Unable to connect to samba share with "force user = unix_user"
Quentin Gibeaux
qgibeaux at iris-tech.fr
Wed Oct 15 06:40:07 MDT 2014
On 15/10/2014 14:31, Rowland Penny wrote:
> On 15/10/14 13:20, Quentin Gibeaux wrote:
>> On 15/10/2014 14:16, Rowland Penny wrote:
>>> If you are trying to connect as the user 'somename' then as I have
>>> already said this user is not an AD user and samba does not know who
>>> he is.
>>>
>>> I take it that you have something similar to this in
>>> /etc/nsswitch.conf
>>>
>>> passwd: compat winbind
>>> group: compat winbind
>>>
>>> When you run getent passwd <username> , the local files are search
>>> and if found the user info is returned, if not found winbind is
>>> searched. The same goes for getent group <groupname>. So when you
>>> search for your user, it is returned from the local files (because
>>> that it is where it is found), when you search for the group, it is
>>> returned by winbind.
>>>
>>> When you try to connect to your samba share as the local user,
>>> winbind is searched, cannot find your user and the rest you know.
>>>
>>> Rowland
>>>
>> I'm trying to connect with user1, that is in AD, and member of AD's
>> group somename.
> OK, in which case try this:
>
> Change
> valid users = +somename
> force user = somename
> force group = somename
>
> To
> valid users = @somename
> #force user = somename
> #force group = somename
>
> restart samba daemons
>
> This should only allow members of the group 'somename' to connect, if
> this works, uncomment the two lines, one by one, starting with the
> group line first.
>
> Rowland
>
I've already tested it :), but I'm okay to retry, here the result :
valid users = @somename
#force user = somename
#force group = somename
smbclient -H //server/someshare -U user1%pwd
-> connection ok
valid users = @somename
#force user = somename
force group = somename
smbclient -H //server/someshare -U user1%pwd
-> connection ok
valid users = @somename
force user = somename
force group = somename
smbclient -H //server/someshare -U user1%pwd
-> tree connect failed: NT_STATUS_NO_SUCH_USER
More information about the samba-technical
mailing list