So even though I see this popping up in tons of posts, no one has
encountered it and successfully solved the problem or can illuminate the
issue?
Here's what I did not knowing what else to do:
1. Deleted the account. (smbldap-userdel)
2. Recreated the account (smbldap-useradd)
3. Searched for any files owned by the old user, and chown'd them to
the new user
It is not an elegant solution, but it is the only one I have now. So
far I haven't gotten any accounts that have had the problem reoccur.
But I'm waiting to see.
Wes
Wes Modes wrote:
I'm having the problem in which users can access their group shares,
but not their home shares. These two shares are defined thusly in
smb.conf:
[seref]
comment = Science & Engineering Reference Section
path = /data/group/seref
valid users = @seref, @seref-read, @admin
read list = @seref-read
write list = @seref, @admin
force group = seref
create mask = 0664
directory mask = 0770
[home]
comment = %u's Personal Share Directory
path = /data/home/%U
valid users = %U, @admin
write list = %U, @admin
create mask = 0600
directory mask = 0700
browseable = No
It seems that the %U variable, causes Samba to do a
lookup_global_sam_name which fails.
[EMAIL PROTECTED] smbclient -Ujoeblow
'\\edgar.library.ucsc.edu\home' xxxxxxxx
tree connect failed: NT_STATUS_ACCESS_DENIED
Here's the relevant section of the log:
passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: joeblow
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 30023
passdb/passdb.c:lookup_global_sam_name(596)
User joeblow with invalid SID
S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 1001
smbd/service.c:make_connection_snum(616)
user 'joeblow' (from session setup) not permitted to access this
share (home)
Please note that I am not using the ADS security model, nor do I care
to at the moment. Here's the significant part of my smb.conf:
### Basic information for server
workgroup = MCHSTAFF
netbios name = EDGAR
server string = Library Samba Server
hosts allow = 169.233.
hosts allow = 128.114.
enable privileges = yes
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
username map = /etc/samba/smbusers
logon path =
wins support = yes
dns proxy = no
So why I am I getting the failure "User joeblow with invalid SID"?
Wes
--
Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
