Unable to connect to samba share with "force user = unix_user"

Rowland Penny repenny241155 at gmail.com
Wed Oct 15 06:47:29 MDT 2014


On 15/10/14 13:40, Quentin Gibeaux wrote:
> On 15/10/2014 14:31, Rowland Penny wrote:
>> On 15/10/14 13:20, Quentin Gibeaux wrote:
>>> On 15/10/2014 14:16, Rowland Penny wrote:
>>>> If you are trying to connect as the user 'somename' then as I have 
>>>> already said this user is not an AD user and samba does not know 
>>>> who he is.
>>>>
>>>> I take it that you have  something similar to this in 
>>>> /etc/nsswitch.conf
>>>>
>>>> passwd:         compat winbind
>>>> group:          compat winbind
>>>>
>>>> When you run getent passwd <username> , the local files are search 
>>>> and if found the user info is returned, if not found winbind is 
>>>> searched. The same goes for getent group <groupname>. So when you 
>>>> search for your user, it is returned from the local files (because 
>>>> that it is where it is found), when you search for the group, it is 
>>>> returned by winbind.
>>>>
>>>> When you try to connect to your samba share as the local user, 
>>>> winbind is searched, cannot find your user and the rest you know.
>>>>
>>>> Rowland
>>>>
>>> I'm trying to connect with user1, that is in AD, and member of AD's 
>>> group somename.
>> OK, in which case try this:
>>
>> Change
>> valid users = +somename
>> force user = somename
>> force group = somename
>>
>> To
>> valid users = @somename
>> #force user = somename
>> #force group = somename
>>
>> restart samba daemons
>>
>> This should only allow members of the group 'somename' to connect, if 
>> this works, uncomment the two lines, one by one, starting with the 
>> group line first.
>>
>> Rowland
>>
> I've already tested it :), but I'm okay to retry, here the result :
>
> valid users = @somename
> #force user = somename
> #force group = somename
>
> smbclient -H //server/someshare -U user1%pwd
> -> connection ok
>
> valid users = @somename
> #force user = somename
> force group = somename
> smbclient -H //server/someshare -U user1%pwd
> -> connection ok
>
> valid users = @somename
> force user = somename
> force group = somename
> smbclient -H //server/someshare -U user1%pwd
> -> tree connect failed: NT_STATUS_NO_SUCH_USER
>
OK, this is what I expected, when you uncomment the 'force user' line 
you are trying to force the files to be owned by 'somename', this user 
is not in AD, hence this is why you are getting 'NT_STATUS_NO_SUCH_USER' 
. Either do not use the line or change 'somename' to an AD user.

Rowland


More information about the samba-technical mailing list