[Samba] doubt

Rowland Penny rpenny at samba.org
Mon Apr 17 17:35:58 UTC 2017 

On Mon, 17 Apr 2017 14:28:12 -0300
Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:

> This problem, in the computer park there is a domain controller
> microsoft without shared printers, I need to use another server with
> samba shares + cups, but with authentication in the microsoft active
> directory. I try parameters securty = ads (join machine in domain)
> and user ( cant read users with nslcd and nsswitch , but only work
> with ssh and apache.
> 
> Topology
> 
> 1 server microsoft windows ( Have user and groups tree and shared
> paste) ( This server ok, work with pdc, and shared paste )
> 1 Linux with samba and need only shared printers with authentication
> in previous server . ( No work )
> 
> 
> Rowland Penny
> What I basically want to do is use the users and groups from the
> active directory in my new samba with shared printers. What I can not
> do this authentication.
> 
> This question is, i can use winbind for new shared printers? i join
> the machine in domain, and cups work with anonymous. But any idea?
> 
> 
> # My mini tutorial
> 
> #########################
> (First test)
> #########################
> 
> realm join --client-software=winbind -U login NONAME.COM.BR
> realm list
> authconfig --enablewinbindusedefaultdomain --update
> 
> wbinfo -t
> wbinfo -g
> wbinfo -u
> 
> Work (join in domain, and list groups and users)
> 
> i can use for authentication ssh and apache (work)
> 
> ### My problem
> Acually File with winbind
> 
>    workgroup = NONAME
>    realm = NONAME.COM.BR
>    security = ads
>    idmap config * : range = 16777216-33554431
>    template homedir = /home/%U@%D
>    template shell = /bin/bash
>    kerberos method = secrets only
>    winbind use default domain = true
>    winbind offline logon = true
>    log file = /var/log/samba/log.%m
>    log level = 3
> 
> 
> passdb backend = tdbsam
> printing = cups
> printcap name = cups
> load printers = yes
> cups options = raw
> winbind refresh tickets = yes
> winbind enum groups = no
> winbind enum users = no
> 
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
> 
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> create mask = 0600
> browseable = No
>         valid users = abc, bcd, dce, @grups_printers
> 
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = root
> create mask = 0664
> directory mask = 0775
> 
> #########################
> (Second test)
> 
> ### My problem
> #########################
> 
> yum install -y nss-pam-ldapd nscd
> 
> ldapsearch ( work, i can search and groups and users too)
> 
> nslcd.conf work too
> 
> i can use for authentication ssh and apache (work)
> 
> ### My problem
> Acually File with samba
> [global]
> 
> workgroup = NOMEDOMINIO
> netbios name = MADAGASCAR
> server string = Servidor de Arquivos
> 
> security = user
> encrypt passwords = true
> enable privileges = yes
> passdb backend = tdbsam
> 
> printing = cups
> load printers = yes
> 
> enable privileges = yes
> 
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> 
> [print$]
> 
> path = /var/samba/printers
> read only = yes
> write list = printer
> inherit permissions = yes
> 
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = yes
> guest ok = yes
> writable = no
> printable = yes
>         valid users = abc, bcd, dce, @grups_printers
> 
> 
> 

Are you using sssd as well ?
If so, you should decide which to use, sssd or winbind, you cannot use
both.

If you are not using sssd, you haven't set up the smb.conf correctly,
see the pages I pointed you to.

If you are using sssd and want to continue using it, you should remove
winbind and then contact the sssd-users mailing list, this is not a
Samba problem.

Rowland

More information about the samba mailing list