[Samba] User SID problem with home directory
Wes Modes
wmodes at ucsc.edu
Mon May 12 19:26:45 GMT 2008
I'm having the problem in which users can access their group shares, but
not their home shares. These two shares are defined thusly in smb.conf:
[seref]
comment = Science & Engineering Reference Section
path = /data/group/seref
valid users = @seref, @seref-read, @admin
read list = @seref-read
write list = @seref, @admin
force group = seref
create mask = 0664
directory mask = 0770
[home]
comment = %u's Personal Share Directory
path = /data/home/%U
valid users = %U, @admin
write list = %U, @admin
create mask = 0600
directory mask = 0700
browseable = No
It seems that the %U variable, causes Samba to do a
lookup_global_sam_name which fails.
[root at fileserver]# smbclient -Ujoeblow
'\\edgar.library.ucsc.edu\home' xxxxxxxx
tree connect failed: NT_STATUS_ACCESS_DENIED
Here's the relevant section of the log:
passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: joeblow
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 30023
passdb/passdb.c:lookup_global_sam_name(596)
User joeblow with invalid SID
S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
passdb/pdb_ldap.c:init_group_from_ldap(2158)
init_group_from_ldap: Entry found for group: 1001
smbd/service.c:make_connection_snum(616)
user 'joeblow' (from session setup) not permitted to access this
share (home)
Please note that I am not using the ADS security model, nor do I care to
at the moment. Here's the significant part of my smb.conf:
### Basic information for server
workgroup = MCHSTAFF
netbios name = EDGAR
server string = Library Samba Server
hosts allow = 169.233.
hosts allow = 128.114.
enable privileges = yes
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
username map = /etc/samba/smbusers
logon path =
wins support = yes
dns proxy = no
So why I am I getting the failure "User joeblow with invalid SID"?
Wes
--
Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
More information about the samba
mailing list