Unable to connect to samba share with "force user = unix_user" [Solved] [yes it really is solved]

[Rowland Penny]

On 15/10/14 14:18, Quentin Gibeaux wrote:
> On 15/10/2014 15:05, Rowland Penny wrote:
>> On 15/10/14 13:57, Quentin Gibeaux wrote:
>>> On 15/10/2014 14:47, Rowland Penny wrote:
>>>> OK, this is what I expected, when you uncomment the 'force user' 
>>>> line you are trying to force the files to be owned by 'somename', 
>>>> this user is not in AD, hence this is why you are getting 
>>>> 'NT_STATUS_NO_SUCH_USER' . Either do not use the line or change 
>>>> 'somename' to an AD user. 
>>> In facts, i don't understand why it checks in the AD for the user 
>>> with 'somename' name.
>>> Anyway, if I try with "force user = root", where root is a unix only 
>>> user : it works, whereas root is not in AD (so should be 
>>> NO_SUCH_USER, right ?).
>>>
>>
>> root is a special case, as far as I am aware it is hardcoded into 
>> samba. I would have thought that 'NO_SUCH_USER' on the end of the 
>> error message was pretty much to the point, samba **does not know who 
>> 'somename' is* *
>>
>> Rowland
>>
> It also works with "nobody" or "munin", which aren't in AD either :)
> Is it normal ?
> I still don't get it on why samba's checking on AD for 'force user' : 
> isn't it supposed to be only about filesystem rights ?
>
> Quentin
Samba needs to know who the user is before it does anything, so if it 
cannot find the user it returns the error message, it is possible that 
'nobody' & 'munin' are getting mapped via winbind so samba knows who 
they are, but I cannot be certain because
A) I have never seen your smb.conf
B) I am not sat in front of your computer to do a few tests

Please just accept that it is a bad idea to try and force the ownership 
of files in a domain share to a user that is not a domain user.

Rowland