thr3ads.net - samba - [Samba] Samba 3.0.23 + ADS + 'valid users' + 'force user' does not work [Jul 2006]

If this information is useful, please help other people find it:
Share via:

Andrei Nazarenko

2006-Jul-12 05:13 UTC

[Samba] Samba 3.0.23 + ADS + 'valid users' + 'force user' does not work

Just upgraded Samba to 3.0.23 and can no longer map any non-anonymous shares.

Here is my smb.conf file:

[global]
 map to guest = Bad User
 guest account = nobody
 syslog = 0
 log level = 3
 workgroup = OAAD
 realm = OA.PNRAD.NET
 security = ADS

[intranet]
 path = /srv/www/intranet
 valid users = nazaand
 write list = nazaand
 force user = intranet
 force group = intranet
 create mask = 0660
 directory mask = 0770
 browseable = No

Unix user 'nazaand' exists with UID:1000 and GID:100.
The ADS authentication also works fine, I get the following entries in
the log file:

[2006/07/11 17:53:18, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine FRPDC003.OA.PNRAD.NET pipe \NETLOGON
fnum 0xa bind request returned ok.
[2006/07/11 17:53:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
  store_gid_sid_cache: gid 100 in cache ->
S-1-5-21-2802976709-2047762053-2842697490-1201
[2006/07/11 17:53:18, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999)
  fetch gid from cache 100 -> S-1-5-21-2802976709-2047762053-2842697490-1201
[2006/07/11 17:53:18, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: winbind authentication for user [nazaand] succeeded
[2006/07/11 17:53:18, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [nazaand] -> [nazaand]
-> [nazaand] succeeded


But the share cannot be mapped because of this:

[2006/07/11 17:53:18, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038)
  store_gid_sid_cache: gid 2147483404 in cache ->
S-1-5-21-2802976709-2047762053-2842697490-513
[2006/07/11 17:53:18, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/07/11 17:53:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0xe2088215
[2006/07/11 17:53:18, 3] smbd/password.c:register_vuid(280)
  User name: nazaand    Real name:
[2006/07/11 17:53:18, 3] smbd/password.c:register_vuid(301)
  UNIX uid 1000 is UNIX user nazaand, and will be vuid 103
[2006/07/11 17:53:18, 3] smbd/password.c:register_vuid(332)
  Adding homes service for user 'nazaand' using home directory:
'/srv/www/htdocs'
[2006/07/11 17:53:18, 3] smbd/process.c:process_smb(1110)
  Transaction 7 of length 86
[2006/07/11 17:53:18, 3] smbd/process.c:switch_message(914)
  switch message SMBtconX (pid 16063) conn 0x0
[2006/07/11 17:53:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/07/11 17:53:18, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid nazaand does not start with 'S-'.
[2006/07/11 17:53:18, 2] smbd/service.c:make_connection_snum(571)
  user 'nazaand' (from session setup) not permitted to access this
share (intranet)
[2006/07/11 17:53:18, 3] smbd/error.c:error_packet(146)
  error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED

Why do I get the "not permitted to access this share" error if my user
is in the "valid users" list?

If I remove the "valid users" list completely, then the share can be
mapped, but I cannot write to it. If I use "security = user" then
everything works ok.

Does new Samba version require a different format format for the
'valid users' and 'write list' directives or do I need to
specify any
additional parameters for it to work as 3.0.22?

Thanks for your time

Gerald (Jerry) Carter

2006-Jul-12 11:31 UTC

head link

[Samba] Samba 3.0.23 + ADS + 'valid users' + 'force user' does not work

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrei Nazarenko wrote:
> Just upgraded Samba to 3.0.23 and can no longer 
> map any non-anonymous shares.
> 
> Here is my smb.conf file:
....> Why do I get the "not permitted to access this share" 
> error if my user is in the "valid users" list?
> 
> If I remove the "valid users" list completely, then 
> the share can be mapped, but I cannot write to it.
> If I use "security = user" then everything works ok.
Please send me you full smb.conf and a level 10 debug log
file from smbd off list.  Thanks.





cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEtN1lIR7qMdg1EfYRAmY8AJ9sByv2vaD8sC+uHbGOVEJeuU4MoQCdFeVC
1t+zsBA2PSsf9TujSq8RV2Y=ZzWq
-----END PGP SIGNATURE-----

Reasonably Related Threads

Search for more reasonably related threads

samba - Jul 2006 - Samba 3.0.23 + ADS + 'valid users' + 'force user' does not work

[Samba] Samba 3.0.23 + ADS + 'valid users' + 'force user' does not work

[Samba] Samba 3.0.23 + ADS + 'valid users' + 'force user' does not work

Reasonably Related Threads