Hi, I do not have much understanding of samba other than having seen smb.conf file and having running start/stop scripts. We have samba version 3.5.8 installed. Our samba configuration was working fine but all of a sudden in a random manner, we see user "sids" appearing instead of username in the security section of file properties for few of the shared resources. On googling I did come across the issue but no satisfactory solution/explanation. Also the "same samba configuration" had not been working fine for years. We use the "force user" in smb.conf and would expect the username of the "force user" to appear instead of the SID. Here is the relevant slice of the smb.conf [shared_folder] writable = yes browsable = no path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin domain1+windowslogin2 st0007 read list wherein , we would like folders in the "/opt/software/shared/st0007/samba" to be created with user st0007 when created via samba. The user st0007 is a valid unix user. What we find is that when folder is created in the shared resource(shared_folder) by someone in the valid user list, the folder seems to have SID ( which maps to correct uid on using wbinfo ) shown instead of the username. The group mapping is fine ( as seen in /etc/passwd for the user). As a consequence of the user being different from the force-user which we would like it to be, the folder cannot be renamed, cannot be deleted via samba by the valid user. The folder owner is st0007 when seen in the unix environment. And this behaviour is now random. It works for some shared user (i.e , we get force username on the securities tab). Could this issue be due to "changes" in windows controller etc as the problem had seemed to have gone away once on its own, ie the SIDs reverted back to the username. But now it seems to persist. Here is the chunk of the global smb.conf file as well... [global] deadtime = 10 encrypt passwords = yes server string = DAP Samba server %h max log size = 500000 available = yes bind interfaces only = yes browseable = no case sensitive = no comment = DAP Samba server follow symlinks = yes max smbd processes = 200 invalid users = root load printers = no printing = bsd printcap name = /dev/null disable spoolss yes log level = 2 read only = yes auth methods = winbind sam_ignoredomain create mask = 0000 directory mask = 0000 force create mode = 0644 force directory mode = 0755 security mask = 0750 security = ADS realm = RAG.ADS.YD.COM workgroup = DBG allow trusted domains = yes encrypt passwords = yes winbind separator = + winbind uid = 1000000-1100000 winbind enum users = no winbind gid = 1000000-1100000 winbind enum groups = no winbind cache time = 60 winbind use default domain = yes use spnego = yes lanman auth = no client lanman auth = no client plaintext auth = no disable netbios = yes min protocol = NT1 ntlm auth = yes wins support = no name resolve order = lmhosts host wide links = yes unix extensions = no local master = no domain master = no preferred master = no os level = 0 netbios name = netbios_server password server = pass_server1,pas_server2,pass_server3 [shared_folder] writable = yes browsable = no path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin domain1+windowslogin2 st0007 read list Any help would be greatly appreciated. Thanks, Vishal --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
Hi, I do not have much understanding of samba other than having seen smb.conf file and having run start/stop scripts. We have samba version 3.5.8 installed. Our samba configuration was working fine but all of a sudden in a random manner, we see user "sids" appearing instead of username in the security section of file properties for few of the shared resources. On googling I did come across the issue but no satisfactory solution/explanation. Also the "same samba configuration" had been working fine for years. We use the "force user" in smb.conf and would expect the username of the "force user" to appear instead of the SID. Here is the relevant slice of the smb.conf [shared_folder] writable = yes browsable = no path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin domain1+windowslogin2 st0007 read list wherein , we would like folders in the "/opt/software/shared/st0007/samba" to be created with user st0007 when created via samba. The user st0007 is a valid unix user. What we find is that when folder is created in the shared resource(shared_folder) by someone in the valid user list, the folder seems to have SID ( which maps to correct uid on using wbinfo ) shown instead of the username. The group mapping is fine ( as seen in /etc/passwd for the user). As a consequence of the user being different from the force-user which we would like it to be, the folder cannot be renamed, cannot be deleted via samba by the valid user. The folder owner is st0007 when seen in the unix environment. And this behaviour is now random. It works for some shared user (i.e , we get force username on the securities tab). Could this issue be due to "changes" in windows controller etc as the problem had seemed to have gone away once on its own, ie the SIDs reverted back to the username. But now it seems to persist. Here is the chunk of the global smb.conf file as