[Samba] Can't get permission on a share to work problem with groups

Horace mailinglist at lhplan.tk
Sun Feb 9 07:10:49 MST 2014


On 2014-02-09 07:08, Leander S. wrote:
> Am 09.02.14 12:46, schrieb Horace:
>> On 2014-02-09 06:39, Leander S. wrote:
>>> Am 09.02.14 12:25, schrieb Horace:
>>>> On 2014-02-09 06:11, Horace wrote:
>>>>> On 2014-02-09 05:59, Leander S. wrote:
>>>>>> Am 09.02.14 11:51, schrieb Horace:
>>>>>>> On 2014-02-09 05:31, Leander S. wrote:
>>>>>>>> Am 09.02.14 10:01, schrieb Horace:
>>>>>>>>> I have also tried valid users = ACCOUNTSAD\"Domain Admins" but 
>>>>>>>>> I still get 'is none, expected a group'? What is the correct 
>>>>>>>>> syntax to providing groups in valid users field??
>>>>>>>> I also wonder ;/
>>>>>>> 
>>>>>>> I have already scoured the Internet and only found similar 
>>>>>>> questions without any defined solutions. So I wonder myself. :/
>>>>>> That was one of my best research results, yet it didn't help. 
>>>>>> Goggle
>>>>>> translate may help wit hlanguage compatibility ;)
>>>>>> 
>>>>>> http://forge.univention.org/bugzilla/show_bug.cgi?id=29553
>>>>> 
>>>>> Thanks but not to helpful, for whatever reason (that Google has
>>>>> changed lately), I can't translate that page :/
>>>> 
>>>> Although, the few English comments that I glance at that I could 
>>>> decipher, is to try with sid. Although this does work, what I can't 
>>>> I understand is what Group Names do not work ?
>>>> 
>>>> [2014/02/09 06:17:22.927279,  3] 
>>>> ../libcli/security/dom_sid.c:209(dom_sid_parse_endp)
>>>>   string_to_sid: SID @Domain Admins is not in a valid format
>>> 
>>> 
>>> 
>>> Well as funny as it may sound, BUT *drumroll*
>>> 
>>> Following combination seems working just fine:
>>> 
>>> write list  = @Groupname
>>> force user  =  Username
>>> 
>>> So, Samba is ABLE to resolve my groupname - it's just not able with
>>> the attribute *valid users* and *force group*. they seem broke?!
>> 
>> I have been working on this for quite awhile now, should a bug report 
>> be reported? In any case, this would probably be a good reference in 
>> case anyone happens to run into this problem.
> Thanks for offering. I would say so, since there is many people
> affected. This is seriuosly affecting the quality of production
> environments where share permissions are set based on group
> memberships.
> 
> Best regards
> Leander S.

No luck with write list = @Groupname, I have to assume it's probably 
because write list don't like group names with spaces. Neither of the 
below work:

write list = @"ACCOUNTSAD\Domain Admins"
write list = @ACCOUNTSAD\"Domain Admins"
write list = @"Domain Admins"

I am going to try:

write list = @"\\ACCOUNTSAD\Domain Admins"


More information about the samba mailing list