smb.conf. You will also need to remove sssd if it is installed.
>
> Rowland
>


-- 
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>