samba 4.3.1 - unable to access a share of an AD memberserver with force user set (since 4.2.0)
Jeremy Allison
jra at samba.org
Thu Oct 29 15:58:28 UTC 2015
On Thu, Oct 29, 2015 at 12:26:50PM +0100, Dr. Hansjoerg Maurer wrote:
> Hi
>
> I have tried 4.3.1 on an AD memberserver with idmap_nss and force user
>
> Up to samba 4.1.X the following configuration works, starting with 4.2.0 it stops working.
> I am unable to access a share with "force user = username" set
> I have already opend
>
> https://bugzilla.samba.org/show_bug.cgi?id=11082
>
> Now I have traced down which commit causes the change in behavoir .
> (therefore adressing you directly, Jeremy)
> It was
> https://git.samba.org/?p=samba.git;a=commitdiff;h=9395243890aff5bb2166e18e33492afb28850097
>
> Our config is:
>
> idmap config * : backend = tdb
> idmap config * : range = 1000001-1999999
> idmap config XXX : backend = nss
> idmap config XXX : range = 1000-1000000
>
> I have a Share
> [test]
> path = /home_local/test
> comment = Testshare
> browseable = yes
> writable = yes
> force group = +XXX\rmc_sysadmin_mf
> # force user = XXX\maurerh
> force user = maurerh
>
> Up to samba 4.1.X this works, starting with 4.2.0 this stops working
> ( neither with force user = XXX\maurerh nor with force user = maurerh )
> User maurerh ist provided by nss (not winbind)
According to the bug report you're providing UNIX users
from AD using VAS (Quest authentication servers).
Can you reproduce this without using VAS ? I want to
understand if this is an interaction with their
service.
Thanks,
Jeremy.
More information about the samba-technical
mailing list