after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore
Rowland Penny
repenny241155 at gmail.com
Thu Jan 29 14:55:14 MST 2015
On 29/01/15 21:51, Andrew Bartlett wrote:
> On Thu, 2015-01-29 at 21:46 +0000, Rowland Penny wrote:
>> On 29/01/15 21:35, "Dr. Hansjörg Maurer" wrote:
>>> Am 29.01.2015 um 19:39 schrieb Andrew Bartlett:
>>>> Can you please try the patch from:
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=11044
>>>>
>>>> Thanks,
>>>>
>>>> Andrew Bartlett
>>>>
>>> Hi Andrew,
>>>
>>> thank you for your reply.
>>>
>>> I applied the patch (I hope doing it right, seee below) and
>>> recompiled/installed, but it did not solve the problem
>>>
>>> [root at rmc-donau samba-4.2.0rc4]# patch -p 1 < ../patch_force_user.diff
>>> patching file source3/auth/server_info.c
>>> patching file source3/auth/server_info.c
>>> patching file source3/auth/auth_util.c
>>> patching file source3/auth/proto.h
>>> patching file source3/auth/server_info.c
>>> patching file source3/auth/server_info.c
>>> patching file selftest/target/Samba3.pm
>>> patching file source3/script/tests/test_smbclient_auth.sh
>>>
>>>
>>> I do not know anytthing about the internal logic, but
>>> the patch seems to fix a problem, where user gdm
>>> is a unix user only (not in AD) but in our case maurerh is a AD User,
>>> which is available
>>> on unix to (same UID)
>>>
>>> it does not work with
>>> force user = maurerh
>>>
>>> smbclient //ftpserver/tmpuser -Umaurerh
>>> Enter maurerh's password:
>>> Domain=[XXX] OS=[Windows 6.1] Server=[Samba 4.2.0rc4]
>>> tree connect failed: NT_STATUS_INVALID_SID
>>>
>>> without force user = maurerh
>>> it works
>>>
>>> smbclient //ftpserver/tmpuser -Umaurerh
>>> Enter maurerh's password:
>>> Domain=[XXX] OS=[Windows 6.1] Server=[Samba 4.2.0rc4]
>>> smb: \> quit
>>>
>>> Regards
>>>
>>>
>>> Hansjörg Maurer
>>>
>>>
>>>
>>> ----------------------------
>>> Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.
>>>
>>> Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.
>>>
>> OK, just had a thought, try changing 'force user = maurerh' to 'force
>> user = XXX\maurerh', where 'XXX' is your domain/workgroup name
> Rowland,
>
> Thanks for trying to help our user work around the issue. However, in
> this case as it is clearly a regression between Samba versions, we
> should work to resolve it that way.
>
> Jeremy,
>
> It looks like the fix from bug 11044 may not be complete. Do you have
> any ideas on what might be going on here?
>
> Thanks,
>
> Andrew Bartlett
>
OK, over to you
More information about the samba-technical
mailing list