Valid users & SAMBA_3_0_23

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Aug 4 17:02:24 GMT 2006

On Fri, Aug 04, 2006 at 08:36:01AM -0700, Jeremy Allison wrote:
> > Since I am of the position that all domain accounts in
> > smb.conf should be fully qualified, I'd expect 'force user =
> > lizard' to resolve the to the Unix SID and not domain SID.

This depends upon whether "lizard" is in smbpasswd or not.
If it's in smbpasswd, pdb_getsampwnam will pick it up and we
get the local SAM sid, if it's not, then we get

> Yep - just looked at the code in lookup_name(). That's
> what is going this. There's a comment in there for a
> similar common case :
>          * For 'valid users = +users' we know "users" is most probably not
>          * BUILTIN\users but the unix group users. This hack requires the
>          * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
>          *
> I'm loath to change lookup_name, Volker spent a *lot* of time
> getting that right :-). Let me look at the codepaths....
> Using a domain of "Unix users" will force the correct lookup....


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list