[Samba] valid users = +group doesn't work

Leonid Zeitlin lz at csltd.com.ua
Wed Apr 16 12:27:09 GMT 2008


Hi all,
I seem to be having a problem identical to this bug: 
https://bugzilla.samba.org/show_bug.cgi?id=3940 in Samba 3.0.28, however the 
bug is supposed to be fixed by now.

I have a Fedora 7 box joined as a member to Windows 2003 domain. All my 
Windows users have accounts on the Samba machine, with the same user name in 
Windows and in Unix. I have a share with valid users = +group, where group 
is a Unix group. Yet, when a user who is a member of that Unix group 
connects, access is denied. The messages in the log are as follows:

[2008/04/16 15:09:07, 5] smbd/service.c:make_connection(1205)
  making a connection to 'normal' service www
[2008/04/16 15:09:07, 3] lib/util_sid.c:string_to_sid(223)
  string_to_sid: Sid +webdev does not start with 'S-'.
[2008/04/16 15:09:07, 10] passdb/lookup_sid.c:lookup_name(64)
  lookup_name: UNIXBOX\webdev => UNIXBOX (domain), webdev (name)
[2008/04/16 15:09:07, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/04/16 15:09:07, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/04/16 15:09:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/04/16 15:09:07, 5] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2008/04/16 15:09:07, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2008/04/16 15:09:07, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/04/16 15:09:07, 10] smbd/share_access.c:user_ok_token(211)
  User lz not in 'valid users'
[2008/04/16 15:09:07, 2] smbd/service.c:make_connection_snum(616)
  user 'lz' (from session setup) not permitted to access this share (www)

Interestingly, if I specify valid users = +DOMAIN\windows_group, it works.

Maybe I need to configure something? Can I have valid users accept UNIX 
groups?

Thanks,
  Leonid 





More information about the samba mailing list