well... [global] deadtime = 10 encrypt passwords = yes server string = DAP Samba server %h max log size = 500000 available = yes bind interfaces only = yes browseable = no case sensitive = no comment = DAP Samba server follow symlinks = yes max smbd processes = 200 invalid users = root load printers = no printing = bsd printcap name = /dev/null disable spoolss yes log level = 2 read only = yes auth methods = winbind sam_ignoredomain create mask = 0000 directory mask = 0000 force create mode = 0644 force directory mode = 0755 security mask = 0750 security = ADS realm = RAG.ADS.YD.COM workgroup = DBG allow trusted domains = yes encrypt passwords = yes winbind separator = + winbind uid = 1000000-1100000 winbind enum users = no winbind gid = 1000000-1100000 winbind enum groups = no winbind cache time = 60 winbind use default domain = yes use spnego = yes lanman auth = no client lanman auth = no client plaintext auth = no disable netbios = yes min protocol = NT1 ntlm auth = yes wins support = no name resolve order = lmhosts host wide links = yes unix extensions = no local master = no domain master = no preferred master = no os level = 0 netbios name = netbios_server password server = pass_server1,pas_server2,pass_server3 [shared_folder] writable = yes browsable = no path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin domain1+windowslogin2 st0007 read list Any help would be greatly appreciated. Thanks, Vishal --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
Hi, We were able to resolve the issue by deleting the "locks/gencache.tdb" file. On deleting the gencache.tdb , the SID reverted to the correct username, the "force user". Hope this is useful to anyone with the issue. Thanks, Vishal -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Vishal-sh Sharma Sent: 17 November 2011 13:11 To: samba at lists.samba.org Subject: [Samba] Sid instead of username Hi, I do not have much understanding of samba other than having seen smb.conf file and having run start/stop scripts. We have samba version 3.5.8 installed. Our samba configuration was working fine but all of a sudden in a random manner, we see user "sids" appearing instead of username in the security section of file properties for few of the shared resources. On googling I did come across the issue but no satisfactory solution/explanation. Also the "same samba configuration" had been working fine for years. We use the "force user" in smb.conf and would expect the username of the "force user" to appear instead of the SID. Here is the relevant slice of the smb.conf [shared_folder] writable = yes browsable = no path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin domain1+windowslogin2 st0007 read list wherein , we would like folders in the "/opt/software/shared/st0007/samba" to be created with user st0007 when created via samba. The user st0007 is a valid unix user. What we find is that when folder is created in the shared resource(shared_folder) by someone in the valid user list, the folder seems to have SID ( which maps to correct uid on using wbinfo ) shown instead of the username. The group mapping is fine ( as seen in /etc/passwd for the user). As a consequence of the user being different from the force-user which we would like it to be, the folder cannot be renamed, cannot be deleted via samba by the valid user. The folder owner is st0007 when seen in the unix environment. And this behaviour is now random. It works for some shared user (i.e , we get force username on the securities tab). Could this issue be due to "changes" in windows controller etc as the problem had seemed to have gone away once on its own, ie the SIDs reverted back to the username. But now it seems to persist. Here is the chunk of the global smb.conf file as well... [global] deadtime = 10 encrypt passwords = yes server string = DAP Samba server %h max log size = 500000 available = yes bind interfaces only = yes browseable = no case sensitive = no comment = DAP Samba server follow symlinks = yes max smbd processes = 200 invalid users = root load printers = no printing = bsd printcap name = /dev/null disable spoolss yes log level = 2 read only = yes auth methods = winbind sam_ignoredomain create mask = 0000 directory mask = 0000 force create mode = 0644 force directory mode = 0755 security mask = 0750 security = ADS realm = RAG.ADS.YD.COM workgroup = DBG allow trusted domains = yes encrypt passwords = yes winbind separator = + winbind uid = 1000000-1100000 winbind enum users = no winbind gid = 1000000-1100000 winbind enum groups = no winbind cache time = 60 winbind use default domain = yes use spnego = yes lanman auth = no client lanman auth = no client plaintext auth = no disable netbios = yes min protocol = NT1 ntlm auth = yes wins support = no name resolve order = lmhosts host wide links = yes unix extensions = no local master = no domain master = no preferred master = no os level = 0 netbios name = netbios_server password server = pass_server1,pas_server2,pass_server3 [shared_folder] writable = yes browsable = no path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin domain1+windowslogin2 st0007 read list Any help would be greatly appreciated. Thanks, Vishal --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.