[Samba] valid-users still not work in 3.0.23a
Andreas Sachs
andilist at gmx.de
Wed Aug 2 15:51:13 GMT 2006
Hello,
i can reproduce the behaviour on a fresh installed system.
Debian 3.1
Samba 3.0.23a (Package from samba.org)
Changes to smb.conf:
Added:
username map = /var/lib/samba/user.map
[myshare]
path = /tmp/
force user = root
valid users = andi
guest ok = no
Changed:
passdb backend = tdbsam (removed guest)
user.map:
andi = andimap
----------------
Test:
fire.intern.sachs-net.de:/# smbclient -U andimap -I 192.168.10.94 //linux1/myshare
Password:
Domain=[LINUX1] OS=[Unix] Server=[Samba 3.0.23a]
tree connect failed: NT_STATUS_ACCESS_DENIED
fire::/# smbclient -U andimap -I 192.168.10.94 //linux1/myshare
Password:
Domain=[LINUX1] OS=[Unix] Server=[Samba 3.0.23a]
tree connect failed: NT_STATUS_ACCESS_DENIED
fire:/# smbclient -U andi -I 192.168.10.94 //linux1/myshare
Password:
Domain=[LINUX1] OS=[Unix] Server=[Samba 3.0.23a]
smb: \> exit
fire:/#
The mapped user cannot log in.
Serverlog:
User andi not in 'valid users'
Greetings
Andreas
> On Mon, 2006-07-31 at 16:58 +0200, Andreas Sachs wrote:
>> > On Sun, Jul 30, 2006 at 06:31:40PM +0200, Andreas Sachs wrote:
>> >> Hello,
>> >> i was using the debian version of samba 3.0.14a. Everything works
>> >> fine.
>> >> Then I upgraded to 3.0.23 because of Windows Visa support. After that
>> >> upgrade shares with "valid users" could not be accessed. So I waited
>> >> for
>> >> 3.0.23a and upgraded to this version. The problem still exists. The
>> >> following message is in the log: User andi not in 'valid users'.
> [...]
>> the problem only appears if the username is mapped with a username map.
>> Example:
>>
>> usernamemap:
>> <serveruser> = <clientuser>
>> ---------
>> smb.conf:
>> ...
>> valid users = <serveruser>
>> ...
>> ---------
>> smbclient -U <serveruser> ...
>> ->everything is ok
>>
>> smbclient -U <clientuser> ...
>> ->tree connect failed: NT_STATUS_ACCESS_DENIED
>>
>> in the serverlog:
>> User <serveruser> not in 'valid users'
>>
>> The server recognize the mapping, because the translated username is in
>> the log.
>>
>>
>> You asked me to post the smbclient log. Do you really want this log,
>> because the error message (User andi not in 'valid users') is from the
>> server log.
> Please send in a log level 10 of the smbd server.
> Simo.
> --
> Simo Sorce
> Samba Team GPL Compliance Officer
> email: idra at samba.org
> http://samba.org
More information about the samba
mailing list