[Samba] valid-users still not work in 3.0.23a

Andreas Sachs andilist at gmx.de
Wed Aug 2 15:51:13 GMT 2006 

Hello,
i can reproduce the behaviour on a fresh installed system.

Debian 3.1
Samba 3.0.23a (Package from samba.org)

Changes to smb.conf:

Added:
username map = /var/lib/samba/user.map

[myshare]
        path = /tmp/
        force user = root
        valid users = andi
        guest ok = no

Changed:
passdb backend = tdbsam (removed guest)

user.map:
andi = andimap

----------------
Test:
fire.intern.sachs-net.de:/# smbclient -U andimap -I 192.168.10.94 //linux1/myshare
Password:
Domain=[LINUX1] OS=[Unix] Server=[Samba 3.0.23a]
tree connect failed: NT_STATUS_ACCESS_DENIED
fire::/# smbclient -U andimap -I 192.168.10.94 //linux1/myshare
Password:
Domain=[LINUX1] OS=[Unix] Server=[Samba 3.0.23a]
tree connect failed: NT_STATUS_ACCESS_DENIED
fire:/# smbclient -U andi -I 192.168.10.94 //linux1/myshare
Password:
Domain=[LINUX1] OS=[Unix] Server=[Samba 3.0.23a]
smb: \> exit
fire:/#

The mapped user cannot log in.

Serverlog:
User andi not in 'valid users'

Greetings
Andreas


> On Mon, 2006-07-31 at 16:58 +0200, Andreas Sachs wrote:
>> > On Sun, Jul 30, 2006 at 06:31:40PM +0200, Andreas Sachs wrote:
>> >> Hello,
>> >> i was using the debian version of samba 3.0.14a. Everything works
>> >> fine.
>> >> Then I upgraded to 3.0.23 because of Windows Visa support. After that
>> >> upgrade shares with "valid users" could not be accessed. So I waited
>> >> for
>> >> 3.0.23a and upgraded to this version. The problem still exists. The
>> >> following message is in the log: User andi not in 'valid users'.
> [...]
>> the problem only appears if the username is mapped with a username map.
>> Example:
>>
>> usernamemap:
>> <serveruser> = <clientuser>
>> ---------
>> smb.conf:
>> ...
>> valid users = <serveruser>
>> ...
>> ---------
>> smbclient -U <serveruser> ...
>> ->everything is ok
>>
>> smbclient -U <clientuser> ...
>> ->tree connect failed: NT_STATUS_ACCESS_DENIED
>>
>> in the serverlog:
>> User <serveruser> not in 'valid users'
>>
>> The server recognize the mapping, because the translated username is in
>> the log.
>>
>>
>> You asked me to post the smbclient log. Do you really want this log,
>> because the error message (User andi not in 'valid users') is from the
>> server log.

> Please send in a log level 10 of the smbd server.

> Simo.

> --
> Simo Sorce
> Samba Team GPL Compliance Officer
> email: idra at samba.org
> http://samba.org

More information about the samba mailing list