Web lists-archives.org

Re: [Samba] User invalid SID with home directory - Bueller?

It does not. But then the SID of each user doesn't match those of each other either. I've seen that asked before, but are you sure the machine's SID and every user SID should be the same? 

W.

Charlie wrote:

If you do a "net getlocalsid" at your shell prompt on the samba server
that hosts the share, does the preamble of the SID returned match that
of the SID you see in your error messages?

I'm betting not...

--Charlie

On Tue, May 13, 2008 at 2:39 PM, Wes Modes <wmodes@xxxxxxxx> wrote:

So even though I see this popping up in tons of posts, no one has
encountered it and successfully solved the problem or can illuminate the
issue?

 Here's what I did not knowing what else to do:

  1. Deleted the account.  (smbldap-userdel)
  2. Recreated the account  (smbldap-useradd)
  3. Searched for any files owned by the old user, and chown'd them to
     the new user

 It is not an elegant solution, but it is the only one I have now.  So far I
haven't gotten any accounts that have had the problem reoccur.  But I'm
waiting to see.

 Wes


 Wes Modes wrote:


I'm having the problem in which users can access their group shares, but

not their home shares.  These two shares are defined thusly in smb.conf:

  [seref]
          comment = Science & Engineering Reference Section
          path = /data/group/seref
          valid users = @seref, @seref-read, @admin
          read list = @seref-read
          write list = @seref, @admin
          force group = seref
          create mask = 0664
          directory mask = 0770

  [home]
          comment = %u's Personal Share Directory
          path = /data/home/%U
          valid users = %U, @admin
          write list = %U, @admin
          create mask = 0600
          directory mask = 0700
          browseable = No


It seems that the %U variable, causes Samba to do a lookup_global_sam_name

which fails.

  [root@fileserver]# smbclient -Ujoeblow
  '\\edgar.library.ucsc.edu\home' xxxxxxxx
         tree connect failed: NT_STATUS_ACCESS_DENIED


Here's the relevant section of the log:

  passdb/pdb_ldap.c:init_sam_from_ldap(545)
      init_sam_from_ldap: Entry found for user: joeblow
  passdb/pdb_ldap.c:init_group_from_ldap(2158)
      init_group_from_ldap: Entry found for group: 30023
  passdb/passdb.c:lookup_global_sam_name(596)
      User joeblow with invalid SID
  S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
  passdb/pdb_ldap.c:init_group_from_ldap(2158)
    init_group_from_ldap: Entry found for group: 1001
  smbd/service.c:make_connection_snum(616)
      user 'joeblow' (from session setup) not permitted to access this
  share (home)


Please note that I am not using the ADS security model, nor do I care to

at the moment.  Here's the significant part of my smb.conf:

  ### Basic information for server
          workgroup = MCHSTAFF
          netbios name = EDGAR
          server string = Library Samba Server
          hosts allow = 169.233.
          hosts allow = 128.114.
          enable privileges = yes
          security = user
          encrypt passwords = yes
          preferred master = yes
          domain master = yes
          domain logons = yes
          local master = yes
          username map = /etc/samba/smbusers
          logon path =
          wins support = yes
          dns proxy = no

So why I am I getting the failure "User joeblow with invalid SID"?

Wes




 --

 Wes Modes
 Server Administrator & Programmer Analyst
 McHenry Library
 Computing & Network Services
 Information and Technology Services
 459-5208
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba



--

Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba