after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore
Dr. Hansjoerg Maurer
hansjoerg.maurer at itsd.de
Wed Jan 28 07:40:51 MST 2015
Hi
am trying samba 4.2.0rc4 as an AD member (security =ADS)
I upgraded form a working 4.1.16 configuration
idmap config * : backend = tdb
idmap config * : range = 1000001-1999999
idmap config XXX : backend = ad
idmap config XXX : schema_mode = rfc2307
idmap config XXX : readonly = yes
idmap config XXX : range = 1000-1000000
I have a share with a force user line which did not work any more
[tmpuser]
path = /home_local/tmpuser
comment = tmpuser-Share
guest ok = no
read only = no
force group = +XXX\groupname
force user = maurerh
I got acces denied, neither with
force user = maurerh
nor with
force user = XXX\maurerh
Without force user I can access the share
With force user samba logs
Failed to generate session_info (user and group token) for session setup: NT_STATUS_ACCESS_DENIED
[2015/01/28 15:22:55.911105, 1] ../source3/auth/server_info.c:628(passwd_to_SamInfo3)
The primary group domain sid(S-1-5-21-1156737867-681972312-1097073633-131379) does not match the domain sid(S-1-22-1) for maurerh(S-1-22-1-7740)
If I create a Folder in the share without force user
the folder belongs to the right user and group
drwx------ 2 maurerh groupname 4096 Jan 28 15:24 Neuer Ordner/
therefore the mapping seems to be ok
The unix user maurerh ( uid=7740 ) is an AD user to, but the system get the
nss information from the AD using VAS (Vintela/Quest/Dell) Authentication services
Can someone reproduce this problem?
Sould I open a bug?
Regrads
Hansjörg
----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.
Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5906 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150128/79099922/attachment.bin>
More information about the samba-technical
mailing list