|
»
»
User SID problem with home directory
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
User SID problem with home directory
by Wes Modes
::
Rate this Message:
I'm having the problem in which users can access their group shares, but
not their home shares. These two shares are defined thusly in smb.conf: [seref] comment = Science & Engineering Reference Section path = /data/group/seref valid users = @seref, @seref-read, @admin read list = @seref-read write list = @seref, @admin force group = seref create mask = 0664 directory mask = 0770 [home] comment = %u's Personal Share Directory path = /data/home/%U valid users = %U, @admin write list = %U, @admin create mask = 0600 directory mask = 0700 browseable = No It seems that the %U variable, causes Samba to do a lookup_global_sam_name which fails. [root@fileserver]# smbclient -Ujoeblow '\\edgar.library.ucsc.edu\home' xxxxxxxx tree connect failed: NT_STATUS_ACCESS_DENIED Here's the relevant section of the log: passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: joeblow passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 30023 passdb/passdb.c:lookup_global_sam_name(596) User joeblow with invalid SID S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1001 smbd/service.c:make_connection_snum(616) user 'joeblow' (from session setup) not permitted to access this share (home) Please note that I am not using the ADS security model, nor do I care to at the moment. Here's the significant part of my smb.conf: ### Basic information for server workgroup = MCHSTAFF netbios name = EDGAR server string = Library Samba Server hosts allow = 169.233. hosts allow = 128.114. enable privileges = yes security = user encrypt passwords = yes preferred master = yes domain master = yes domain logons = yes local master = yes username map = /etc/samba/smbusers logon path = wins support = yes dns proxy = no So why I am I getting the failure "User joeblow with invalid SID"? Wes -- Wes Modes Server Administrator & Programmer Analyst McHenry Library Computing & Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User SID problem with home directory
by Helmut Hullen
::
Rate this Message:
Hallo, Wes,
Du (wmodes) meintest am 12.05.08: > It seems that the %U variable, causes Samba to do a > lookup_global_sam_name which fails. > [root@fileserver]# smbclient -Ujoeblow > '\\edgar.library.ucsc.edu\home' xxxxxxxx > tree connect failed: NT_STATUS_ACCESS_DENIED I've seen this message when "winbindd" is running - my samba server (now 3.0.28a) doesn't need "winbindd". It's the one and only server. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User SID problem with home directory
by Wes Modes
::
Rate this Message:
You are correct that I should have had "wins support" set to no rather
than yes. Here's how the smb.conf man page describes that option: This boolean controls if the nmbd(8) <http://us3.samba.org/samba/docs/man/manpages-3/nmbd.8.html> process in Samba will act as a WINS server. You should not set this to |yes| unless you have a multi-subnetted network and you wish a particular |nmbd| to be your WINS server. Note that you should /NEVER/ set this to |yes| on more than one machine in your network. HOWEVER, setting it to No, did not fix this problem: User joeblow with invalid SID user 'joeblow' (form session setup) not permitted to access this share (home) Wes Helmut Hullen wrote: > Hallo, Wes, > > Du (wmodes) meintest am 12.05.08: > > > >> It seems that the %U variable, causes Samba to do a >> lookup_global_sam_name which fails. >> > > >> [root@fileserver]# smbclient -Ujoeblow >> '\\edgar.library.ucsc.edu\home' xxxxxxxx >> tree connect failed: NT_STATUS_ACCESS_DENIED >> > > I've seen this message when "winbindd" is running - my samba server (now > 3.0.28a) doesn't need "winbindd". It's the one and only server. > > Viele Gruesse! > Helmut > -- Wes Modes Server Administrator & Programmer Analyst McHenry Library Computing & Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User SID problem with home directory
by Helmut Hullen
::
Rate this Message:
Hallo, Wes,
Du (wmodes) meintest am 12.05.08: >>> It seems that the %U variable, causes Samba to do a >>> lookup_global_sam_name which fails. >>> [root@fileserver]# smbclient -Ujoeblow >>> '\\edgar.library.ucsc.edu\home' xxxxxxxx >>> tree connect failed: NT_STATUS_ACCESS_DENIED >> I've seen this message when "winbindd" is running - my samba server >> (now 3.0.28a) doesn't need "winbindd". It's the one and only server. > You are correct that I should have had "wins support" set to no > rather than yes. Here's how the smb.conf man page describes that Do you need "winbindd"? Works the system even with no running "winbindd"? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User invalid SID with home directory - Bueller?
