[Samba] User SID problem with home directory

Date: Mon, 12 May 2008 12:26:45 -0700
From: Wes Modes <wmodes@xxxxxxxx>
Subject: [Samba] User SID problem with home directory

I'm having the problem in which users can access their group shares, butnot their home shares. These two shares are defined thusly in smb.conf:


   [seref]
           comment = Science & Engineering Reference Section
           path = /data/group/seref
           valid users = @seref, @seref-read, @admin
           read list = @seref-read
           write list = @seref, @admin
           force group = seref
           create mask = 0664
           directory mask = 0770

   [home]
           comment = %u's Personal Share Directory
           path = /data/home/%U
           valid users = %U, @admin
           write list = %U, @admin
           create mask = 0600
           directory mask = 0700
           browseable = No

It seems that the %U variable, causes Samba to do alookup_global_sam_name which fails.

   [root@fileserver]# smbclient -Ujoeblow
   '\\edgar.library.ucsc.edu\home' xxxxxxxx
          tree connect failed: NT_STATUS_ACCESS_DENIED


Here's the relevant section of the log:

   passdb/pdb_ldap.c:init_sam_from_ldap(545)
       init_sam_from_ldap: Entry found for user: joeblow
   passdb/pdb_ldap.c:init_group_from_ldap(2158)
       init_group_from_ldap: Entry found for group: 30023
   passdb/passdb.c:lookup_global_sam_name(596)
       User joeblow with invalid SID
   S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
   passdb/pdb_ldap.c:init_group_from_ldap(2158)
     init_group_from_ldap: Entry found for group: 1001
   smbd/service.c:make_connection_snum(616)
       user 'joeblow' (from session setup) not permitted to access this
   share (home)

Please note that I am not using the ADS security model, nor do I care toat the moment. Here's the significant part of my smb.conf:


   ### Basic information for server
           workgroup = MCHSTAFF
           netbios name = EDGAR
           server string = Library Samba Server
           hosts allow = 169.233.
           hosts allow = 128.114.
           enable privileges = yes
           security = user
           encrypt passwords = yes
           preferred master = yes
           domain master = yes
           domain logons = yes
           local master = yes
           username map = /etc/samba/smbusers
           logon path =
           wins support = yes
           dns proxy = no

So why I am I getting the failure "User joeblow with invalid SID"?

Wes


--

Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Follow-Ups:
- Re: [Samba] User invalid SID with home directory - Bueller?
  - From: Wes Modes
- Re: [Samba] User SID problem with home directory
  - From: Helmut Hullen

Prev by Date: Re: [Samba] Users SID problem
Next by Date: Re: [Samba] User SID problem with home directory
Previous by thread: [Samba] solaris 8 native ldap support
Next by thread: Re: [Samba] User SID problem with home directory
Index(es):
- Date
- Thread

lists-archives.org

[Samba] User SID problem with home directory