[Samba] Valid users not working on 3.0.23d

Schaefer Jr, Thomas R. tom at umsl.edu
Fri Feb 9 14:39:01 GMT 2007

I've been watching this thread because I have several shares where like
Felipe I'll do 

valid users = user1, user2, user3
force user = user4 

so if there is actually some sort of problem as Felipe is describing, it
concerns me.

As far as reading the WHATSNEW.txt file, I've gone through it again and
maybe its just me but I can't figure out what John might be referring to
that could be causing Felipe's issue.

I'm speculating John is referring to the way it may now be necessary to
include the domain portion in the valid users parameter, ie something
along the lines of..

valid users = mydomain\user1, mydomain\user2, mydomain\user3 

(actually I've taken to creating a username map with entries like


and leaving the valid users parameters as they where)

Not having the domain portion could cause users Felipe intends allowing
to be denied.

But, he is having the exact opposite problem, users he intends denying
are being allowed.

Also, he says that downgrading to 3.0.22 and using the same smb.conf
fixes his problem.

Personally I can't replicate his issue, although I use domain level
security instead of user level level like he is so perhaps thats part of
it.  Also, I'm curious about what his username map file might be and
wonder if the issue could be in there.

Tom Schaefer

-----Original Message-----
From: samba-bounces+tom=umsl.edu at lists.samba.org
[mailto:samba-bounces+tom=umsl.edu at lists.samba.org] On Behalf Of John H
Sent: Monday, February 05, 2007 7:31 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Valid users not working on 3.0.23d

On Monday 05 February 2007 11:05, Papo Napolitano wrote:
> Felipe Augusto van de Wiel wrote:
> > On 02/02/2007 01:08 PM, Papo Napolitano wrote:
> >> Any one still having problems with "valid users" on 3.0.23d?
> >> I'm working in "security = USER" mode and with local users only.
> >>
> >> Share configuration :
> >>
> >> [private]
> >>         path = /home/private
> >>         valid users = papo
> >>         force user = root
> >>         force group = root
> >>         read only = No
> >>         create mask = 0600
> >>         directory mask = 0700
> >
> > [...]
> >
> >> Second test, using a valid but not listed user :
> >>
> >> [root at julieta /]# smbclient //julieta/private -U administrator
> >> Password:
> >> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d]
> >> smb: \> mkdir 1
> >> smb: \> rmdir 1
> >> smb: \> quit
> >>
> >> This is wrong, administrator shouldn't write, not even connect to 
> >> the share. "invalid users" seems to work ok though.
> >> I can provide debug logs for both versions if needed.
> >> Any hints?
> >
> > 	Is your administrator in the list of 'admin users'?
> >
> >> Thanks.-
> >
> > 	Kind regards,
> No, 'admin users' is empty.
> Anyway, I'm observing the same behaviour with any account.
> Downgrading to 3.0.22 and using the same smb.conf works, I'm going to 
> try 3.0.24 in the next couple of days just to be sure.
> Thanks.-

Please read the WHATSNEW.txt file that ships with Samba-3.0.x. You'll
see that the semantics of "valid users" was changed around 3.0.8.

- John T.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list