after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore
Andrew Bartlett
abartlet at samba.org
Thu Jan 29 14:51:25 MST 2015
On Thu, 2015-01-29 at 21:46 +0000, Rowland Penny wrote:
> On 29/01/15 21:35, "Dr. Hansjörg Maurer" wrote:
> > Am 29.01.2015 um 19:39 schrieb Andrew Bartlett:
> >> Can you please try the patch from:
> >>
> >> https://bugzilla.samba.org/show_bug.cgi?id=11044
> >>
> >> Thanks,
> >>
> >> Andrew Bartlett
> >>
> > Hi Andrew,
> >
> > thank you for your reply.
> >
> > I applied the patch (I hope doing it right, seee below) and
> > recompiled/installed, but it did not solve the problem
> >
> > [root at rmc-donau samba-4.2.0rc4]# patch -p 1 < ../patch_force_user.diff
> > patching file source3/auth/server_info.c
> > patching file source3/auth/server_info.c
> > patching file source3/auth/auth_util.c
> > patching file source3/auth/proto.h
> > patching file source3/auth/server_info.c
> > patching file source3/auth/server_info.c
> > patching file selftest/target/Samba3.pm
> > patching file source3/script/tests/test_smbclient_auth.sh
> >
> >
> > I do not know anytthing about the internal logic, but
> > the patch seems to fix a problem, where user gdm
> > is a unix user only (not in AD) but in our case maurerh is a AD User,
> > which is available
> > on unix to (same UID)
> >
> > it does not work with
> > force user = maurerh
> >
> > smbclient //ftpserver/tmpuser -Umaurerh
> > Enter maurerh's password:
> > Domain=[XXX] OS=[Windows 6.1] Server=[Samba 4.2.0rc4]
> > tree connect failed: NT_STATUS_INVALID_SID
> >
> > without force user = maurerh
> > it works
> >
> > smbclient //ftpserver/tmpuser -Umaurerh
> > Enter maurerh's password:
> > Domain=[XXX] OS=[Windows 6.1] Server=[Samba 4.2.0rc4]
> > smb: \> quit
> >
> > Regards
> >
> >
> > Hansjörg Maurer
> >
> >
> >
> > ----------------------------
> > Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.
> >
> > Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.
> >
>
> OK, just had a thought, try changing 'force user = maurerh' to 'force
> user = XXX\maurerh', where 'XXX' is your domain/workgroup name
Rowland,
Thanks for trying to help our user work around the issue. However, in
this case as it is clearly a regression between Samba versions, we
should work to resolve it that way.
Jeremy,
It looks like the fix from bug 11044 may not be complete. Do you have
any ideas on what might be going on here?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list