by Wes Modes
::
Rate this Message:
So even though I see this popping up in tons of posts, no one has
encountered it and successfully solved the problem or can illuminate the issue? Here's what I did not knowing what else to do: 1. Deleted the account. (smbldap-userdel) 2. Recreated the account (smbldap-useradd) 3. Searched for any files owned by the old user, and chown'd them to the new user It is not an elegant solution, but it is the only one I have now. So far I haven't gotten any accounts that have had the problem reoccur. But I'm waiting to see. Wes Wes Modes wrote: > I'm having the problem in which users can access their group shares, > but not their home shares. These two shares are defined thusly in > smb.conf: > > [seref] > comment = Science & Engineering Reference Section > path = /data/group/seref > valid users = @seref, @seref-read, @admin > read list = @seref-read > write list = @seref, @admin > force group = seref > create mask = 0664 > directory mask = 0770 > > [home] > comment = %u's Personal Share Directory > path = /data/home/%U > valid users = %U, @admin > write list = %U, @admin > create mask = 0600 > directory mask = 0700 > browseable = No > > > It seems that the %U variable, causes Samba to do a > lookup_global_sam_name which fails. > [root@fileserver]# smbclient -Ujoeblow > '\\edgar.library.ucsc.edu\home' xxxxxxxx > tree connect failed: NT_STATUS_ACCESS_DENIED > > > Here's the relevant section of the log: > > passdb/pdb_ldap.c:init_sam_from_ldap(545) > init_sam_from_ldap: Entry found for user: joeblow > passdb/pdb_ldap.c:init_group_from_ldap(2158) > init_group_from_ldap: Entry found for group: 30023 > passdb/passdb.c:lookup_global_sam_name(596) > User joeblow with invalid SID > S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb > passdb/pdb_ldap.c:init_group_from_ldap(2158) > init_group_from_ldap: Entry found for group: 1001 > smbd/service.c:make_connection_snum(616) > user 'joeblow' (from session setup) not permitted to access this > share (home) > > > Please note that I am not using the ADS security model, nor do I care > to at the moment. Here's the significant part of my smb.conf: > > ### Basic information for server > workgroup = MCHSTAFF > netbios name = EDGAR > server string = Library Samba Server > hosts allow = 169.233. > hosts allow = 128.114. > enable privileges = yes > security = user > encrypt passwords = yes > preferred master = yes > domain master = yes > domain logons = yes > local master = yes > username map = /etc/samba/smbusers > logon path = > wins support = yes > dns proxy = no > > So why I am I getting the failure "User joeblow with invalid SID"? > > Wes > > -- Wes Modes Server Administrator & Programmer Analyst McHenry Library Computing & Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User invalid SID with home directory - Bueller?
