AW: AW: AW: AW: after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore

Dr. Hansjoerg Maurer hansjoerg.maurer at
Thu Jan 29 08:57:55 MST 2015

> This may have something to do with the change of winbind in 4.2, but 
> whatever the cause, it is not helping if VAS allows you to have Unix 
> users and Domain users with the same name, just how is Unix to know 
> which user 'maurerh' is, is it the local user or is the domain user ?

sorry, there we may have a missunderstanding.

We have only ONE unix user maurerh, which VAS retrieves directly from the AD Domain

getent passwd | grep maurerh

VAS is just another way for providing AD User with rfc2307 attributes to a unix system.

The UID/GID of this user is the one stored in AD.

And they are identical to the ones, wbinbind provides, because its the same user object 
wbinfo --uid-info 7740

With idmap_nss the Unix User maurerh should automatically be mapped to the Domainuser XXX\maurerh

In this case I do net expect any difference, if we have

passwd: files winbind
passwd: files vas4
passwd: files sss
in order to provide  the unix users form the AD to the unix system.

The AD provides a unique unix user with Unix attributes stored in AD in   rfc2307 attributes

If I connect to the samba server form the windows side as XXX\maurerh
every file I create is owned by maurerh with UID 7740 in the filesystem.
Therefore the mapping works.

Only when I use
force user = maurerh
force user = XXX\maurerh 
I can not access the share anymore (which worked in 4.1.16)

And therefore I think we have a problem with  force user in 4.2, which of course could be related to the winbind changes you mention



Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5906 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list