[Samba] Sid instead of username

Vishal-sh Sharma vishal-sh.sharma at db.com
Thu Nov 17 06:10:35 MST 2011


I do not have much understanding of samba other than having seen smb.conf file and having run start/stop scripts.

We have samba version 3.5.8 installed.

Our samba configuration was working fine but all of a sudden in a random manner, we see user "sids" appearing instead of username in the  security section of file properties for few of the shared resources.  On googling  I did come across the issue but no satisfactory solution/explanation.

Also the "same  samba configuration"  had been working fine for years.

We use the "force user" in smb.conf and would expect the username of the "force user"  to appear instead of the SID.

Here is the relevant slice of the smb.conf


writable = yes

browsable = no

path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin  domain1+windowslogin2  st0007 read list =

wherein , we would like folders in the "/opt/software/shared/st0007/samba" to be created with user st0007 when created via samba. The user st0007 is a valid unix user.

What we find is that when folder is created in  the shared resource(shared_folder)  by someone in the valid user list,  the folder seems to have SID ( which maps to correct uid on using wbinfo ) shown instead of the username. The group mapping is fine ( as seen in /etc/passwd for the user). As a consequence of the user being different from the force-user which we would like it to be, the folder cannot be renamed, cannot be deleted via samba by the valid user. The folder owner is st0007 when seen in the unix environment.

And this behaviour is now random. It works for some shared user (i.e , we get force username on the securities tab).

Could this issue be due to "changes" in windows controller etc as the problem had seemed to have gone away once on its own, ie the  SIDs reverted back to the username.

But now it seems to persist.

Here is the chunk of the global smb.conf file as well...


deadtime = 10

encrypt passwords = yes

server string = DAP Samba server %h

max log size = 500000

available = yes

bind interfaces only = yes

browseable = no

case sensitive = no

comment = DAP Samba server

follow symlinks = yes

max smbd processes = 200

invalid users = root

load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss yes

log level = 2

read only = yes

auth methods = winbind sam_ignoredomain

create mask = 0000

directory mask = 0000

force create mode = 0644

force directory mode = 0755

security mask = 0750

security = ADS

realm = RAG.ADS.YD.COM

workgroup = DBG

allow trusted domains = yes

encrypt passwords = yes

winbind separator = +

winbind uid = 1000000-1100000

winbind enum users = no

winbind gid = 1000000-1100000

winbind enum groups = no

winbind cache time = 60

winbind use default domain = yes

use spnego = yes

lanman auth = no

client lanman auth = no

client plaintext auth = no

disable netbios = yes

min protocol = NT1

ntlm auth = yes

wins support = no

name resolve order = lmhosts host

wide links = yes

unix extensions = no

local master = no

domain master = no

preferred master = no

os level = 0

netbios name = netbios_server

password server = pass_server1,pas_server2,pass_server3


writable = yes

browsable = no

path = /opt/software/shared/st0007/samba force user = st0007 valid users = domain1+winowslogin  domain1+windowslogin2 st0007 read list =

Any help would be greatly appreciated.



This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.

More information about the samba mailing list