Trusted AD user who belongs to "valid users" can not access Samba Server on samba-3.6.5

Richard Sharpe realrichardsharpe at gmail.com
Tue Jul 24 09:04:06 MDT 2012


On Tue, Jul 24, 2012 at 1:57 AM, jinyunshuai <jinyunshuai at 126.com> wrote:
> Hi folks,
>
> I found a new issue on samba-3.6.5 : "Trusted AD user who belongs to "valid users" can
> not access Samba Server on samba-3.6.5"
>
> Adomain and Bdomain are trusted eath other.
> samba server is joined to Adomain.
> user test1 is a normal AD user from Bdomain.test, but it is a member of group "Adomain\sag1"
>
> Edit smb.conf, then set "valid users" to be an AD group for samba share named
> valid-users-test
> ---------------------------------
> [valid-users-test]
>     path = /valid-users-test
>     public = no
>     valid users = +Adomain\sag1
>     writable = yes
>
> Try to access samba server via test1.
> --------------------------------
> root at ubdesk1004x64v2:/# smbclient -U 'Bdomain\test1'%'pas$word'  //samba-server/valid-users-test
>
> Domain=[ASMB] OS=[Unix] Server=[Samba 3.6.5]
> tree connect failed: NT_STATUS_ACCESS_DENIED
>
> this issue dose not exist on samba-3.5.11

The first step here is to get a level 10 debug log and see why the
TreeConnect is failing.

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)


More information about the samba-technical mailing list