[Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.

Lamar.Saxon at americredit.com Lamar.Saxon at americredit.com
Fri Aug 11 13:38:41 GMT 2006

I had the same problem on AIX with Samba 3.0.23b upgrading Samba
3.0.23a.  The solution I found was to change all "valid users" to
"users".  The documents still say "valid users" is acceptable; but it
would not work once I went to 3.0.23b.


-----Original Message-----
From: Franz Sirl [mailto:Franz.Sirl-kernel at lauterbach.com]
Sent: Friday, August 11, 2006 4:20 AM
To: Gerald (Jerry) Carter
Cc: samba
Subject: Re: [Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.

At 00:44 11.08.2006, Gerald (Jerry) Carter wrote:
>Hash: SHA1
> >    HELP! On mandriva, I compiled samba from source
> > and got it running, but I cannot connect from windows.
> > (see my post from earlier "[Samba] Compiling and
> > Configuring Samba for Mandrival")
> > david at rankin-xp:~> smbclient //bonza/office
> > Password:
> > Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b]
> > tree connect failed: NT_STATUS_ACCESS_DENIED
> >    I have attached a level 10 debug if that will help.
> > This is a standalone server.
>Attachments get stripped from the list.  I need
>your smb.conf, a level 10 debug log from smbd,
>and output from the following tow commands
>* pdbedit -L -w | cut -d: -f1
>* net groupmap list | cut -d\( -f1


I have the same problem with a simple security = user, non-LDAP,
non-windbindd etc. setup. I can workaround this for
gid=100/groupname=users with:

        valid users = S-1-5-21-1540046517-542637695-1028676802-1201

My net getlocalsid:
  SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802

These didn't work:

        valid users = +users
        valid users = +HOSTNAME\users
        valid users = +BUILTIN\users
        valid users = +"Unix Group\users"
        valid users = S-1-22-2-100

This seems also to be related on which versions of samba were working
before on a machine (seems to depend on the contents of the .tdb),
but so far I could always reproduce it when I delete most of the
.tdb's except printer related and secrets.tdb.
Maybe some "net groupmap" statements are now necessary for simple
setups as well?


Privileged and Confidential.  This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information.  If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail.  You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.

More information about the samba mailing list