Helpp! :) We didn't catch this in testing and now it's killing me in
production!
I'm getting stuck with my fresh build of Samba 3.6.10. It isn't honoring
groups specified in the valid users clause of the share configuration.
I'm running in security = SHARE mode, and user authentication is working just
fine. Even if I specify individual users on the valid users = line, it works.
Just not groups.
Here's my configuration:
# Samba config file created using SWAT
# from UNKNOWN (10.33.224.61)
# Date: 2013/01/21 10:00:00
[global]
interfaces = 10.33.72.67/22, 127.0.0.1
bind interfaces only = Yes
security = SHARE
encrypt passwords = No
log level = 3
os level = 8
local master = No
domain master = No
idmap config * : range =
idmap config * : backend = tdb
[testshare]
path = /testshare
valid users = +titan, benhu
read only = No
I'm in the group 'titan' also. Here's the log I get at log level = 3:
[2013/01/21 10:03:05.928101, 3] param/loadparm.c:9572(lp_load_ex)
lp_load_ex: refreshing parameters
[2013/01/21 10:03:05.928257, 3] param/loadparm.c:5192(init_globals)
Initialising global parameters
[2013/01/21 10:03:05.928594, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file
"/etc/samba-3.6.10/smb.conf"
[2013/01/21 10:03:05.928696, 3] param/loadparm.c:8310(do_section)
Processing section "[global]"
[2013/01/21 10:03:05.929629, 2] param/loadparm.c:8327(do_section)
Processing section "[testshare]"
[2013/01/21 10:03:05.929862, 3] param/loadparm.c:6630(lp_add_ipc)
adding IPC service
[2013/01/21 10:03:05.929926, 1] param/loadparm.c:9670(lp_load_ex)
WARNING: The security=share option is deprecated
[2013/01/21 10:03:05.930333, 2] lib/interface.c:479(interpret_interface)
interpret_interface: Adding interface 10.33.72.67/22
[2013/01/21 10:03:05.930401, 2] lib/interface.c:341(add_interface)
added interface 10.33.72.67/22 ip=10.33.72.67 bcast=10.33.75.255
netmask=255.255.252.0
[2013/01/21 10:03:05.930493, 2] lib/interface.c:341(add_interface)
added interface lo0 ip=127.0.0.1 bcast=127.242.234.223 netmask=
[2013/01/21 10:03:05.930626, 3] lib/access.c:338(allow_access)
Allowed connection from 10.33.75.164 (10.33.75.164)
[2013/01/21 10:03:05.930715, 3] smbd/oplock.c:922(init_oplocks)
init_oplocks: initializing messages.
[2013/01/21 10:03:05.930887, 3] smbd/process.c:1662(process_smb)
Transaction 0 of length 159 (0 toread)
[2013/01/21 10:03:05.930970, 3] smbd/process.c:1467(switch_message)
switch message SMBnegprot (pid 7864494) conn 0x0
[2013/01/21 10:03:05.931110, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2013/01/21 10:03:05.931178, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [LANMAN1.0]
[2013/01/21 10:03:05.931245, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2013/01/21 10:03:05.931313, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [LM1.2X002]
[2013/01/21 10:03:05.931379, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [LANMAN2.1]
[2013/01/21 10:03:05.931445, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [NT LM 0.12]
[2013/01/21 10:03:05.931511, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [SMB 2.002]
[2013/01/21 10:03:05.931577, 3] smbd/negprot.c:598(reply_negprot)
Requested protocol [SMB 2.???]
[2013/01/21 10:03:05.931749, 3] smbd/negprot.c:401(reply_nt1)
not using SPNEGO
[2013/01/21 10:03:05.931811, 3] smbd/negprot.c:704(reply_negprot)
Selected protocol NT LM 0.12
[2013/01/21 10:03:05.933695, 3] smbd/process.c:1662(process_smb)
Transaction 1 of length 176 (0 toread)
[2013/01/21 10:03:05.933776, 3] smbd/process.c:1467(switch_message)
switch message SMBsesssetupX (pid 7864494) conn 0x0
[2013/01/21 10:03:05.933865, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
wct=13 flg2=0xc807
[2013/01/21 10:03:05.933953, 3] smbd/sesssetup.c:1536(reply_sesssetup_and_X)
Domain=[10.33.72.67] NativeOS=[] NativeLanMan=[] PrimaryDomain=[null]
[2013/01/21 10:03:05.934049, 2] smbd/sesssetup.c:1279(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2013/01/21 10:03:05.934111, 3] smbd/sesssetup.c:1552(reply_sesssetup_and_X)
sesssetupX:name=[10.33.72.67]\[benhu]@[10.33.75.164]
[2013/01/21 10:03:05.934785, 3] smbd/sesssetup.c:151(check_guest_password)
Got anonymous request
[2013/01/21 10:03:05.934884, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the
new password interface
[2013/01/21 10:03:05.934976, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: []\[]@[]
[2013/01/21 10:03:05.935069, 3] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: guest authentication for user [] succeeded
[2013/01/21 10:03:05