[Samba] User SID problem with home directory
I'm having the problem in which users can access their group shares, but not their home shares. These two shares are defined thusly in smb.conf: [seref] comment = Science Engineering Reference Section path = /data/group/seref valid users = @seref, @seref-read, @admin read list = @seref-read write list = @seref, @admin force group = seref create mask = 0664 directory mask = 0770 [home] comment = %u's Personal Share Directory path = /data/home/%U valid users = %U, @admin write list = %U, @admin create mask = 0600 directory mask = 0700 browseable = No It seems that the %U variable, causes Samba to do a lookup_global_sam_name which fails. [EMAIL PROTECTED] smbclient -Ujoeblow '\\edgar.library.ucsc.edu\home' tree connect failed: NT_STATUS_ACCESS_DENIED Here's the relevant section of the log: passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: joeblow passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 30023 passdb/passdb.c:lookup_global_sam_name(596) User joeblow with invalid SID S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1001 smbd/service.c:make_connection_snum(616) user 'joeblow' (from session setup) not permitted to access this share (home) Please note that I am not using the ADS security model, nor do I care to at the moment. Here's the significant part of my smb.conf: ### Basic information for server workgroup = MCHSTAFF netbios name = EDGAR server string = Library Samba Server hosts allow = 169.233. hosts allow = 128.114. enable privileges = yes security = user encrypt passwords = yes preferred master = yes domain master = yes domain logons = yes local master = yes username map = /etc/samba/smbusers logon path = wins support = yes dns proxy = no So why I am I getting the failure User joeblow with invalid SID? Wes -- Wes Modes Server Administrator Programmer Analyst McHenry Library Computing Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User SID problem with home directory
Hallo, Wes, Du (wmodes) meintest am 12.05.08: It seems that the %U variable, causes Samba to do a lookup_global_sam_name which fails. [EMAIL PROTECTED] smbclient -Ujoeblow '\\edgar.library.ucsc.edu\home' tree connect failed: NT_STATUS_ACCESS_DENIED I've seen this message when winbindd is running - my samba server (now 3.0.28a) doesn't need winbindd. It's the one and only server. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User SID problem with home directory
You are correct that I should have had wins support set to no rather than yes. Here's how the smb.conf man page describes that option: This boolean controls if the nmbd(8) http://us3.samba.org/samba/docs/man/manpages-3/nmbd.8.html process in Samba will act as a WINS server. You should not set this to |yes| unless you have a multi-subnetted network and you wish a particular |nmbd| to be your WINS server. Note that you should /NEVER/ set this to |yes| on more than one machine in your network. HOWEVER, setting it to No, did not fix this problem: User joeblow with invalid SID user 'joeblow' (form session setup) not permitted to access this share (home) Wes Helmut Hullen wrote: Hallo, Wes, Du (wmodes) meintest am 12.05.08: It seems that the %U variable, causes Samba to do a lookup_global_sam_name which fails. [EMAIL PROTECTED] smbclient -Ujoeblow '\\edgar.library.ucsc.edu\home' tree connect failed: NT_STATUS_ACCESS_DENIED I've seen this message when winbindd is running - my samba server (now 3.0.28a) doesn't need winbindd. It's the one and only server. Viele Gruesse! Helmut -- Wes Modes Server Administrator Programmer Analyst McHenry Library Computing Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User SID problem with home directory
Hallo, Wes, Du (wmodes) meintest am 12.05.08: It seems that the %U variable, causes Samba to do a lookup_global_sam_name which fails. [EMAIL PROTECTED] smbclient -Ujoeblow '\\edgar.library.ucsc.edu\home' tree connect failed: NT_STATUS_ACCESS_DENIED I've seen this message when winbindd is running - my samba server (now 3.0.28a) doesn't need winbindd. It's the one and only server. You are correct that I should have had wins support set to no rather than yes. Here's how the smb.conf man page describes that Do you need winbindd? Works the system even with no running winbindd? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba