after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore

"Dr. Hansjörg Maurer" hansjoerg.maurer at itsd.de
Thu Jan 29 14:35:13 MST 2015 

Am 29.01.2015 um 19:39 schrieb Andrew Bartlett:
>
> Can you please try the patch from:
>
> https://bugzilla.samba.org/show_bug.cgi?id=11044
>
> Thanks,
>
> Andrew Bartlett
>
Hi Andrew,

thank you for your reply.

I applied the patch (I hope doing it right, seee below) and
recompiled/installed, but it did not solve the problem

[root at rmc-donau samba-4.2.0rc4]# patch -p 1 < ../patch_force_user.diff
patching file source3/auth/server_info.c
patching file source3/auth/server_info.c
patching file source3/auth/auth_util.c
patching file source3/auth/proto.h
patching file source3/auth/server_info.c
patching file source3/auth/server_info.c
patching file selftest/target/Samba3.pm
patching file source3/script/tests/test_smbclient_auth.sh


I do not know anytthing about the internal logic, but
the patch seems to fix a problem, where user gdm
is a unix user only (not in AD) but in our case maurerh is a AD User,
which is available
on unix to (same UID)

it does not work with
force user = maurerh
 
 smbclient //ftpserver/tmpuser -Umaurerh
Enter maurerh's password:
Domain=[XXX] OS=[Windows 6.1] Server=[Samba 4.2.0rc4]
tree connect failed: NT_STATUS_INVALID_SID

without force user = maurerh
it works

 smbclient //ftpserver/tmpuser -Umaurerh
Enter maurerh's password:
Domain=[XXX] OS=[Windows 6.1] Server=[Samba 4.2.0rc4]
smb: \> quit

Regards


Hansjörg Maurer



----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5906 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150129/ea3fb8d1/attachment.bin>

More information about the samba-technical mailing list