[Samba] User invalid SID with home directory - Bueller?
Charlie
medievalist at gmail.com
Tue May 13 21:15:54 GMT 2008
If you do a "net getlocalsid" at your shell prompt on the samba server
that hosts the share, does the preamble of the SID returned match that
of the SID you see in your error messages?
I'm betting not...
--Charlie
On Tue, May 13, 2008 at 2:39 PM, Wes Modes <wmodes at ucsc.edu> wrote:
> So even though I see this popping up in tons of posts, no one has
> encountered it and successfully solved the problem or can illuminate the
> issue?
>
> Here's what I did not knowing what else to do:
>
> 1. Deleted the account. (smbldap-userdel)
> 2. Recreated the account (smbldap-useradd)
> 3. Searched for any files owned by the old user, and chown'd them to
> the new user
>
> It is not an elegant solution, but it is the only one I have now. So far I
> haven't gotten any accounts that have had the problem reoccur. But I'm
> waiting to see.
>
> Wes
>
>
> Wes Modes wrote:
>
> > I'm having the problem in which users can access their group shares, but
> not their home shares. These two shares are defined thusly in smb.conf:
> >
> > [seref]
> > comment = Science & Engineering Reference Section
> > path = /data/group/seref
> > valid users = @seref, @seref-read, @admin
> > read list = @seref-read
> > write list = @seref, @admin
> > force group = seref
> > create mask = 0664
> > directory mask = 0770
> >
> > [home]
> > comment = %u's Personal Share Directory
> > path = /data/home/%U
> > valid users = %U, @admin
> > write list = %U, @admin
> > create mask = 0600
> > directory mask = 0700
> > browseable = No
> >
> >
> > It seems that the %U variable, causes Samba to do a lookup_global_sam_name
> which fails.
> > [root at fileserver]# smbclient -Ujoeblow
> > '\\edgar.library.ucsc.edu\home' xxxxxxxx
> > tree connect failed: NT_STATUS_ACCESS_DENIED
> >
> >
> > Here's the relevant section of the log:
> >
> > passdb/pdb_ldap.c:init_sam_from_ldap(545)
> > init_sam_from_ldap: Entry found for user: joeblow
> > passdb/pdb_ldap.c:init_group_from_ldap(2158)
> > init_group_from_ldap: Entry found for group: 30023
> > passdb/passdb.c:lookup_global_sam_name(596)
> > User joeblow with invalid SID
> > S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
> > passdb/pdb_ldap.c:init_group_from_ldap(2158)
> > init_group_from_ldap: Entry found for group: 1001
> > smbd/service.c:make_connection_snum(616)
> > user 'joeblow' (from session setup) not permitted to access this
> > share (home)
> >
> >
> > Please note that I am not using the ADS security model, nor do I care to
> at the moment. Here's the significant part of my smb.conf:
> >
> > ### Basic information for server
> > workgroup = MCHSTAFF
> > netbios name = EDGAR
> > server string = Library Samba Server
> > hosts allow = 169.233.
> > hosts allow = 128.114.
> > enable privileges = yes
> > security = user
> > encrypt passwords = yes
> > preferred master = yes
> > domain master = yes
> > domain logons = yes
> > local master = yes
> > username map = /etc/samba/smbusers
> > logon path =
> > wins support = yes
> > dns proxy = no
> >
> > So why I am I getting the failure "User joeblow with invalid SID"?
> >
> > Wes
> >
> >
> >
>
> --
>
> Wes Modes
> Server Administrator & Programmer Analyst
> McHenry Library
> Computing & Network Services
> Information and Technology Services
> 459-5208
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list