[Samba] Account Unknown for users with Samba 3.0.11/14

James.Cort at u4eatech.com James.Cort at u4eatech.com
Thu Jan 5 09:13:57 GMT 2006


I've got a problem with a samba server I inherited which I can't solve.

I think it's the configuration rather than the version because I have 
the same problem with a 3.0.14 and a 3.0.11 Samba server with almost 
identical configurations.  Both authenticate against LDAP, one has an 
old smbpasswd file which should no longer be in use.

The issue is that when I click "Properties... Security" in Windows on 
something shared on the samba server, all the groups come up OK but 
users are displayed as  (for example) "Account Unknown 

I've checked, and that account SID is correct. However, I'd expect it 
to eventually resolve to a username - it doesn't. Google suggests this 
may be a known issue in older versions of Samba, but not 3.x.

I've noticed that this isn't true for all owners - on one server I've 
got an smbpasswd file and anyone whose SID is in there resolves just 
fine.  But not everyone's SID is in there.

This issue aside, Samba is handling user authentication just fine - I 
can only access the shares I should - but setting up security on 
individual folders from Windows isn't terribly usable like this.

I'm not sure where to look next.  The Samba server running 3.0.14 isn't 
live yet, so I can do more-or-less what I like with the configuration.  
The 3.0.11 server, however, is live, so I don't want to mess with the 
configuration until I've got a better idea of what I need to do to fix 

James Cort



# 1. Server Naming Options:
# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = U4EA
   server string = Poteen Samba Server %v

# 3. Logging Options:
# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba3/log.%m
   max log size = 50
   log level = 10

# 4. Security and Domain Membership Options:
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
   hosts allow = 172.30. 192.168.22. 172.16.1 127.

# Allow users to map to guest:
  map to guest = bad user

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = user
   encrypt passwords = yes

# 5. Browser Control and Networking Options:
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = no

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = no

passdb backend = ldapsam:ldap://cygnus_new/
ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com
##ldap filter = "(&(uid=%u) (objectclass=sambaAccount))"
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
#ldap filter = "(uid=%u)"
idmap backend = ldap:ldaps//cygnus_new/
ldap suffix = dc=u4eatech,dc=com
ldap user suffix =  ou=People
ldap group suffix = ou=Group
ldap passwd sync = yes
ldap delete dn = no
#add user script = /usr/local/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no

   comment = Home Directories
   browseable = yes
   writable = yes

##### other directories
# Export a share for testing team members
   path = /home/testing
   comment = Testing Data
   writable = yes

More information about the samba mailing list