[Samba] User SID problem with home directory

Wes Modes wmodes at ucsc.edu
Mon May 12 19:26:45 GMT 2008 

I'm having the problem in which users can access their group shares, but 
not their home shares.  These two shares are defined thusly in smb.conf:

    [seref]
            comment = Science & Engineering Reference Section
            path = /data/group/seref
            valid users = @seref, @seref-read, @admin
            read list = @seref-read
            write list = @seref, @admin
            force group = seref
            create mask = 0664
            directory mask = 0770

    [home]
            comment = %u's Personal Share Directory
            path = /data/home/%U
            valid users = %U, @admin
            write list = %U, @admin
            create mask = 0600
            directory mask = 0700
            browseable = No


It seems that the %U variable, causes Samba to do a 
lookup_global_sam_name which fails. 

    [root at fileserver]# smbclient -Ujoeblow
    '\\edgar.library.ucsc.edu\home' xxxxxxxx
           tree connect failed: NT_STATUS_ACCESS_DENIED


Here's the relevant section of the log:

    passdb/pdb_ldap.c:init_sam_from_ldap(545)
        init_sam_from_ldap: Entry found for user: joeblow
    passdb/pdb_ldap.c:init_group_from_ldap(2158)
        init_group_from_ldap: Entry found for group: 30023
    passdb/passdb.c:lookup_global_sam_name(596)
        User joeblow with invalid SID
    S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
    passdb/pdb_ldap.c:init_group_from_ldap(2158)
      init_group_from_ldap: Entry found for group: 1001
    smbd/service.c:make_connection_snum(616)
        user 'joeblow' (from session setup) not permitted to access this
    share (home)


Please note that I am not using the ADS security model, nor do I care to 
at the moment.  Here's the significant part of my smb.conf:

    ### Basic information for server
            workgroup = MCHSTAFF
            netbios name = EDGAR
            server string = Library Samba Server
            hosts allow = 169.233.
            hosts allow = 128.114.
            enable privileges = yes
            security = user
            encrypt passwords = yes
            preferred master = yes
            domain master = yes
            domain logons = yes
            local master = yes
            username map = /etc/samba/smbusers
            logon path =
            wins support = yes
            dns proxy = no

So why I am I getting the failure "User joeblow with invalid SID"?

Wes


-- 

Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208

More information about the samba mailing list