after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore

Gerald Drouillard gerrylist at
Tue Feb 17 08:08:12 MST 2015

> OK, I can confirm this, with 'force user' in a share on 4.2.0rc4, a 
> domain user cannot connect with smbclient. I also do not think this 
> has anything to do with bug 11044, the user trying to connect is a 
> domain user and the 'force user' is a domain user, neither of which is 
> in /etc/passwd.
Not sure if this is related but, "force group=test" has an issue when 
samba has a domain group with the same name as the linux group.  The 
user is in the group as show with:
     getent group test
and with:
     id username

When connecting you will get:

	tree connect failed: NT_STATUS_NO_SUCH_GROUP

Samba is version 4.1.6-Ubuntu

Workaround is to remove the Samba Group.
Various combinations that did NOT work:

    force group= SID....
    force group=+test
    force group=+DOM\test

Gerald Drouillard
Technology Architect
Drouillard & Associates, Inc.

More information about the samba-technical mailing list