by Charlie-77
::
Rate this Message:
If you do a "net getlocalsid" at your shell prompt on the samba server
that hosts the share, does the preamble of the SID returned match that of the SID you see in your error messages? I'm betting not... --Charlie On Tue, May 13, 2008 at 2:39 PM, Wes Modes <wmodes@...> wrote: > So even though I see this popping up in tons of posts, no one has > encountered it and successfully solved the problem or can illuminate the > issue? > > Here's what I did not knowing what else to do: > > 1. Deleted the account. (smbldap-userdel) > 2. Recreated the account (smbldap-useradd) > 3. Searched for any files owned by the old user, and chown'd them to > the new user > > It is not an elegant solution, but it is the only one I have now. So far I > haven't gotten any accounts that have had the problem reoccur. But I'm > waiting to see. > > Wes > > > Wes Modes wrote: > > > I'm having the problem in which users can access their group shares, but > not their home shares. These two shares are defined thusly in smb.conf: > > > > [seref] > > comment = Science & Engineering Reference Section > > path = /data/group/seref > > valid users = @seref, @seref-read, @admin > > read list = @seref-read > > write list = @seref, @admin > > force group = seref > > create mask = 0664 > > directory mask = 0770 > > > > [home] > > comment = %u's Personal Share Directory > > path = /data/home/%U > > valid users = %U, @admin > > write list = %U, @admin > > create mask = 0600 > > directory mask = 0700 > > browseable = No > > > > > > It seems that the %U variable, causes Samba to do a lookup_global_sam_name > which fails. > > [root@fileserver]# smbclient -Ujoeblow > > '\\edgar.library.ucsc.edu\home' xxxxxxxx > > tree connect failed: NT_STATUS_ACCESS_DENIED > > > > > > Here's the relevant section of the log: > > > > passdb/pdb_ldap.c:init_sam_from_ldap(545) > > init_sam_from_ldap: Entry found for user: joeblow > > passdb/pdb_ldap.c:init_group_from_ldap(2158) > > init_group_from_ldap: Entry found for group: 30023 > > passdb/passdb.c:lookup_global_sam_name(596) > > User joeblow with invalid SID > > S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb > > passdb/pdb_ldap.c:init_group_from_ldap(2158) > > init_group_from_ldap: Entry found for group: 1001 > > smbd/service.c:make_connection_snum(616) > > user 'joeblow' (from session setup) not permitted to access this > > share (home) > > > > > > Please note that I am not using the ADS security model, nor do I care to > at the moment. Here's the significant part of my smb.conf: > > > > ### Basic information for server > > workgroup = MCHSTAFF > > netbios name = EDGAR > > server string = Library Samba Server > > hosts allow = 169.233. > > hosts allow = 128.114. > > enable privileges = yes > > security = user > > encrypt passwords = yes > > preferred master = yes > > domain master = yes > > domain logons = yes > > local master = yes > > username map = /etc/samba/smbusers > > logon path = > > wins support = yes > > dns proxy = no > > > > So why I am I getting the failure "User joeblow with invalid SID"? > > > > Wes > > > > > > > > -- > > Wes Modes > Server Administrator & Programmer Analyst > McHenry Library > Computing & Network Services > Information and Technology Services > 459-5208 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User invalid SID with home directory - Bueller?
by Wes Modes
::
Rate this Message:
It does not. But then the SID of each user doesn't match those of each
other either. I've seen that asked before, but are you sure the machine's SID and every user SID should be the same? W. Charlie wrote: > If you do a "net getlocalsid" at your shell prompt on the samba server > that hosts the share, does the preamble of the SID returned match that > of the SID you see in your error messages? > > I'm betting not... > > --Charlie > > On Tue, May 13, 2008 at 2:39 PM, Wes Modes <wmodes@...> wrote: > >> So even though I see this popping up in tons of posts, no one has >> encountered it and successfully solved the problem or can illuminate the >> issue? >> >> Here's what I did not knowing what else to do: >> >> 1. Deleted the account. (smbldap-userdel) >> 2. Recreated the account (smbldap-useradd) >> 3. Searched for any files owned by the old user, and chown'd them to >> the new user >> >> It is not an elegant solution, but it is the only one I have now. So far I >> haven't gotten any accounts that have had the problem reoccur. But I'm >> waiting to see. >> >> Wes >> >> >> Wes Modes wrote: >> >> >>> I'm having the problem in which users can access their group shares, but >>> >> not their home shares. These two shares are defined thusly in smb.conf: >> >>> [seref] >>> comment = Science & Engineering Reference Section >>> path = /data/group/seref >>> valid users = @seref, @seref-read, @admin >>> read list = @seref-read >>> write list = @seref, @admin >>> force group = seref >>> create mask = 0664 >>> directory mask = 0770 >>> >>> [home] >>> comment = %u's Personal Share Directory >>> path = /data/home/%U >>> valid users = %U, @admin >>> write list = %U, @admin >>> create mask = 0600 >>> directory mask = 0700 >>> browseable = No >>> >>> >>> It seems that the %U variable, causes Samba to do a lookup_global_sam_name >>> >> which fails. >> >>> [root@fileserver]# smbclient -Ujoeblow >>> '\\edgar.library.ucsc.edu\home' xxxxxxxx >>> tree connect failed: NT_STATUS_ACCESS_DENIED >>> >>> >>> Here's the relevant section of the log: >>> >>> passdb/pdb_ldap.c:init_sam_from_ldap(545) >>> init_sam_from_ldap: Entry found for user: joeblow >>> passdb/pdb_ldap.c:init_group_from_ldap(2158) >>> init_group_from_ldap: Entry found for group: 30023 >>> passdb/passdb.c:lookup_global_sam_name(596) >>> User joeblow with invalid SID >>> S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb >>> passdb/pdb_ldap.c:init_group_from_ldap(2158) >>> init_group_from_ldap: Entry found for group: 1001 >>> smbd/service.c:make_connection_snum(616) >>> user 'joeblow' (from session setup) not permitted to access this >>> share (home) >>> >>> >>> Please note that I am not using the ADS security model, nor do I care to >>> >> at the moment. Here's the significant part of my smb.conf: >> >>> ### Basic information for server >>> workgroup = MCHSTAFF >>> netbios name = EDGAR >>> server string = Library Samba Server >>> hosts allow = 169.233. >>> hosts allow = 128.114. >>> enable privileges = yes >>> security = user >>> encrypt passwords = yes >>> preferred master = yes >>> domain master = yes >>> domain logons = yes >>> local master = yes >>> username map = /etc/samba/smbusers >>> logon path = >>> wins support = yes >>> dns proxy = no >>> >>> So why I am I getting the failure "User joeblow with invalid SID"? >>> >>> Wes >>> >>> >>> >>> >> -- >> >> Wes Modes >> Server Administrator & Programmer Analyst >> McHenry Library >> Computing & Network Services >> Information and Technology Services >> 459-5208 >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> >> -- Wes Modes Server Administrator & Programmer Analyst McHenry Library Computing & Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User invalid SID with home directory - Bueller?
by Charlie-77
::
Rate this Message:
The first part of any SID is the domain portion. It should be pretty
constant throughout your domain as I understand things. When dealing with users and groups, the bit after the last dash is the RID or relative ID and it must be unique within the domain. Really really unique! If samba created your user & group sids the groups will be odd-numbered and users will be even-numbered. So, for example, the domain SID for my domain looks somewhat like this: SID for domain DARKAGES is: S-1-5-21-267844371-1268535915-2638854549 And the SID for my PDC and BDCs are exactly the same, although other servers (that are not either PDCs or BDCs) have their own unique SIDs. My personal SID looks like this: S-1-5-21-267844371-1268535915-2638854549-1802 Notice my RID of 1802 on the end there? I have a uidNumber of 401 on the POSIX side. The beginning bit seems to define my domain membership, though. If I change the domain SID on my PDC with "net setlocalsid" I can no longer log in using my own account, apparently because I do not have the right SID. There are ways to get around that involving winbind and/or domain trust accounts - but I can't explain those things because I don't understand them either. My knowledge of CIFS and samba is pretty shallow. We may be off in the weeds here, though - you should check out samba's automagical [homes] share and see if you can make it do what you want without having to do the %U thing. --Charlie On Wed, May 14, 2008 at 6:23 PM, Wes Modes <wmodes@...> wrote: > It does not. But then the SID of each user doesn't match those of each other > either. I've seen that asked before, but are you sure the machine's SID and > every user SID should be the same? > > W. > > Charlie wrote: > > If you do a "net getlocalsid" at your shell prompt on the samba server > that hosts the share, does the preamble of the SID returned match that > of the SID you see in your error messages? > > I'm betting not... > > --Charlie > > On Tue, May 13, 2008 at 2:39 PM, Wes Modes <wmodes@...