[Samba] "force user" option with NT4 domain

Rowland Penny rowlandpenny at googlemail.com
Fri Oct 17 13:24:34 MDT 2014


On 17/10/14 20:15, Bowie Bailey wrote:
> On 10/17/2014 3:07 PM, Rowland Penny wrote:
>> On 17/10/14 19:51, Bowie Bailey wrote:
>>> On 10/17/2014 2:39 PM, Rowland Penny wrote:
>>>> On 17/10/14 19:32, Bowie Bailey wrote:
>>>>> On 10/17/2014 2:25 PM, steve wrote:
>>>>>> On 17/10/14 20:14, Bowie Bailey wrote:
>>>>>>> On 10/17/2014 1:02 PM, steve wrote:
>>>>>>>> On 17/10/14 18:20, Bowie Bailey wrote:
>>>>>>>>       it doesn't make them readable by
>>>>>>>>> whichever user happens to connect unless I also change the
>>>>>>>>> permissions
>>>>>>>>> to 777.
>>>>>>>> What is the acl on the share?
>>>>>>> I have not intentionally set any acls.
>>>>>>>
>>>>>> Sorry mate. We can't guess.
>>>>> Let me be a bit clearer.  I have not set any acls on the files and I
>>>>> do not know how to either set the acls or list them.  If you give me
>>>>> the command to show the acls, I'll take a look.
>>>>>
>>>>> Since I was the one who set up the original file share, there should
>>>>> not be any acls unless they were created automatically in some way.
>>>>>
>>>> OK, make sure that you have the 'attr' package installed and then run
>>>> 'getfacl /home/shares/public/public' , post the output of this 
>>>> command.
>>> # getfacl /home/shares/public/public
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/shares/public/public
>>> # owner: pcguest
>>> # group: pcguest
>>> user::rwx
>>> group::r-x
>>> other::r-x
>>>
>>> I also created a brand new share as a test case with the exact same
>>> results:
>>>
>>> [test]
>>>     path = /home/shares/test
>>>     public = yes
>>>     writeable = yes
>>>     browseable = yes
>>>     force user = pcguest
>>>
>>> # getfacl /home/shares/test
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/shares/test
>>> # owner: pcguest
>>> # group: pcguest
>>> user::rwx
>>> group::rwx
>>> other::rwx
>>>
>>> It doesn't seem to be related to file permissions.  If the permissions
>>> are wrong, I get "access denied".  I only see the error about the
>>> security ID structure when the I add the "force user" option to the
>>> share.
>>>
>> Can you please post your smb.conf so that we can see what you are
>> authenticating to and how.
>
> I noticed that there were some fixes for "force user" problems in 
> Samba 4.1.6.  CentOS 7 is still providing 4.1.1.  Could that be the 
> issue?  I am investigating alternate sources for a newer package.
>
It could be, what OS are you using and in the mean time please post your 
smb.conf.

Rowland


More information about the samba mailing list