[Samba] Problem with 3.0.23 upgrade from 3.0.22 with rfc2307 patch

Don Meyer dlmeyer at uiuc.edu
Tue Jul 18 15:48:53 GMT 2006

Well, I didn't see the last bit you describe, but I don't run RFC2307 
(yet).  We we bit by very similar behavior when moving from 3.0.22 to 
the 3.0.23 RC's.  Turns out that the use-default-domain option is not 
being universally applied to groups in 3.0.23.   As soon as I changed 
my "valid users = +group" statements to the format "= +domain\group", 
then this problem was fixed for us.   Maybe it will do the trick for you...


At 07:41 AM 7/18/2006, Howard Wilkinson wrote:
>I have managed to isolate where the problem is, now I need to work 
>out what the problem is?
>I have a group
>in which I am a member - howard.
>I have a
>valid users = +cohtech
>entry in smb.conf for the share I am trying to connect to, I get the 
>following reported in the machine.log file -
>zebra.log:  string_to_sid: Sid +cohtech does not start with 'S-'.
>and the users get rejected. If I declare the user directly then 
>access is allowed.
>This server gets its group database from the AD controllers via RFC2307.
>Anybody know why group expansion may be broken in 3.0.23?

Don Meyer                                           <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

   "They that can give up essential liberty to obtain a little 
temporary safety,
         deserve neither liberty or safety."     -- Benjamin Franklin, 1759 

More information about the samba mailing list