|
»
»
« Return to Thread: User SID problem with home directory
User SID problem with home directory
by Wes Modes
::
Rate this Message:
I'm having the problem in which users can access their group shares, but
not their home shares. These two shares are defined thusly in smb.conf:
[seref]
comment = Science & Engineering Reference Section
path = /data/group/seref
valid users = @seref, @seref-read, @admin
read list = @seref-read
write list = @seref, @admin
force group = seref
create mask = 0664
directory mask = 0770
[home]
comment = %u's Personal Share Directory
path = /data/home/%U
valid users = %U, @admin
write list = %U, @admin
create mask = 0600
directory mask = 0700
browseable = No
It seems that the %U variable, causes Samba to do a
lookup_global_sam_name which fails.
[root@fileserver]# smbclient -Ujoeblow
'\\edgar.library.ucsc.edu\home' xxxxxxxx
tree connect failed: NT_STATUS_ACCESS_DENIED
Here's the relevant section of the log:
passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: joeblow
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 30023
passdb/passdb.c:lookup_global_sam_name(596)
User joeblow with invalid SID
S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 1001
smbd/service.c:make_connection_snum(616)
user 'joeblow' (from session setup) not permitted to access this
share (home)
Please note that I am not using the ADS security model, nor do I care to
at the moment. Here's the significant part of my smb.conf:
### Basic information for server
workgroup = MCHSTAFF
netbios name = EDGAR
server string = Library Samba Server
hosts allow = 169.233.
hosts allow = 128.114.
enable privileges = yes
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
username map = /etc/samba/smbusers
logon path =
wins support = yes
dns proxy = no
So why I am I getting the failure "User joeblow with invalid SID"?
Wes
--
Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
not their home shares. These two shares are defined thusly in smb.conf:
[seref]
comment = Science & Engineering Reference Section
path = /data/group/seref
valid users = @seref, @seref-read, @admin
read list = @seref-read
write list = @seref, @admin
force group = seref
create mask = 0664
directory mask = 0770
[home]
comment = %u's Personal Share Directory
path = /data/home/%U
valid users = %U, @admin
write list = %U, @admin
create mask = 0600
directory mask = 0700
browseable = No
It seems that the %U variable, causes Samba to do a
lookup_global_sam_name which fails.
[root@fileserver]# smbclient -Ujoeblow
'\\edgar.library.ucsc.edu\home' xxxxxxxx
tree connect failed: NT_STATUS_ACCESS_DENIED
Here's the relevant section of the log:
passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: joeblow
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 30023
passdb/passdb.c:lookup_global_sam_name(596)
User joeblow with invalid SID
S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 1001
smbd/service.c:make_connection_snum(616)
user 'joeblow' (from session setup) not permitted to access this
share (home)
Please note that I am not using the ADS security model, nor do I care to
at the moment. Here's the significant part of my smb.conf:
### Basic information for server
workgroup = MCHSTAFF
netbios name = EDGAR
server string = Library Samba Server
hosts allow = 169.233.
hosts allow = 128.114.
enable privileges = yes
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
username map = /etc/samba/smbusers
logon path =
wins support = yes
dns proxy = no
So why I am I getting the failure "User joeblow with invalid SID"?
Wes
--
Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
« Return to Thread: User SID problem with home directory
| Free Forum Powered by Nabble | Forum Help |