> wrote: > > > So even though I see this popping up in tons of posts, no one has > encountered it and successfully solved the problem or can illuminate the > issue? > > Here's what I did not knowing what else to do: > > 1. Deleted the account. (smbldap-userdel) > 2. Recreated the account (smbldap-useradd) > 3. Searched for any files owned by the old user, and chown'd them to > the new user > > It is not an elegant solution, but it is the only one I have now. So far I > haven't gotten any accounts that have had the problem reoccur. But I'm > waiting to see. > > Wes > > > Wes Modes wrote: > > > > I'm having the problem in which users can access their group shares, but > > > not their home shares. These two shares are defined thusly in smb.conf: > > > [seref] > comment = Science & Engineering Reference Section > path = /data/group/seref > valid users = @seref, @seref-read, @admin > read list = @seref-read > write list = @seref, @admin > force group = seref > create mask = 0664 > directory mask = 0770 > > [home] > comment = %u's Personal Share Directory > path = /data/home/%U > valid users = %U, @admin > write list = %U, @admin > create mask = 0600 > directory mask = 0700 > browseable = No > > > It seems that the %U variable, causes Samba to do a lookup_global_sam_name > > > which fails. > > > [root@fileserver]# smbclient -Ujoeblow > '\\edgar.library.ucsc.edu\home' xxxxxxxx > tree connect failed: NT_STATUS_ACCESS_DENIED > > > Here's the relevant section of the log: > > passdb/pdb_ldap.c:init_sam_from_ldap(545) > init_sam_from_ldap: Entry found for user: joeblow > passdb/pdb_ldap.c:init_group_from_ldap(2158) > init_group_from_ldap: Entry found for group: 30023 > passdb/passdb.c:lookup_global_sam_name(596) > User joeblow with invalid SID > S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb > passdb/pdb_ldap.c:init_group_from_ldap(2158) > init_group_from_ldap: Entry found for group: 1001 > smbd/service.c:make_connection_snum(616) > user 'joeblow' (from session setup) not permitted to access this > share (home) > > > Please note that I am not using the ADS security model, nor do I care to > > > at the moment. Here's the significant part of my smb.conf: > > > ### Basic information for server > workgroup = MCHSTAFF > netbios name = EDGAR > server string = Library Samba Server > hosts allow = 169.233. > hosts allow = 128.114. > enable privileges = yes > security = user > encrypt passwords = yes > preferred master = yes > domain master = yes > domain logons = yes > local master = yes > username map = /etc/samba/smbusers > logon path = > wins support = yes > dns proxy = no > > So why I am I getting the failure "User joeblow with invalid SID"? > > Wes > > > > > > -- > > Wes Modes > Server Administrator & Programmer Analyst > McHenry Library > Computing & Network Services > Information and Technology Services > 459-5208 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > -- > > Wes Modes > Server Administrator & Programmer Analyst > McHenry Library > Computing & Network Services > Information and Technology Services > 459-5208 To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
|
|
Re: User invalid SID with home directory - Bueller?
by Wes Modes
::
Rate this Message:
The [homes] share is configured similarly to the [home] share, though
one would mount it different: \\fileserver.ucsc.edu\home for the [home] share \\fileserver.ucsc.edu\wmodes for the [homes] share and for users who have the problem, they have the SID problem in mounting both shares. On my server, even for those accounts that work fine, there is little similarity in the SID for the domain and the user's SambaSID, and the SambaPrimaryGroupSID. I am beginning to suspect, I reset the machine SID after I created many of my accounts. And so the old SID somewhere somehow encoded within the user's old SambaSID turns up as invalid. If anybody knows how to specify that I can trust these accounts so I don't have the SID problem, that'd be swell. W. Charlie wrote: > The first part of any SID is the domain portion. It should be pretty > constant throughout your domain as I understand things. When dealing > with users and groups, the bit after the last dash is the RID or > relative ID and it must be unique within the domain. Really really > unique! If samba created your user & group sids the groups will be > odd-numbered and users will be even-numbered. > > So, for example, the domain SID for my domain looks somewhat like this: > > SID for domain DARKAGES is: S-1-5-21-267844371-1268535915-2638854549 > > And the SID for my PDC and BDCs are exactly the same, although other > servers (that are not either PDCs or BDCs) have their own unique SIDs. > > My personal SID looks like this: S-1-5-21-267844371-1268535915-2638854549-1802 > > Notice my RID of 1802 on the end there? I