[Samba] "force user" option with NT4 domain
Bowie Bailey
Bowie_Bailey at BUC.com
Fri Oct 17 13:38:03 MDT 2014
On 10/17/2014 3:24 PM, Rowland Penny wrote:
> On 17/10/14 20:15, Bowie Bailey wrote:
>>
>> I noticed that there were some fixes for "force user" problems in
>> Samba 4.1.6. CentOS 7 is still providing 4.1.1. Could that be the
>> issue? I am investigating alternate sources for a newer package.
>>
> It could be, what OS are you using and in the mean time please post your
> smb.conf.
The OS is CentOS 7. I currently have it set with "security = user" for
testing. Once I get it working, it will need to be "security = domain"
and connected to an NT domain. Either way, the problem was exactly the
same.
Normally, I connect to the shares from a Windows box. If I connect from
linux with smbclient, I see this error:
tree connect failed: NT_STATUS_INVALID_SID
If I remove the "force user" option, the error goes away and I get
access to the share.
Here is the smb.conf. I have edited out a bunch of share definitions
that do not relate to this discussion.
[global]
workgroup = BUCINTL
server string = Network Storage Server
netbios name = BNIFSTORE2
hosts allow = 10.8.0. 172.16. except 172.16.17.
hosts deny = 172.16.17.
log file = /var/log/samba/log.%m
max log size = 5000
log level = 1
security = user
passdb backend = tdbsam
domain master = no
local master = no
preferred master = no
wins support = no
wins server = 172.16.1.12
dns proxy = no
[homes]
comment = Home Directories
path = /home/shares/private/%S
browseable = no
writable = yes
create mask = 600
directory mask = 700
valid users = %S
[public]
comment = Public Share
path = /home/shares/public/public
public = yes
guest ok = yes
only guest = yes
writeable = yes
browsable = yes
printable = no
[test]
path = /home/shares/test
public = yes
writeable = yes
browseable = yes
force user = bowieb, pcguest
valid users = bowieb
--
Bowie
More information about the samba
mailing list