[Samba] Sid instead of username

Vishal-sh Sharma vishal-sh.sharma at db.com
Thu Nov 17 05:56:57 MST 2011


I do not have much understanding of samba other than having seen smb.conf file and having running start/stop scripts.
We have samba version 3.5.8 installed.

Our samba configuration was working fine but all of a sudden in a random manner, we see user "sids" appearing instead of username in the  security section of file properties for few of the shared resources.  On googling  I did come across the issue but no satisfactory solution/explanation.

Also the "same  samba configuration"  had not been working fine for years.

We use the "force user" in smb.conf and would expect the username of the "force user"  to appear instead of the SID.
Here is the relevant slice of the smb.conf

writable = yes
browsable = no
path = /opt/software/shared/st0007/samba
force user = st0007
valid users = domain1+winowslogin  domain1+windowslogin2  st0007
read list =

wherein , we would like folders in the "/opt/software/shared/st0007/samba" to be created with user st0007 when created via samba. The user st0007 is a valid unix user.
What we find is that when folder is created in  the shared resource(shared_folder)  by someone in the valid user list,  the folder seems to have SID ( which maps to correct uid on using wbinfo ) shown instead of the username. The group mapping is fine ( as seen in /etc/passwd for the user). As a consequence of the user being different from the force-user which we would like it to be, the folder cannot be renamed, cannot be deleted via samba by the valid user. The folder owner is st0007 when seen in the unix environment.

And this behaviour is now random. It works for some shared user (i.e , we get force username on the securities tab).

Could this issue be due to "changes" in windows controller etc as the problem had seemed to have gone away once on its own, ie the  SIDs reverted back to the username.
But now it seems to persist.

Here is the chunk of the global smb.conf file as well...

deadtime = 10
encrypt passwords = yes
server string = DAP Samba server %h
max log size = 500000
available = yes
bind interfaces only = yes
browseable = no
case sensitive = no
comment = DAP Samba server
follow symlinks = yes
max smbd processes = 200
invalid users = root
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss yes
log level = 2
read only = yes
auth methods = winbind sam_ignoredomain
create mask = 0000
directory mask = 0000
force create mode = 0644
force directory mode = 0755
security mask = 0750
security = ADS
realm = RAG.ADS.YD.COM
workgroup = DBG
allow trusted domains = yes
encrypt passwords = yes
winbind separator = +
winbind uid = 1000000-1100000
winbind enum users = no
winbind gid = 1000000-1100000
winbind enum groups = no
winbind cache time = 60
winbind use default domain = yes
use spnego = yes
lanman auth = no
client lanman auth = no
client plaintext auth = no
disable netbios = yes
min protocol = NT1
ntlm auth = yes
wins support = no
name resolve order = lmhosts host
wide links = yes
unix extensions = no
local master = no
domain master = no
preferred master = no
os level = 0
netbios name = netbios_server
password server = pass_server1,pas_server2,pass_server3

writable = yes
browsable = no
path = /opt/software/shared/st0007/samba
force user = st0007
valid users = domain1+winowslogin  domain1+windowslogin2 st0007
read list =

Any help would be greatly appreciated.


This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.

More information about the samba mailing list