have a uidNumber of 401 on > the POSIX side. The beginning bit seems to define my domain > membership, though. > > If I change the domain SID on my PDC with "net setlocalsid" I can no > longer log in using my own account, apparently because I do not have > the right SID. There are ways to get around that involving winbind > and/or domain trust accounts - but I can't explain those things > because I don't understand them either. My knowledge of CIFS and > samba is pretty shallow. > > We may be off in the weeds here, though - you should check out samba's > automagical [homes] share and see if you can make it do what you want > without having to do the %U thing. > > --Charlie > > On Wed, May 14, 2008 at 6:23 PM, Wes Modes <wmodes@...> wrote: > >> It does not. But then the SID of each user doesn't match those of each other >> either. I've seen that asked before, but are you sure the machine's SID and >> every user SID should be the same? >> >> W. >> >> Charlie wrote: >> >> If you do a "net getlocalsid" at your shell prompt on the samba server >> that hosts the share, does the preamble of the SID returned match that >> of the SID you see in your error messages? >> >> I'm betting not... >> >> --Charlie >> >> On Tue, May 13, 2008 at 2:39 PM, Wes Modes <wmodes@...> wrote: >> >> >> So even though I see this popping up in tons of posts, no one has >> encountered it and successfully solved the problem or can illuminate the >> issue? >> >> Here's what I did not knowing what else to do: >> >> 1. Deleted the account. (smbldap-userdel) >> 2. Recreated the account (smbldap-useradd) >> 3. Searched for any files owned by the old user, and chown'd them to >> the new user >> >> It is not an elegant solution, but it is the only one I have now. So far I >> haven't gotten any accounts that have had the problem reoccur. But I'm >> waiting to see. >> >> Wes >> >> >> Wes Modes wrote: >> >> >> >> I'm having the problem in which users can access their group shares, but >> >> >> not their home shares. These two shares are defined thusly in smb.conf: >> >> >> [seref] >> comment = Science & Engineering Reference Section >> path = /data/group/seref >> valid users = @seref, @seref-read, @admin >> read list = @seref-read >> write list = @seref, @admin >> force group = seref >> create mask = 0664 >> directory mask = 0770 >> >> [home] >> comment = %u's Personal Share Directory >> path = /data/home/%U >> valid users = %U, @admin >> write list = %U, @admin >> create mask = 0600 >> directory mask = 0700 >> browseable = No >> >> >> It seems that the %U variable, causes Samba to do a lookup_global_sam_name >> >> >> which fails. >> >> >> [root@fileserver]# smbclient -Ujoeblow >> '\\edgar.library.ucsc.edu\home' xxxxxxxx >> tree connect failed: NT_STATUS_ACCESS_DENIED >> >> >> Here's the relevant section of the log: >> >> passdb/pdb_ldap.c:init_sam_from_ldap(545) >> init_sam_from_ldap: Entry found for user: joeblow >> passdb/pdb_ldap.c:init_group_from_ldap(2158) >> init_group_from_ldap: Entry found for group: 30023 >> passdb/passdb.c:lookup_global_sam_name(596) >> User joeblow with invalid SID >> S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb >> passdb/pdb_ldap.c:init_group_from_ldap(2158) >> init_group_from_ldap: Entry found for group: 1001 >> smbd/service.c:make_connection_snum(616) >> user 'joeblow' (from session setup) not permitted to access this >> share (home) >> >> >> Please note that I am not using the ADS security model, nor do I care to >> >> >> at the moment. Here's the significant part of my smb.conf: >> >> >> ### Basic information for server >> workgroup = MCHSTAFF >> netbios name = EDGAR >> server string = Library Samba Server >> hosts allow = 169.233. >> hosts allow = 128.114. >> enable privileges = yes >> security = user >> encrypt passwords = yes >> preferred master = yes >> domain master = yes >> domain logons = yes >> local master = yes >> username map = /etc/samba/smbusers >> logon path = >> wins support = yes >> dns proxy = no >> >> So why I am I getting the failure "User joeblow with invalid SID"? >> >> Wes >> >> >> >> >> >> -- >> >> Wes Modes >> Server Administrator & Programmer Analyst >> McHenry Library >> Computing & Network Services >> Information and Technology Services >> 459-5208 >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> >> >> >> -- >> >> Wes Modes >> Server Administrator & Programmer Analyst >> McHenry Library >> Computing & Network Services >> Information and Technology Services >> 459-5208 >> -- Wes Modes Server Administrator & Programmer Analyst McHenry Library Computing & Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |
| Free Forum Powered by Nabble | Forum Help |