It does not. But then the SID of each user doesn't match those of each
other either. I've seen that asked before, but are you sure the
machine's SID and every user SID should be the same?
W.
Charlie wrote:
If you do a "net getlocalsid" at your shell prompt on the samba server
that hosts the share, does the preamble of the SID returned match that
of the SID you see in your error messages?
I'm betting not...
--Charlie
On Tue, May 13, 2008 at 2:39 PM, Wes Modes <[EMAIL PROTECTED]> wrote:
So even though I see this popping up in tons of posts, no one has
encountered it and successfully solved the problem or can illuminate the
issue?
Here's what I did not knowing what else to do:
1. Deleted the account. (smbldap-userdel)
2. Recreated the account (smbldap-useradd)
3. Searched for any files owned by the old user, and chown'd them to
the new user
It is not an elegant solution, but it is the only one I have now. So far I
haven't gotten any accounts that have had the problem reoccur. But I'm
waiting to see.
Wes
Wes Modes wrote:
I'm having the problem in which users can access their group shares, but
not their home shares. These two shares are defined thusly in smb.conf:
[seref]
comment = Science & Engineering Reference Section
path = /data/group/seref
valid users = @seref, @seref-read, @admin
read list = @seref-read
write list = @seref, @admin
force group = seref
create mask = 0664
directory mask = 0770
[home]
comment = %u's Personal Share Directory
path = /data/home/%U
valid users = %U, @admin
write list = %U, @admin
create mask = 0600
directory mask = 0700
browseable = No
It seems that the %U variable, causes Samba to do a lookup_global_sam_name
which fails.
[EMAIL PROTECTED] smbclient -Ujoeblow
'\\edgar.library.ucsc.edu\home' xxxxxxxx
tree connect failed: NT_STATUS_ACCESS_DENIED
Here's the relevant section of the log:
passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: joeblow
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 30023
passdb/passdb.c:lookup_global_sam_name(596)
User joeblow with invalid SID
S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 1001
smbd/service.c:make_connection_snum(616)
user 'joeblow' (from session setup) not permitted to access this
share (home)
Please note that I am not using the ADS security model, nor do I care to
at the moment. Here's the significant part of my smb.conf:
### Basic information for server
workgroup = MCHSTAFF
netbios name = EDGAR
server string = Library Samba Server
hosts allow = 169.233.
hosts allow = 128.114.
enable privileges = yes
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
username map = /etc/samba/smbusers
logon path =
wins support = yes
dns proxy = no
So why I am I getting the failure "User joeblow with invalid SID"?
Wes
--
Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
