[Samba] Account Unknown for users with Samba 3.0.11/14
James.Cort at u4eatech.com
James.Cort at u4eatech.com
Thu Jan 5 09:13:57 GMT 2006
Hi,
I've got a problem with a samba server I inherited which I can't solve.
I think it's the configuration rather than the version because I have
the same problem with a 3.0.14 and a 3.0.11 Samba server with almost
identical configurations. Both authenticate against LDAP, one has an
old smbpasswd file which should no longer be in use.
The issue is that when I click "Properties... Security" in Windows on
something shared on the samba server, all the groups come up OK but
users are displayed as (for example) "Account Unknown
{S-1-5-21-4012146134-3166284455-2856603714-3038)".
I've checked, and that account SID is correct. However, I'd expect it
to eventually resolve to a username - it doesn't. Google suggests this
may be a known issue in older versions of Samba, but not 3.x.
I've noticed that this isn't true for all owners - on one server I've
got an smbpasswd file and anyone whose SID is in there resolves just
fine. But not everyone's SID is in there.
This issue aside, Samba is handling user authentication just fine - I
can only access the shares I should - but setting up security on
individual folders from Windows isn't terribly usable like this.
I'm not sure where to look next. The Samba server running 3.0.14 isn't
live yet, so I can do more-or-less what I like with the configuration.
The 3.0.11 server, however, is live, so I don't want to mess with the
configuration until I've got a better idea of what I need to do to fix
it.
James Cort
smb.conf:
[global]
# 1. Server Naming Options:
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = U4EA
server string = Poteen Samba Server %v
# 3. Logging Options:
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba3/log.%m
max log size = 50
log level = 10
# 4. Security and Domain Membership Options:
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
hosts allow = 172.30. 192.168.22. 172.16.1 127.
# Allow users to map to guest:
map to guest = bad user
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
encrypt passwords = yes
# 5. Browser Control and Networking Options:
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = no
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = no
passdb backend = ldapsam:ldap://cygnus_new/
ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com
##ldap filter = "(&(uid=%u) (objectclass=sambaAccount))"
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
#ldap filter = "(uid=%u)"
idmap backend = ldap:ldaps//cygnus_new/
ldap suffix = dc=u4eatech,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap passwd sync = yes
ldap delete dn = no
#add user script = /usr/local/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
[homes]
comment = Home Directories
browseable = yes
writable = yes
##### other directories
# Export a share for testing team members
[testing]
path = /home/testing
comment = Testing Data
writable = yes
More information about the samba
mailing list